![[tokkee]](http://tokkee.org/images/avatar.png){kind=avatar}
diff --git a/gosa-plugins/systems/admin/systems/class_systemManagement.inc b/gosa-plugins/systems/admin/systems/class_systemManagement.inc
index 6adc26b4041b07a469d7e61e6f9ee538a3eae15b..43af7119741498a082c4885cef4a66dfc60c6a33 100644 (file)
$this->systab->by_object[$tabname]->base = $this->DivListSystem->selectedBase;
$this->systab->base = $this->DivListSystem->selectedBase;
}else{
- print_red(msgPool::permCreate());
+ msg_dialog::display(_("Error"), msgPool::permCreate(), ERROR_DIALOG);
}
}
}
session::set('objectinfo',$this->dn);
add_lock ($this->dn, $this->ui->dn);
}else{
- print_red (_("You can't edit this object type yet!"));
+ msg_dialog::display(_("Error"), _("Editing this type of object is not supported yet!"), ERROR_DIALOG);
del_lock($this->dn);
}
}
/* Set terminals root password */
if ($s_action=="change_pw"){
$tabs = array(
- "terminal" => array("CLASS"=>"TERMTABS", "TABNAME"=>"termgeneric", "TABCLASS" =>"termtabs", "ACL"=> "terminal"),
- "workstation" => array("CLASS"=>"WORKTABS", "TABNAME"=>"workgeneric", "TABCLASS" =>"worktabs", "ACL"=> "workstation"));
+ "ArpNewDevice"=> array("CLASS"=>"TERMTABS", "TABCLASS" =>"termtabs", "ACL"=> "incoming/systems"),
+ "NewDevice" => array("CLASS"=>"TERMTABS", "TABCLASS" =>"termtabs", "ACL"=> "incoming/systems"),
+ "terminal" => array("CLASS"=>"TERMTABS", "TABCLASS" =>"termtabs", "ACL"=> "terminal/termgeneric"),
+ "workstation" => array("CLASS"=>"WORKTABS", "TABCLASS" =>"worktabs", "ACL"=> "workstation/workgeneric"),
+ "server" => array("CLASS"=>"SERVTABS", "TABCLASS" =>"servtabs", "ACL"=> "server/servgeneric"),
+ "printer" => array("CLASS"=>"PRINTTABS", "TABCLASS" =>"printtabs", "ACL"=> "printer/printgeneric"),
+ "phone" => array("CLASS"=>"PHONETABS", "TABCLASS" =>"phonetabs", "ACL"=> "phone/phoneGeneric"),
+ "winstation" => array("CLASS"=>"WINTABS", "TABCLASS" =>"wintabs", "ACL"=> "winworkstation/wingeneric"),
+ "component" => array("CLASS"=>"COMPONENTTABS","TABCLASS" =>"componenttabs", "ACL"=> "component/componentGeneric"));
+ $dn = $this->terminals[$s_entry]['dn'];
$type = $this->get_system_type($this->terminals[$s_entry]);
+
$class = $tabs[$type]["CLASS"];
- $tabname = $tabs[$type]["TABNAME"];
- $acl_cat = $tabs[$type]["ACL"];
+ $acl = $tabs[$type]["ACL"];
$tabclass = $tabs[$type]["TABCLASS"];
$ui = get_userinfo();
- $tabacl = $ui->get_permissions($this->DivListSystem->selectedBase,$acl_cat."/".$tabname,"gotoRootPasswd");
+ $tabacl = $ui->get_permissions($dn,$acl,"userPassword");
if(preg_match("/w/",$tabacl)){
$this->dn= $this->terminals[$s_entry]['dn'];
session::set('objectinfo',$this->dn);
return ($smarty->fetch(get_template_path('password.tpl', TRUE)));
}else{
- print_red(_("You are not allowed to change the password for this object."));
+ msg_dialog::display(_("Permission error"), _("You have no permission to change this password!"), ERROR_DIALOG);
}
}
/* Correctly specified? */
if (isset($_POST['password_finish'])){
if ($_POST['new_password'] != $_POST['repeated_password']){
- print_red (_("Passwords entered as new and repeated do not match!"));
+ msg_dialog::display(_("Error"), _("The passwords you've entered as 'New password' and 'Repeated password' do not match!"), ERROR_DIALOG);
return($smarty->fetch(get_template_path('password.tpl', TRUE)));
}
}
/* Check if user is allowed to set password */
$tabs = array(
- "terminal" => array("CLASS"=>"TERMTABS", "TABNAME"=>"termgeneric", "TABCLASS" =>"termtabs", "ACL"=> "terminal"),
- "workstation" => array("CLASS"=>"WORKTABS", "TABNAME"=>"workgeneric", "TABCLASS" =>"worktabs", "ACL"=> "workstation"));
+ "terminal" => array("CLASS"=>"TERMTABS", "TABCLASS" =>"termtabs", "ACL"=> "terminal/termgeneric" ,"PLUG"=>"termgeneric"),
+ "workstation" => array("CLASS"=>"WORKTABS", "TABCLASS" =>"worktabs", "ACL"=> "workstation/workgeneric" ,"PLUG"=>"workgeneric"),
+ "server" => array("CLASS"=>"SERVTABS", "TABCLASS" =>"servtabs", "ACL"=> "server/servgeneric" ,"PLUG"=>"servgeneric"),
+ "component" => array("CLASS"=>"COMPONENTTABS","TABCLASS" =>"componenttabs", "ACL"=> "component/componentGeneric","PLUG"=>"componentGeneric"));
/* Detect object type */
$type = "";
foreach($this->terminals as $terminal){
if($terminal['dn'] == $this->dn){
- $type = $this->get_system_type($terminal);
+ $type = $this->get_system_type($terminal);
break;
}
}
/* Type detected */
- if(!empty($type)){
+ $allow_for = array("terminal","workstation","server","component");
+ if(!empty($type) && in_array($type,$allow_for)){
/* Get infos */
+ $plug = $tabs[$type]["PLUG"];
$class = $tabs[$type]["CLASS"];
- $tabname = $tabs[$type]["TABNAME"];
- $acl_cat = $tabs[$type]["ACL"];
+ $acl = $tabs[$type]["ACL"];
$tabclass = $tabs[$type]["TABCLASS"];
/* Get acls */
$ui = get_userinfo();
- $tabacl = $ui->get_permissions($this->DivListSystem->selectedBase,$acl_cat."/".$tabname,"gotoRootPasswd");
+ $tabacl = $ui->get_permissions($this->dn,$acl,"userPassword");
/* Check acls */
if(preg_match("/w/",$tabacl)){
$ldap = $this->config->get_ldap_link();
$ldap->cd($this->dn);
+ $ldap->cat($this->dn);
+ $old_attrs = $ldap->fetch();
$attrs= array();
if ($_POST['new_password'] == ""){
- $attrs['gotoRootPasswd']= array();
+
+ /* Remove password attribute
+ */
+ if(in_array("simpleSecurityObject",$old_attrs['objectClass'])){
+ $attrs['objectClass'] = array();
+ for($i = 0 ; $i < $old_attrs['objectClass']['count'] ; $i ++){
+ if(!preg_match("/simpleSecurityObject/i",$old_attrs['objectClass'][$i])){
+ $attrs['objectClass'][] = $old_attrs['objectClass'][$i];
+ }
+ }
+ }
+ $attrs['userPassword']= array();
} else {
- $attrs['gotoRootPasswd']= crypt($_POST['new_password'],substr(session_id(),0,2));
+
+ /* Add/modify password attribute
+ */
+ if(!in_array("simpleSecurityObject",$old_attrs['objectClass'])){
+ $attrs['objectClass'] = array();
+ for($i = 0 ; $i < $old_attrs['objectClass']['count'] ; $i ++){
+ $attrs['objectClass'][] = $old_attrs['objectClass'][$i];
+ }
+ $attrs['objectClass'][] = "simpleSecurityObject";
+ }
+
+ if(class_available("passwordMethodCrypt")){
+ $pwd_m = new passwordMethodCrypt($this->config);
+ $pwd_m->set_hash("crypt/md5");
+ $attrs['userPassword'] = $pwd_m->generate_hash($_POST['new_password']);
+ }else{
+ msg_dialog::display(_("Password method"),_("Password method crypt is missing. Cannot set system password."));
+ $attrs = array();
+ }
}
$ldap->modify($attrs);
+ if (!$ldap->success()){
+ msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap->get_error(), $this->dn, LDAP_MOD, get_class()));
+ }else{
+ if(class_available($plug)){
+ $p = new $plug($this->config,$this->dn);
+ $p->handle_post_events("modify");
+ }
+ }
+
new log("security","systems/".get_class($this),$this->dn,array_keys($attrs),$ldap->get_error());
}else{
- print_red(_("You are not allowed to change the password for this object."));
+ msg_dialog::display(_("Permission error"), _("You have no permission to change this password!"), ERROR_DIALOG);
}
}else{
- print_red(_("Can't detect object to change password."));
+ msg_dialog::display(_("Error"), _("Cannot determine object to change password!"), ERROR_DIALOG);
}
session::un_set('objectinfo');
}
}
$events = DaemonEvent::get_event_types(SYSTEM_EVENT);
$type = preg_replace("/^[a-z]*_event_/","",$s_action);
+ $o_queue = new gosaSupportDaemon();
+
+ /* Skip installation or update trigerred events,
+ * if this entry is currently processing.
+ */
+ if(preg_match("/trigger_event/",$s_action) && in_array($type,array("DaemonEvent_reinstall","DaemonEvent_update"))){
+ foreach($mac as $key => $mac_address){
+ foreach($o_queue->get_entries_by_mac(array($mac_address)) as $entry){
+
+ $entry['STATUS'] = strtoupper($entry['STATUS']);
+ if($entry['STATUS'] == "PROCESSING" &&
+ isset($events['QUEUED'][$entry['HEADERTAG']]) &&
+ in_array($events['QUEUED'][$entry['HEADERTAG']],array("DaemonEvent_reinstall","DaemonEvent_update"))){
+ unset($mac[$key]);
+
+ new log("security","systems/".get_class($this),"",array(),"Skip adding 'DaemonEvent::".$type."' for mac '".$mac_address."', there is already a job in progress.");
+ break;
+ }
+ }
+ }
+ }
/* Prepare event to be added
*/
} else {
/* Normally this shouldn't be reached, send some extra
logs to notify the administrator */
- print_red (msgPool::permDelete());
+ msg_dialog::display(_("Permission error"), msgPool::permDelete(), ERROR_DIALOG);
new log("security","systems/".get_class($this),$dn,array(),"Tried to trick deletion.");
}
/* Remove lock file after successfull deletion */
/* Obviously the user isn't allowed to delete. Show message and
clean session. */
- print_red (msgPool::permDelete());
+ msg_dialog::display(_("Permission error"), msgPool::permDelete(), ERROR_DIALOG);
}
}
/* Normally this shouldn't be reached, send some extra
logs to notify the administrator */
- print_red(msgPool::permDelete());
+ msg_dialog::display(_("Permission error"), msgPool::permDelete(), ERROR_DIALOG);
new log("security","systems/".get_class($this),$dn,array(),"Tried to trick deletion.");
}
}
}
if(!$found){
- print_red(sprintf(_("Can't set gotoMode to status 'active', the current object couldn't be identified.")));
+ msg_dialog::display(_("Internal error"), _("Cannot set mode to 'active'!"), ERROR_DIALOG);
}
}
* entry and not an edited one, so we will delete it.
*
*/
-
if(session::is_set('SelectedSystemType')){
$SelectedSystemType = session::get('SelectedSystemType');
if($SelectedSystemType['ogroup'] != "none"){
}
$this->systab->save();
-
- /* Get macAddress to be able to an installation event
- */
- if($this->systab instanceof ArpNewDeviceTabs || session::is_set('SelectedSystemType')){
- $events = DaemonEvent::get_event_types(SYSTEM_EVENT);
-
- /* Get mac of currently edited entry */
- $mac = "";
- if($this->systab instanceof ArpNewDeviceTabs){
- $mac = $this->systab->by_object['ArpNewDevice']->netConfigDNS->macAddress;
- }else{
- foreach(array("workgeneric","termgeneric","servgeneric") as $type){
- if(isset($this->systab->by_object[$type]->netConfigDNS->macAddress)){
- $mac = $this->systab->by_object[$type]->netConfigDNS->macAddress;
- break;
- }
- }
- }
-
- /* Add installation event
- */
- if(!empty($mac) && isset($events['BY_CLASS']['DaemonEvent_reinstall'])){
- $evt = $events['BY_CLASS']['DaemonEvent_reinstall'];
- $tmp = new $evt['CLASS_NAME']($this->config);
- $tmp->add_targets(array($mac));
- $tmp->set_type(SCHEDULED_EVENT);
- $o_queue = new gosaSupportDaemon();
- $o_queue->append($tmp);
- if($o_queue->is_error()){
- msg_dialog::display(_("Service infrastructure"),msgPool::siError($o_queue->get_error()),ERROR_DIALOG);
- }
- }
- }
if(session::is_set('SelectedSystemType')){
session::un_set('SelectedSystemType');
function save_object()
{
$this->DivListSystem->save_object();
+ if(is_object($this->CopyPasteHandler)){
+ $this->CopyPasteHandler->save_object();
+ }
}
{
}
- function adapt_from_template($dn)
+ function adapt_from_template($dn, $skip= array())
{
}
}
/* Walk through all possible search combinations, and search for some objects if the checkbox is enabled */
- $filter = "(|(&".$userregex."(objectClass=goHard)(cn=".$this->DivListSystem->Regex.")))";
foreach($objs as $checkBox => $oc){
if($this->DivListSystem->$checkBox){
if($this->DivListSystem->SubSearch){
if($oc['CLASS'] != ""){
+ $filter = "(&".$userregex."(objectClass=".$oc['CLASS'].")(cn=".$this->DivListSystem->Regex."))";
$new_res = get_sub_list($filter, $sys_categories ,$oc['TREE'], $base,$sys_attrs, GL_SUBSEARCH | GL_SIZELIMIT);
$res = array_merge($res,$new_res);
}
}else{
/* User filter? */
if($oc['CLASS'] != ""){
+ $filter = "(&".$userregex."(objectClass=".$oc['CLASS'].")(cn=".$this->DivListSystem->Regex."))";
$res = array_merge($res,get_list($filter,$sys_categories,$oc['TREE'].$base, $sys_attrs, GL_SIZELIMIT));
}
}
}
/* Search for incoming objects */
+ $filter = "(|(&".$userregex."(objectClass=goHard)(cn=".$this->DivListSystem->Regex.")))";
$res = array_merge($res,get_list($filter,$sys_categories, get_ou('incomingou').$base,$sys_attrs, GL_SIZELIMIT));
/* Get all gotoTerminal's */