![[tokkee]](http://tokkee.org/images/avatar.png){kind=avatar}
diff --git a/gosa-core/plugins/admin/groups/class_groupGeneric.inc b/gosa-core/plugins/admin/groups/class_groupGeneric.inc
index eed50c61da55b8e197849ed55c5eea10f01626ad..82fed9121cd643897cd8e792d3c03b617c865e1d 100644 (file)
<?php
+/*
+ * This code is part of GOsa (http://www.gosa-project.org)
+ * Copyright (C) 2003-2008 GONICUS GmbH
+ *
+ * ID: $$Id$$
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ */
class group extends plugin
{
var $fon_group= FALSE;
var $smbgroup= FALSE;
var $groupType= FALSE;
- var $samba3= FALSE;
var $sambaSID= "";
var $sambaDomainName= "DEFAULT";
var $SID= "";
var $oldgroupType= "";
var $orig_dn= "";
var $orig_cn= "";
+ var $orig_base= "";
var $has_mailAccount= FALSE;
var $group_dialog= FALSE;
var $nagios_group =FALSE;
var $view_logged = FALSE;
var $allowGroupsWithSameNameInOtherSubtrees = true;
+ /* Trustmodel/AccessTo
+ */
+ var $accessTo= array();
+ var $trustModel= "";
+ var $show_ws_dialog = FALSE;
+
/* attribute list for save action */
- var $attributes= array("cn", "description", "gidNumber","memberUid","sambaGroupType","sambaSID");
+ var $attributes= array("cn", "description", "gidNumber","memberUid","sambaGroupType","sambaSID","accessTo","trustModel");
var $objectclasses= array("top", "posixGroup");
var $CopyPasteVars = array("force_gid","fon_group","smbgroup","groupType","sambaSID","sambaDomainName","SID","nagios_group","sambaGroupType");
function group (&$config, $dn= NULL)
{
/* Set rfc2307bis flag */
- if (isset($config->current['RFC2307BIS']) && ($config->current['RFC2307BIS']== "true")){
+ if ($config->get_cfg_value("rfc2307bis") == "true"){
$this->rfc2307bis= TRUE;
$this->attributes[]= "member";
$this->objectclasses[]= "groupOfNames";
plugin::plugin ($config, $dn);
/* Load attributes depending on the samba version */
- $this->samba3= ($config->current['SAMBAVERSION'] == 3);
$this->orig_dn= $dn;
$this->orig_cn= $this->cn;
}
/* Get samba Domain in case of samba 3 */
- if ($this->samba3 && $this->sambaSID != ""){
+ if ($this->sambaSID != ""){
$this->SID= preg_replace ("/-[^-]+$/", "", $this->sambaSID);
$ldap= $this->config->get_ldap_link();
$ldap->cd($this->config->current['BASE']);
$ldap->search ("(&(objectClass=sambaDomain)(sambaSID=$this->SID))",array("sambaAlgorithmicRidBase"));
if ($ldap->count() != 0){
$attrs= $ldap->fetch();
- $this->ridBase= $attrs['sambaAlgorithmicRidBase'][0];
+ if(isset($attrs['sambaAlgorithmicRidBase'])){
+ $this->ridBase= $attrs['sambaAlgorithmicRidBase'][0];
+ } else {
+ $this->ridBase= $this->config->get_cfg_value("sambaRidBase");
+ }
/* Get domain name for SID */
$this->sambaDomainName= "DEFAULT";
}
}
} else {
- if (isset($this->config->current['RIDBASE'])){
+ if ($this->config->get_cfg_value("sambaRidBase") != ""){
$this->sambaDomainName= "DEFAULT";
- $this->ridBase= $this->config->current['RIDBASE'];
- $this->SID= $this->config->current['SID'];
+ $this->ridBase= $this->config->get_cfg_value("sambaRidBase");
+ $this->SID= $this->config->get_cfg_value("sid");
} else {
msg_dialog::display(_("Configuration error"), _("Cannot find group SID in your configuration!"), ERROR_DIALOG);
}
} else {
/* Get object base */
- $this->base =preg_replace ("/^[^,]+,".normalizePreg(get_groups_ou())."/","",$this->dn);
+ $this->base =preg_replace ("/^[^,]+,".preg_quote(get_groups_ou(), '/')."/i","",$this->dn);
+ }
+ $this->orig_base = $this->base;
+
+ /* Is this account a trustAccount? */
+ if (isset($this->attrs['trustModel'])){
+ $this->trustModel= $this->attrs['trustModel'][0];
+ $this->was_trust_account= TRUE;
+ } else {
+ $this->was_trust_account= FALSE;
+ $this->trustModel= "";
+ }
+
+ $this->accessTo = array();
+ if (isset($this->attrs['accessTo'])){
+ for ($i= 0; $i<$this->attrs['accessTo']['count']; $i++){
+ $tmp= $this->attrs['accessTo'][$i];
+ $this->accessTo[$tmp]= $tmp;
+ }
+ }
+
+ /* Get global filter config */
+ if (!session::is_set("sysfilter")){
+ $ui= get_userinfo();
+ $base= get_base_from_people($ui->dn);
+ $sysfilter= array( "depselect" => $base,
+ "regex" => "*");
+ session::set("sysfilter", $sysfilter);
}
/* This is always an account */
$this->is_account= TRUE;
- $this->reload();
+ $this->reload(TRUE);
}
function execute()
/* Do we represent a valid group? */
if (!$this->is_account && $this->parent === NULL){
- $display= "<img alt=\"\" src=\"images/stop.png\" align=\"middle\"> <b>".
- _("This 'dn' is no group.")."</b>";
+ $display= "<img alt=\"\" src=\"images/small-error.png\" align=\"middle\"> <b>".msgPool::noValidExtension()."</b>";
return ($display);
}
/* Delete user from group */
- if (isset($_POST['del_users']) && isset($_POST['members'])){
+ if (isset($_POST['del_users']) && isset($_POST['members']) && preg_match("/w/",$this->getacl("memberUid"))){
foreach ($_POST['members'] as $value){
unset ($this->members["$value"]);
$this->removeUser($value);
}
/* Add objects? */
- if (isset($_POST["edit_membership"])){
+ if (isset($_POST["edit_membership"]) && preg_match("/w/",$this->getacl("memberUid"))){
$this->group_dialog= TRUE;
$this->dialog= TRUE;
}
/* Base select dialog */
$once = true;
foreach($_POST as $name => $value){
- if((preg_match("/^chooseBase/",$name) && $once) && ($this->acl_is_moveable())){
+ if((preg_match("/^chooseBase/",$name) && $once) && $this->acl_is_writeable("base")){
$once = false;
$this->dialog = new baseSelectDialog($this->config,$this,$this->get_allowed_bases());
}
}
- /* Assign templating stuff */
+
+ /* Add user workstation? */
+ if (isset($_POST["add_ws"])){
+ $this->show_ws_dialog= TRUE;
+ $this->dialog= TRUE;
+ }
+
+ /* Add user workstation? */
+ if (isset($_POST["add_ws_finish"]) && isset($_POST['wslist'])){
+ foreach($_POST['wslist'] as $ws){
+ $this->accessTo[$ws]= $ws;
+ }
+ ksort($this->accessTo);
+ $this->is_modified= TRUE;
+ }
+
+ /* Remove user workstations? */
+ if (isset($_POST["delete_ws"]) && isset($_POST['workstation_list'])){
+ foreach($_POST['workstation_list'] as $name){
+ unset ($this->accessTo[$name]);
+ }
+ $this->is_modified= TRUE;
+ }
+
+ /* Add user workstation finished? */
+ if (isset($_POST["add_ws_finish"]) || isset($_POST["add_ws_cancel"])){
+ $this->show_ws_dialog= FALSE;
+ $this->dialog= FALSE;
+ }
+
$smarty= get_smarty();
- if ($this->samba3){
- $smarty->assign("samba3", "true");
- } else {
- $smarty->assign("samba3", "");
+
+ /* Show ws dialog */
+ if ($this->show_ws_dialog){
+
+ /* Save data */
+ $sysfilter= session::get("sysfilter");
+ foreach( array("depselect", "regex") as $type){
+ if (isset($_POST[$type])){
+ $sysfilter[$type]= $_POST[$type];
+ }
+ }
+ if (isset($_GET['search'])){
+ $s= mb_substr($_GET['search'], 0, 1, "UTF8")."*";
+ if ($s == "**"){
+ $s= "*";
+ }
+ $sysfilter['regex']= $s;
+ }
+ session::set("sysfilter", $sysfilter);
+
+ /* Get workstation list */
+ $exclude= "";
+ foreach($this->accessTo as $ws){
+ $exclude.= "(cn=$ws)";
+ }
+ if ($exclude != ""){
+ $exclude= "(!(|$exclude))";
+ }
+ $regex= $sysfilter['regex'];
+
+ /* Search for systems
+ */
+ $types = array();
+ $types['server'] = array("OU" => get_ou("serverRDN"), "OC" => "(objectClass=goServer)");
+ $types['workstation'] = array("OU" => get_ou("workstationRDN"),"OC" => "(objectClass=gotoWorkstation)");
+ $types['terminal'] = array("OU" => get_ou("terminalRDN"), "OC" => "(objectClass=gotoTerminal)");
+
+ $res = array();
+ foreach($types as $acl => $data){
+ $filter= "(&".$data['OC']."$exclude(cn=$regex))";
+ $res= array_merge($res,get_sub_list($filter,array($acl),$data['OU'],get_ou("systemRDN").$sysfilter['depselect'],
+ array("cn"), GL_SUBSEARCH | GL_SIZELIMIT));
+ }
+ $wslist = array();
+ foreach ($res as $attrs){
+ $wslist[]= preg_replace('/\$/', '', $attrs['cn'][0]);
+ }
+
+ asort($wslist);
+ $smarty->assign("search_image", get_template_path('images/lists/search.png'));
+ $smarty->assign("launchimage", get_template_path('images/lists/action.png'));
+ $smarty->assign("tree_image", get_template_path('images/lists/search-subtree.png'));
+ $smarty->assign("deplist", $this->config->idepartments);
+ $smarty->assign("alphabet", generate_alphabet());
+ foreach( array("depselect", "regex") as $type){
+ $smarty->assign("$type", $sysfilter[$type]);
+ }
+ $smarty->assign("hint", print_sizelimit_warning());
+ $smarty->assign("wslist", $wslist);
+ $smarty->assign("apply", apply_filter());
+ $display= $smarty->fetch (get_template_path('trust_machines.tpl', TRUE, dirname(__FILE__)));
+ return ($display);
}
if($this->config->search("nagiosaccount", "CLASS",array('menu'))){
$this->reload();
/* Show dialog */
- $smarty->assign("search_image", get_template_path('images/search.png'));
- $smarty->assign("launchimage", get_template_path('images/small_filter.png'));
- $smarty->assign("tree_image", get_template_path('images/tree.png'));
-
- $smarty->assign("deplist", $this->get_allowed_bases("users/user"));
+ $smarty->assign("search_image", get_template_path('images/lists/search.png'));
+ $smarty->assign("launchimage", get_template_path('images/lists/action.png'));
+ $smarty->assign("tree_image", get_template_path('images/lists/search-subtree.png'));
+ $ui = get_userinfo();
+ $tmp = $ui->get_module_departments("users");
+ $deps = array();
+ foreach($this->config->idepartments as $dn => $name){
+ if(in_array($dn,$tmp)){
+ $deps[$dn] = $name;
+ }
+ }
+
+ $smarty->assign("deplist", $deps);
$smarty->assign("alphabet", generate_alphabet());
foreach( array("dselect", "regex","SubSearchGroup") as $type){
$smarty->assign("$type", $gufilter[$type]);
$smarty->assign("bases", $this->get_allowed_bases());
$smarty->assign("base_select", $this->base);
- if ($this->samba3){
- $domains= array();
- foreach($this->config->data['SERVERS']['SAMBA'] as $name => $content){
- $domains[$name]= $name;
- }
- $smarty->assign("sambaDomains", $domains);
- $smarty->assign("sambaDomainName", $this->sambaDomainName);
- $groupTypes= array(0 => _("Samba group"), 512 => _("Domain admins"), 513 => _("Domain users"),
- 514 => _("Domain guests"));
-
- /* Don't loose special groups! If not key'ed above, add it to
- the combo box... */
- if ($this->groupType >= 500 && $this->groupType <= 553 && !isset($groupTypes[$this->groupType])){
- $groupTypes[$this->groupType]= sprintf(_("Special group (%d)"), $this->groupType);
- }
+ $domains= array();
+ foreach($this->config->data['SERVERS']['SAMBA'] as $name => $content){
+ $domains[$name]= $name;
+ }
+ $smarty->assign("sambaDomains", $domains);
+ $smarty->assign("sambaDomainName", $this->sambaDomainName);
+ $groupTypes= array(0 => _("Samba group"), 512 => _("Domain admins"), 513 => _("Domain users"),
+ 514 => _("Domain guests"));
- $smarty->assign("groupTypes", $groupTypes);
- $smarty->assign("groupType", $this->groupType);
+ /* Don't loose special groups! If not key'ed above, add it to
+ the combo box... */
+ if ($this->groupType >= 500 && $this->groupType <= 553 && !isset($groupTypes[$this->groupType])){
+ $groupTypes[$this->groupType]= sprintf(_("Special group (%d)"), $this->groupType);
}
+ $smarty->assign("groupTypes", $groupTypes);
+ $smarty->assign("groupType", $this->groupType);
+
+
/* Members and users */
$smarty->assign("members", $this->members);
+ /* Work on trust modes */
+ $smarty->assign("trusthide", " disabled ");
+ $smarty->assign("trustmodeACL", $this->getacl("trustModel"));
+ if ($this->trustModel == "fullaccess"){
+ $trustmode= 1;
+ // pervent double disable tag in html code, this will disturb our clean w3c html
+ $smarty->assign("trustmode", $this->getacl("trustModel"));
+
+ } elseif ($this->trustModel == "byhost"){
+ $trustmode= 2;
+ $smarty->assign("trusthide", "");
+ } else {
+ // pervent double disable tag in html code, this will disturb our clean w3c html
+ $smarty->assign("trustmode", $this->getacl("trustModel"));
+ $trustmode= 0;
+ }
+ $smarty->assign("trustmode", $trustmode);
+ $smarty->assign("trustmodes", array( 0 => _("disabled"), 1 => _("full access"),
+ 2 => _("allow access to these hosts")));
+
+ if((count($this->accessTo))==0){
+ $smarty->assign("emptyArrAccess",true);
+ } else{
+ $smarty->assign("emptyArrAccess",false);
+
+ }
+
+ $smarty->assign("workstations", $this->accessTo);
+
+
+
/* Checkboxes */
foreach (array("force_gid", "smbgroup") as $val){
if ($this->$val == "1"){
/* Show main page */
$smarty->assign("alphabet", generate_alphabet(10));
- $smarty->assign("search_image", get_template_path('images/search.png'));
- $smarty->assign("launchimage", get_template_path('images/small_filter.png'));
- $smarty->assign("tree_image", get_template_path('images/tree.png'));
+ $smarty->assign("search_image", get_template_path('images/lists/search.png'));
+ $smarty->assign("launchimage", get_template_path('images/lists/action.png'));
+ $smarty->assign("tree_image", get_template_path('images/lists/search-subtree.png'));
$smarty->assign("deplist", $this->config->idepartments);
/* Multiple edit handling */
$smarty->assign("use_".$val,FALSE);
}
}
- foreach(array("base","smbgroup","groupType","sambaDomainName","fon_group") as $val){
+ foreach(array("base","smbgroup","groupType","sambaDomainName","fon_group","nagios_group","trustmode") as $val){
if(in_array($val,$this->multi_boxes)){
$smarty->assign("use_".$val,TRUE);
}else{
}
}
+ /* Ensure that the requested object is known to the group class
+ */
+ if(!isset($this->dnMapping[$uid])){
+ $ldap = $this->config->get_ldap_link();
+ $ldap->cd($this->config->current['BASE']);
+ $ldap->search("(&(objectClass=gosaAccount)(uid=".$uid."))",array("dn", "uid","sn","givenName"));
+ if($ldap->count() == 0 ){
+ msg_dialog::display(_("Error"),
+ sprintf(_("Adding UID '%s' to group '%s' failed: cannot find user object!"),
+ $uid,$this->cn),
+ ERROR_DIALOG);
+ return;
+ }elseif($ldap->count() >= 2){
+ msg_dialog::display(_("Error"),
+ sprintf(_("Add UID '%s' to group '%s' failed: UID is used more than once!"),
+ $uid,$this->cn),
+ ERROR_DIALOG);
+ return;
+ }else{
+ while($attrs = $ldap->fetch()){
+ $this->dnMapping[$attrs['uid'][0]] = $attrs['dn'];
+ $this->members[$attrs['uid'][0]] = $this->createResultName($attrs);
+ $this->allusers[$attrs['uid'][0]]= $this->createResultName($attrs);
+ }
+ }
+ }
+
$this->memberUid[$uid]= $uid;
}
}
/* Reload data */
- function reload()
+ function reload($silent = FALSE)
{
/* Fix regex string */
$gufilter = session::get("gufilter");
to be prepared when adding/deleting users)
*/
$filter = "";
- foreach ($this->memberUid as $value){
- if(!isset($this->members[$value])){
- $filter .= "(uid=".normalizeLdap($value).")";
+ if ($this->config->get_cfg_value("ldapFilterNestingLimit") == "" ||
+ count($this->memberUid) < $this->config->get_cfg_value("ldapFilterNestingLimit")){
+ foreach ($this->memberUid as $value){
+ if(!isset($this->members[$value])){
+ $filter .= "(uid=".normalizeLdap($value).")";
+ }
}
}
+
if(!empty($filter)){
$ldap->cd($this->config->current['BASE']);
- $ldap->search("(&(objectClass=gosaAccount)(!(objectClass=gosaUserTemplate))(|".$filter."))",array("dn", "uid","sn","givenName"));
+ $ldap->search("(&(objectClass=gosaAccount)(|".$filter."))",array("dn", "uid","sn","givenName"));
while($attrs = $ldap->fetch()){
$this->dnMapping[$attrs['uid'][0]] = $attrs['dn'];
$this->members[$attrs['uid'][0]] = $this->createResultName($attrs);
}
/* check if all uids are resolved */
- foreach ($this->memberUid as $value){
- if(!isset($this->members[$value])){
- $this->members[$value] = _("! unknown id")." [".$value."]";
- }
- }
+ if ($this->config->get_cfg_value("ldapFilterNestingLimit") == "" ||
+ count($this->memberUid) < $this->config->get_cfg_value("ldapFilterNestingLimit")){
+ foreach ($this->memberUid as $value){
+ if(!isset($this->members[$value])){
+ $this->members[$value] = _("! unknown UID")." [".$value."]";
+ }
+ }
+ }else{
+ foreach ($this->memberUid as $value){
+ $this->members[$value] = $value;
+ }
+ }
/* Create display list of users matching regex & filter
*/
}
/* If more than max users are found, display a message to warn the user */
- if($i == $MaxUser){
- msg_dialog::display(_("Configuration error"), sprintf(_("Search returned too many results. Not displaying more than %s entries."), $MaxUser), ERROR_DIALOG);
+ if($i == $MaxUser && !$silent){
+ msg_dialog::display(_("Configuration error"), sprintf(_("Search returned too many results. Not displaying more than %s entries!"), $MaxUser), ERROR_DIALOG);
}
/* Sort lists */
$ldap= $this->config->get_ldap_link();
$ldap->rmdir($this->dn);
- show_ldap_error($ldap->get_error(), sprintf(_("Removing of groups/generic with dn '%s' failed."),$this->dn));
+ if (!$ldap->success()){
+ msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap->get_error(), $this->dn, LDAP_DEL, get_class()));
+ }
new log("remove","groups/".get_class($this),$this->dn,array_keys($this->attrs),$ldap->get_error());
}
}
}
- $acl -> save();
+ $acl->save();
}
- /* Remove ACL dependencies too,
- */
- $tmp = new acl($this->config,$this->parent,$this->dn);
- $tmp->remove_acl();
+ /* Remove ACL dependencies, too */
+ acl::remove_acl_for($this->dn);
/* Send signal to the world that we've done */
$this->handle_post_events("remove");
}
/* Save sambaDomain attribute */
- if ($this->acl_is_writeable("sambaDomainName") && $this->samba3 && isset ($_POST['sambaDomainName'])){
+ if ($this->acl_is_writeable("sambaDomainName") && isset ($_POST['sambaDomainName'])){
$this->sambaDomainName= $_POST['sambaDomainName'];
$this->groupType= $_POST['groupType'];
}
/* Save fon attribute */
- if ($this->acl_is_writeable("fon_group")){
+ if ($this->acl_is_writeable("fonGroup")){
if (isset ($_POST['fon_group'])){
$this->fon_group= TRUE;
} else {
$this->fon_group= FALSE;
}
}
- if ($this->acl_is_writeable("nagios_group")){
+ if ($this->acl_is_writeable("nagiosGroup")){
if (isset ($_POST['nagios_group'])){
$this->nagios_group= TRUE;
} else {
}
}
}
+
+ /* Trust mode - special handling */
+ if($this->acl_is_writeable("trustModel")){
+ if (isset($_POST['trustmode'])){
+ $saved= $this->trustModel;
+ if ($_POST['trustmode'] == "1"){
+ $this->trustModel= "fullaccess";
+ } elseif ($_POST['trustmode'] == "2"){
+ $this->trustModel= "byhost";
+ } else {
+ $this->trustModel= "";
+ }
+ if ($this->trustModel != $saved){
+ $this->is_modified= TRUE;
+ }
+ }
+ }
+
}
} else {
/* Calculate new, lock uids */
$wait= 10;
- while (get_lock("uidnumber") != ""){
+ while (get_lock("gidnumber") != ""){
sleep (1);
/* timed out? */
break;
}
}
- add_lock ("uidnumber", "gosa");
- $this->gidNumber= $this->get_next_id("gidNumber", $this->dn);
+ add_lock ("gidnumber", "gosa");
+ $this->gidNumber= get_next_id("gidNumber", $this->dn);
}
}
plugin::save();
+ /* Trust accounts */
+ $objectclasses= array();
+ foreach ($this->attrs['objectClass'] as $key => $class){
+ if (preg_match('/trustAccount/i', $class)){
+ continue;
+ }
+ $objectclasses[]= $this->attrs['objectClass'][$key];
+ }
+ $this->attrs['objectClass']= $objectclasses;
+ if ($this->trustModel != ""){
+ $this->attrs['objectClass'][]= "trustAccount";
+ $this->attrs['trustModel']= $this->trustModel;
+ $this->attrs['accessTo']= array();
+ if ($this->trustModel == "byhost"){
+ foreach ($this->accessTo as $host){
+ $this->attrs['accessTo'][]= $host;
+ }
+ }
+ } else {
+ if ($this->was_trust_account){
+ $this->attrs['accessTo']= array();
+ $this->attrs['trustModel']= array();
+ }
+ }
+
+
+
/* Remove objectClass for samba/phone support */
$tmp= array();
for ($i= 0; $i<count($this->attrs["objectClass"]); $i++){
$ldap= $this->config->get_ldap_link();
/* Add samba group functionality */
- if ($this->samba3 && $this->smbgroup){
+ if ($this->smbgroup){
/* Fixed undefined index ...
*/
/* User wants me to fake the idMappings? This is useful for
making winbind resolve the group names in a reasonable amount
of time in combination with larger databases. */
- if (isset($this->config->current['SAMBAIDMAPPING']) &&
- preg_match('/true/i', $this->config->current['SAMBAIDMAPPING'])){
+ if ($this->config->get_cfg_value("sambaidmapping") == "true"){
$this->attrs['objectClass'][]= "sambaIdmapEntry";
}
/* Add member dn's for RFC2307bis Support */
if ($this->rfc2307bis){
+ $this->attrs['member'] = array();
if (count($this->memberUid)){
- $this->attrs['member'] = array();
foreach($this->attrs['memberUid'] as $uid) {
- $this->attrs['member'][]= $this->dnMapping[$uid];
+
+ if(isset($this->dnMapping[$uid])){
+ $this->attrs['member'][]= $this->dnMapping[$uid];
+ }
}
} else {
$this->attrs['member'][]= $this->dn;
if (!count ($this->memberUid)){
$this->attrs['memberUid']= array();
}
- if ($this->samba3){
- if (!$this->smbgroup){
- $this->attrs['sambaGroupType']= array();
- $this->attrs['sambaSID']= array();
- }
+ if (!$this->smbgroup){
+ $this->attrs['sambaGroupType']= array();
+ $this->attrs['sambaSID']= array();
}
+
$mode= "modify";
} else {
$mode= "add";
$ldap->create_missing_trees(preg_replace('/^[^,]+,/', '', $this->dn));
}
+
+ /* Check generated gidNumber, it may be used by another group.
+ */
+ if($this->gidNumber != ""){
+ $ldap->cd($this->config->current['BASE']);
+ $ldap->search("(&(!(cn=".$this->orig_cn."))(objectClass=posixGroup)(gidNumber=".$this->gidNumber."))",array("cn"));
+ if($ldap->count()){
+ $cns = "";
+ while($attrs = $ldap->fetch()){
+ $cns .= $attrs['cn'][0].", ";
+ }
+ $cns = rtrim($cns,", ");
+ msg_dialog::display(_("Warning"),sprintf(_("The gidNumber '%s' is already in use by %s!"),$this->gidNumber,$cns) , WARNING_DIALOG );
+ }
+ }
+
/* Write back to ldap */
$ldap->cd($this->dn);
$this->cleanup();
}
$ret= 0;
- if ( show_ldap_error($ldap->get_error(), sprintf(_("Removing of groups/generic with dn '%s' failed."),$this->dn))){
+ if (!$ldap->success()){
+ msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap->get_error(), $this->dn, 0, get_class()));
$ret= 1;
}
/* Remove uid lock */
- del_lock ("uidnumber");
+ del_lock ("gidnumber");
/* Post that we've done*/
$this->handle_post_events($mode);
/* must: cn */
if ($this->cn == "" && $this->acl_is_writeable("cn")){
- $message[]= "The required field 'Name' is not set.";
+ $message[]= msgPool::required(_("Name"));
}
/* Check for valid input */
if (!tests::is_uid($this->cn)){
- $message[]= _("The field 'Name' contains invalid characters. Lowercase, numbers and dashes are allowed.");
+ if (strict_uid_mode()){
+ $message[]= msgPool::invalid(_("Name"), $this->cn, "/[a-z0-9_-]/");
+ } else {
+ $message[]= msgPool::invalid(_("Name"), $this->cn, "/[a-z0-9_-]/i");
+ }
}
if($this->allowGroupsWithSameNameInOtherSubtrees == true){
$ldap->cd(get_groups_ou().$this->base);
$ldap->ls("(&(|(objectClass=gosaGroupOfNames)(objectClass=posixGroup))(cn=$this->cn))",get_groups_ou().$this->base,array("cn"));
if ($ldap->count() != 0){
- $message[]= _("Value specified as 'Name' is already used.");
+ $message[]= msgPool::duplicated(_("Name"));
}
}
/* New entry? */
if ($this->dn == 'new'){
- $message[]= _("Value specified as 'Name' is already used.");
+ $message[]= msgPool::duplicated(_("Name"));
}
/* Moved? */
elseif ($new_dn != $this->orig_dn){
$ldap->fetch();
if ($ldap->getDN() != $this->orig_dn){
- $message[]= _("Value specified as 'Name' is already used.");
+ $message[]= msgPool::duplicated(_("Name"));
}
}
}
/* Check ID */
if ($this->force_gid == "1"){
if (!tests::is_id($this->gidNumber)){
- $message[]= _("Value specified as 'GID' is not valid.");
+ $message[]= msgPool::invalid(_("GID"), $this->gidNumber, "/[0-9]/");
} else {
- if ($this->gidNumber < $this->config->current['MINID']){
- $message[]= _("Value specified as 'GID' is too small.");
+ if ($this->gidNumber < $this->config->get_cfg_value("minId")){
+ $message[]= msgPool::toosmall(_("GID"), $this->config->get_cfg_value("minId"));
}
}
}
-
- return ($message);
- }
-
- function get_next_id($attrib, $dn)
- {
- $ids= array();
- $ldap= $this->config->get_ldap_link();
-
- $ldap->cd ($this->config->current['BASE']);
- if (preg_match('/gidNumber/i', $attrib)){
- $oc= "posixGroup";
- } else {
- $oc= "posixAccount";
- }
- $ldap->search ("(&(objectClass=$oc)($attrib=*))", array("$attrib"));
-
- /* Get list of ids */
- while ($attrs= $ldap->fetch()){
- $ids[]= (int)$attrs["$attrib"][0];
- }
-
- /* Find out next free id near to UID_BASE */
- if (!isset($this->config->current['BASE_HOOK'])){
- $base= $this->config->current['UIDBASE'];
- } else {
- /* Call base hook */
- $base= get_base_from_hook($dn, $attrib);
- }
- for ($id= $base; $id++; $id < pow(2,32)){
- if (!in_array($id, $ids)){
- return ($id);
+
+ /* Check if we are allowed to create or move this object
+ */
+ if(!$this->orig_dn == "new" ||
+ $this->orig_base != $this->base ||
+ $this->cn != $this->orig_cn){
+
+ if($this->orig_dn == "new" && !$this->acl_is_createable($this->base)){
+ $message[] = msgPool::permCreate();
+ }elseif($this->orig_dn != "new" && !$this->acl_is_moveable($this->base)){
+ $message[] = msgPool::permMove();
}
}
- /* Check if id reached maximum */
- if ($id >= pow(2,32)){
- msg_dialog::display(_("Error"), _("Cannot allocate a free ID!"), ERROR_DIALOG);
- exit;
- }
+ return ($message);
}
+
function getCopyDialog()
{
$vars = array("cn");
"plSelfModify" => FALSE,
"plDepends" => array(),
"plPriority" => 0,
- "plSection" => array("admin"),
+ "plSection" => array("administration"),
"plCategory" => array("groups" => array("objectClass" => "posixGroup", "description" => _("Groups"))),
"plProvidedAcls" => array(
"cn" => _("Name"),
- "base" => _("Base"),
"description" => _("Description"),
-
- "fonGroup" => _("Phone pickup group"),
- "nagiosGroup" => _("Nagios group"),
+ "base" => _("Base"),
"gidNumber" => _("GID"),
- "memberUid" => _("Group member"),
+
"sambaGroupType" => _("Samba group type"),
"sambaDomainName" => _("Samba domain name"),
- "sambaSID" => _("Samba SID"))
+ "trustModel" => _("System trust"),
+ "fonGroup" => _("Phone pickup group"),
+ "nagiosGroup" => _("Nagios group"),
+
+ "memberUid" => _("Group member"))
));
}
plugin::save_object();
$this->base = $base_tmp;
- foreach(array("base","smbgroup","groupType","sambaDomainName","fon_group") as $attr){
+ foreach(array("base","smbgroup","groupType","sambaDomainName","fon_group","nagios_group","trustmode") as $attr){
if(isset($_POST['use_'.$attr])){
$this->multi_boxes[] = $attr;
}
}
}
- foreach (array( "smbgroup" => "sambaGroupType") as $val => $aclname) {
+ foreach (array( "smbgroup" => "sambaGroupType" ,"nagios_group" => "nagios_group") as $val => $aclname) {
if ($this->acl_is_writeable($aclname)){
if(isset($_POST["$val"])){
$this->$val= TRUE;
}
/* Save sambaDomain attribute */
- if ($this->acl_is_writeable("sambaDomainName") && $this->samba3 && isset ($_POST['sambaDomainName'])){
+ if ($this->acl_is_writeable("sambaDomainName") && isset ($_POST['sambaDomainName'])){
$this->sambaDomainName= $_POST['sambaDomainName'];
$this->groupType= $_POST['groupType'];
}
+ /* Trust mode - special handling */
+ if($this->acl_is_writeable("trustModel")){
+ if (isset($_POST['trustmode'])){
+ $saved= $this->trustModel;
+ if ($_POST['trustmode'] == "1"){
+ $this->trustModel= "fullaccess";
+ } elseif ($_POST['trustmode'] == "2"){
+ $this->trustModel= "byhost";
+ } else {
+ $this->trustModel= "";
+ }
+ if ($this->trustModel != $saved){
+ $this->is_modified= TRUE;
+ }
+ }
+ }
+
/* Save fon attribute */
- if ($this->acl_is_writeable("fon_group")){
+ if ($this->acl_is_writeable("fonGroup")){
if (isset ($_POST['fon_group'])){
$this->fon_group= TRUE;
} else {
{
$ret = plugin::get_multi_edit_values();
- foreach(array("base","smbgroup","groupType","sambaDomainName","fon_group") as $attr){
+ foreach(array("base","smbgroup","groupType","sambaDomainName","fon_group","nagios_group") as $attr){
if(in_array($attr,$this->multi_boxes)){
$ret[$attr] = $this->$attr;
}
}
+
+ if(in_array("trustmode",$this->multi_boxes)){
+ $ret['trustModel'] = $this->trustModel;
+ $ret['accessTo'] = $this->accessTo;
+ }
+
$ret['memberUid'] = $this->memberUid;
$ret['memberUid_used_by_some'] = $this->memberUid_used_by_some;
return($ret);
}
}
+
+ function PrepareForCopyPaste($source)
+ {
+ plugin::PrepareForCopyPaste($source);
+
+ $this->memberUid = array();
+ if(isset($source['memberUid'])){
+ for($i = 0 ; $i < $source['memberUid']['count']; $i ++){
+ $this->memberUid[] = $source['memberUid'][$i];
+ }
+ }
+ $this->accessTo = array();
+ if (isset($source['accessTo'])){
+ for ($i= 0; $i<$source['accessTo']['count']; $i++){
+ $tmp= $source['accessTo'][$i];
+ $this->accessTo[$tmp]= $tmp;
+ }
+ }
+ }
+
+
function set_multi_edit_values($attrs)
{
$users = array();
plugin::set_multi_edit_values($attrs);
$this->memberUid = $users;
}
-
-
}
-
// vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
?>