X-Git-Url: https://git.tokkee.org/?a=blobdiff_plain;ds=sidebyside;f=gosa-plugins%2Fsystems%2Fadmin%2Fsystems%2Fclass_systemManagement.inc;h=43af7119741498a082c4885cef4a66dfc60c6a33;hb=6ccbd96769b248dd5b19de9e44b29fe3bd46a562;hp=98128010c461bdb376a1375d874c7c3760d8c2f9;hpb=4331eb706d69ca050c5c495bd80c62b4c3ff67be;p=gosa.git diff --git a/gosa-plugins/systems/admin/systems/class_systemManagement.inc b/gosa-plugins/systems/admin/systems/class_systemManagement.inc index 98128010c..43af71197 100644 --- a/gosa-plugins/systems/admin/systems/class_systemManagement.inc +++ b/gosa-plugins/systems/admin/systems/class_systemManagement.inc @@ -1,21 +1,23 @@ systab->by_object[$tabname]->base = $this->DivListSystem->selectedBase; $this->systab->base = $this->DivListSystem->selectedBase; }else{ - print_red(_("You are not allowed to create a new object of this type.")); + msg_dialog::display(_("Error"), msgPool::permCreate(), ERROR_DIALOG); } } } @@ -378,7 +380,7 @@ class systems extends plugin session::set('objectinfo',$this->dn); add_lock ($this->dn, $this->ui->dn); }else{ - print_red (_("You can't edit this object type yet!")); + msg_dialog::display(_("Error"), _("Editing this type of object is not supported yet!"), ERROR_DIALOG); del_lock($this->dn); } } @@ -391,22 +393,30 @@ class systems extends plugin /* Set terminals root password */ if ($s_action=="change_pw"){ $tabs = array( - "terminal" => array("CLASS"=>"TERMTABS", "TABNAME"=>"termgeneric", "TABCLASS" =>"termtabs", "ACL"=> "terminal"), - "workstation" => array("CLASS"=>"WORKTABS", "TABNAME"=>"workgeneric", "TABCLASS" =>"worktabs", "ACL"=> "workstation")); + "ArpNewDevice"=> array("CLASS"=>"TERMTABS", "TABCLASS" =>"termtabs", "ACL"=> "incoming/systems"), + "NewDevice" => array("CLASS"=>"TERMTABS", "TABCLASS" =>"termtabs", "ACL"=> "incoming/systems"), + "terminal" => array("CLASS"=>"TERMTABS", "TABCLASS" =>"termtabs", "ACL"=> "terminal/termgeneric"), + "workstation" => array("CLASS"=>"WORKTABS", "TABCLASS" =>"worktabs", "ACL"=> "workstation/workgeneric"), + "server" => array("CLASS"=>"SERVTABS", "TABCLASS" =>"servtabs", "ACL"=> "server/servgeneric"), + "printer" => array("CLASS"=>"PRINTTABS", "TABCLASS" =>"printtabs", "ACL"=> "printer/printgeneric"), + "phone" => array("CLASS"=>"PHONETABS", "TABCLASS" =>"phonetabs", "ACL"=> "phone/phoneGeneric"), + "winstation" => array("CLASS"=>"WINTABS", "TABCLASS" =>"wintabs", "ACL"=> "winworkstation/wingeneric"), + "component" => array("CLASS"=>"COMPONENTTABS","TABCLASS" =>"componenttabs", "ACL"=> "component/componentGeneric")); + $dn = $this->terminals[$s_entry]['dn']; $type = $this->get_system_type($this->terminals[$s_entry]); + $class = $tabs[$type]["CLASS"]; - $tabname = $tabs[$type]["TABNAME"]; - $acl_cat = $tabs[$type]["ACL"]; + $acl = $tabs[$type]["ACL"]; $tabclass = $tabs[$type]["TABCLASS"]; $ui = get_userinfo(); - $tabacl = $ui->get_permissions($this->DivListSystem->selectedBase,$acl_cat."/".$tabname,"gotoRootPasswd"); + $tabacl = $ui->get_permissions($dn,$acl,"userPassword"); if(preg_match("/w/",$tabacl)){ $this->dn= $this->terminals[$s_entry]['dn']; session::set('objectinfo',$this->dn); return ($smarty->fetch(get_template_path('password.tpl', TRUE))); }else{ - print_red(_("You are not allowed to change the password for this object.")); + msg_dialog::display(_("Permission error"), _("You have no permission to change this password!"), ERROR_DIALOG); } } @@ -418,7 +428,7 @@ class systems extends plugin /* Correctly specified? */ if (isset($_POST['password_finish'])){ if ($_POST['new_password'] != $_POST['repeated_password']){ - print_red (_("Passwords entered as new and repeated do not match!")); + msg_dialog::display(_("Error"), _("The passwords you've entered as 'New password' and 'Repeated password' do not match!"), ERROR_DIALOG); return($smarty->fetch(get_template_path('password.tpl', TRUE))); } } @@ -433,49 +443,92 @@ class systems extends plugin /* Check if user is allowed to set password */ $tabs = array( - "terminal" => array("CLASS"=>"TERMTABS", "TABNAME"=>"termgeneric", "TABCLASS" =>"termtabs", "ACL"=> "terminal"), - "workstation" => array("CLASS"=>"WORKTABS", "TABNAME"=>"workgeneric", "TABCLASS" =>"worktabs", "ACL"=> "workstation")); + "terminal" => array("CLASS"=>"TERMTABS", "TABCLASS" =>"termtabs", "ACL"=> "terminal/termgeneric" ,"PLUG"=>"termgeneric"), + "workstation" => array("CLASS"=>"WORKTABS", "TABCLASS" =>"worktabs", "ACL"=> "workstation/workgeneric" ,"PLUG"=>"workgeneric"), + "server" => array("CLASS"=>"SERVTABS", "TABCLASS" =>"servtabs", "ACL"=> "server/servgeneric" ,"PLUG"=>"servgeneric"), + "component" => array("CLASS"=>"COMPONENTTABS","TABCLASS" =>"componenttabs", "ACL"=> "component/componentGeneric","PLUG"=>"componentGeneric")); /* Detect object type */ $type = ""; foreach($this->terminals as $terminal){ if($terminal['dn'] == $this->dn){ - $type = $this->get_system_type($terminal); + $type = $this->get_system_type($terminal); break; } } /* Type detected */ - if(!empty($type)){ + $allow_for = array("terminal","workstation","server","component"); + if(!empty($type) && in_array($type,$allow_for)){ /* Get infos */ + $plug = $tabs[$type]["PLUG"]; $class = $tabs[$type]["CLASS"]; - $tabname = $tabs[$type]["TABNAME"]; - $acl_cat = $tabs[$type]["ACL"]; + $acl = $tabs[$type]["ACL"]; $tabclass = $tabs[$type]["TABCLASS"]; /* Get acls */ $ui = get_userinfo(); - $tabacl = $ui->get_permissions($this->DivListSystem->selectedBase,$acl_cat."/".$tabname,"gotoRootPasswd"); + $tabacl = $ui->get_permissions($this->dn,$acl,"userPassword"); /* Check acls */ if(preg_match("/w/",$tabacl)){ $ldap = $this->config->get_ldap_link(); $ldap->cd($this->dn); + $ldap->cat($this->dn); + $old_attrs = $ldap->fetch(); $attrs= array(); if ($_POST['new_password'] == ""){ - $attrs['gotoRootPasswd']= array(); + + /* Remove password attribute + */ + if(in_array("simpleSecurityObject",$old_attrs['objectClass'])){ + $attrs['objectClass'] = array(); + for($i = 0 ; $i < $old_attrs['objectClass']['count'] ; $i ++){ + if(!preg_match("/simpleSecurityObject/i",$old_attrs['objectClass'][$i])){ + $attrs['objectClass'][] = $old_attrs['objectClass'][$i]; + } + } + } + $attrs['userPassword']= array(); } else { - $attrs['gotoRootPasswd']= crypt($_POST['new_password'],substr(session_id(),0,2)); + + /* Add/modify password attribute + */ + if(!in_array("simpleSecurityObject",$old_attrs['objectClass'])){ + $attrs['objectClass'] = array(); + for($i = 0 ; $i < $old_attrs['objectClass']['count'] ; $i ++){ + $attrs['objectClass'][] = $old_attrs['objectClass'][$i]; + } + $attrs['objectClass'][] = "simpleSecurityObject"; + } + + if(class_available("passwordMethodCrypt")){ + $pwd_m = new passwordMethodCrypt($this->config); + $pwd_m->set_hash("crypt/md5"); + $attrs['userPassword'] = $pwd_m->generate_hash($_POST['new_password']); + }else{ + msg_dialog::display(_("Password method"),_("Password method crypt is missing. Cannot set system password.")); + $attrs = array(); + } } $ldap->modify($attrs); + if (!$ldap->success()){ + msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap->get_error(), $this->dn, LDAP_MOD, get_class())); + }else{ + if(class_available($plug)){ + $p = new $plug($this->config,$this->dn); + $p->handle_post_events("modify"); + } + } + new log("security","systems/".get_class($this),$this->dn,array_keys($attrs),$ldap->get_error()); }else{ - print_red(_("You are not allowed to change the password for this object.")); + msg_dialog::display(_("Permission error"), _("You have no permission to change this password!"), ERROR_DIALOG); } }else{ - print_red(_("Can't detect object to change password.")); + msg_dialog::display(_("Error"), _("Cannot determine object to change password!"), ERROR_DIALOG); } session::un_set('objectinfo'); } @@ -499,7 +552,7 @@ class systems extends plugin /******************** SCHEDULE action in GOsa Daemon ********************/ - $save_events_directly = FALSE; + if(preg_match("/^schedule_event_/",$s_action) || preg_match("/^trigger_event_/",$s_action)){ $this->dns = array(); $ids = $this->list_get_selected_items(); @@ -515,23 +568,40 @@ class systems extends plugin $mac[]= $attrs['macAddress'][0]; } } - $events = DaemonEvent::get_event_types(); - if(preg_match("/^trigger_event_/",$s_action)){ - $type = preg_replace("/^trigger_event_/","",$s_action); - }else{ - $type = preg_replace("/^schedule_event_/","",$s_action); - } + $events = DaemonEvent::get_event_types(SYSTEM_EVENT); + $type = preg_replace("/^[a-z]*_event_/","",$s_action); + $o_queue = new gosaSupportDaemon(); + + /* Skip installation or update trigerred events, + * if this entry is currently processing. + */ + if(preg_match("/trigger_event/",$s_action) && in_array($type,array("DaemonEvent_reinstall","DaemonEvent_update"))){ + foreach($mac as $key => $mac_address){ + foreach($o_queue->get_entries_by_mac(array($mac_address)) as $entry){ + + $entry['STATUS'] = strtoupper($entry['STATUS']); + if($entry['STATUS'] == "PROCESSING" && + isset($events['QUEUED'][$entry['HEADERTAG']]) && + in_array($events['QUEUED'][$entry['HEADERTAG']],array("DaemonEvent_reinstall","DaemonEvent_update"))){ + unset($mac[$key]); + + new log("security","systems/".get_class($this),"",array(),"Skip adding 'DaemonEvent::".$type."' for mac '".$mac_address."', there is already a job in progress."); + break; + } + } + } + } + + /* Prepare event to be added + */ if(count($mac) && isset($events['BY_CLASS'][$type])){ $event = $events['BY_CLASS'][$type]; $this->systab = new $event['CLASS_NAME']($this->config); $this->systab->add_targets($mac); - - /* Insert event directly with current timestamp - * to force direct execution. - */ - if(preg_match("/^trigger_event_/",$s_action)){ - $this->systab->set_timestamp(time()); - $save_events_directly = TRUE; + if(preg_match("/trigger_event/",$s_action)){ + $this->systab->set_type(TRIGGERED_EVENT); + }else{ + $this->systab->set_type(SCHEDULED_EVENT); } } } @@ -540,26 +610,17 @@ class systems extends plugin /* Insert scheduled events into queue */ if($this->systab instanceof DaemonEvent){ $this->systab->save_object(); - if(isset($_POST['save_event_dialog']) || $save_events_directly){ - /* Directly means not scheduled */ - if($save_events_directly){ - $header = $this->systab->get_trigger_action(); - }else{ - $header = $this->systab->get_schedule_action(); - } - $targets = $this->systab->get_targets(); - $data = $this->systab->save(); + /* Save event + */ + if(isset($_POST['save_event_dialog']) || $this->systab->get_type() == TRIGGERED_EVENT){ $o_queue = new gosaSupportDaemon(); - foreach($targets as $target){ - $data['macaddress'] = $target; - $o_queue->send_data($header,$target,$data,TRUE); - if($o_queue->is_error()){ - msg_dialog::display(_("Daemon"),sprintf(_("Something went wrong while talking to the daemon: %s."), - $o_queue->get_error()),ERROR_DIALOG); - } + $o_queue->append($this->systab); + if($o_queue->is_error()){ + msg_dialog::display(_("Service infrastructure"),msgPool::siError($o_queue->get_error()),ERROR_DIALOG); + }else{ + $this->systab = FALSE; } - $this->systab = FALSE; } if(isset($_POST['abort_event_dialog'])){ $this->systab = FALSE; @@ -585,19 +646,14 @@ class systems extends plugin return(gen_locked_message($user,$this->dns)); } - $dns_names = "
";
+        $dns_names = array();
         foreach($this->dns as $dn){
           add_lock ($dn, $this->ui->dn);
-          $dns_names .= $dn."\n";
+          $dns_names[] = @LDAP::fix($dn);
         }
-        $dns_names .="
"; /* Lock the current entry, so nobody will edit it during deletion */ - if (count($this->dns) == 1){ - $smarty->assign("warning", sprintf(_("You're about to delete the following entry %s"), @LDAP::fix($dns_names))); - } else { - $smarty->assign("warning", sprintf(_("You're about to delete the following entries %s"), @LDAP::fix($dns_names))); - } + $smarty->assign("warning", msgPool::deleteInfo($dns_names)); $smarty->assign("multiple", true); return($smarty->fetch(get_template_path('remove.tpl', TRUE))); } @@ -645,7 +701,11 @@ class systems extends plugin if(preg_match("/d/",$tabacl)){ /* Delete request is permitted, perform LDAP action */ - if($tabtype=="phonetabs"){ + if(in_array($type,array("ArpNewDevice","NewDevice")) && class_available("termgeneric")){ + $this->systab= new termgeneric($this->config, $dn); + $this->systab->set_acl_base($dn); + $this->systab->remove_from_parent(); + }elseif($tabtype=="phonetabs"){ $this->systab= new $tabtype($this->config, $this->config->data['TABS'][$tabobj], $dn,$type); $this->systab->set_acl_base($dn); $this->systab->by_object['phoneGeneric']->remove_from_parent (); @@ -660,7 +720,7 @@ class systems extends plugin } else { /* Normally this shouldn't be reached, send some extra logs to notify the administrator */ - print_red (_("You are not allowed to delete this component!")); + msg_dialog::display(_("Permission error"), msgPool::permDelete(), ERROR_DIALOG); new log("security","systems/".get_class($this),$dn,array(),"Tried to trick deletion."); } /* Remove lock file after successfull deletion */ @@ -731,14 +791,14 @@ class systems extends plugin /* Lock the current entry, so nobody will edit it during deletion */ add_lock ($this->dn, $this->ui->dn); - $smarty->assign("warning", sprintf(_("You're about to delete all information about the component at '%s'."), @LDAP::fix($this->dn))); + $smarty->assign("warning", msgPool::deleteInfo(@LDAP::fix($this->dn))); $smarty->assign("multiple", false); return($smarty->fetch(get_template_path('remove.tpl', TRUE))); } else { /* Obviously the user isn't allowed to delete. Show message and clean session. */ - print_red (_("You are not allowed to delete this component!")); + msg_dialog::display(_("Permission error"), msgPool::permDelete(), ERROR_DIALOG); } } @@ -782,7 +842,11 @@ class systems extends plugin if(preg_match("/d/",$tabacl)){ /* Delete request is permitted, perform LDAP action */ - if($tabtype=="phonetabs"){ + if(in_array($type,array("ArpNewDevice","NewDevice")) && class_available("termgeneric")){ + $this->systab= new termgeneric($this->config, $this->dn); + $this->systab->set_acl_base($this->dn); + $this->systab->remove_from_parent(); + }elseif($tabtype=="phonetabs"){ $this->systab= new $tabtype($this->config, $this->config->data['TABS'][$tabobj], $this->dn,$type); $this->systab->set_acl_base($this->dn); $this->systab->by_object['phoneGeneric']->remove_from_parent (); @@ -799,7 +863,7 @@ class systems extends plugin /* Normally this shouldn't be reached, send some extra logs to notify the administrator */ - print_red (_("You are not allowed to delete this component!")); + msg_dialog::display(_("Permission error"), msgPool::permDelete(), ERROR_DIALOG); new log("security","systems/".get_class($this),$dn,array(),"Tried to trick deletion."); } @@ -808,14 +872,7 @@ class systems extends plugin } - - - - - - - - /******************** + /******************** Edit system type finished, check if everything went ok ********************/ /* Finish user edit is triggered by the tabulator dialog, so @@ -838,7 +895,7 @@ class systems extends plugin } } if(!$found){ - print_red(sprintf(_("Can't set gotoMode to status 'active', the current object couldn't be identified."))); + msg_dialog::display(_("Internal error"), _("Cannot set mode to 'active'!"), ERROR_DIALOG); } } @@ -853,7 +910,6 @@ class systems extends plugin * entry and not an edited one, so we will delete it. * */ - if(session::is_set('SelectedSystemType')){ $SelectedSystemType = session::get('SelectedSystemType'); if($SelectedSystemType['ogroup'] != "none"){ @@ -879,42 +935,6 @@ class systems extends plugin } $this->systab->save(); - - /* Get macAddress to be able to an installation event - */ - if($this->systab instanceof ArpNewDeviceTabs || session::is_set('SelectedSystemType')){ - $events = DaemonEvent::get_event_types(); - - /* Get mac of currently edited entry */ - $mac = ""; - if($this->systab instanceof ArpNewDeviceTabs){ - $mac = $this->systab->by_object['ArpNewDevice']->netConfigDNS->macAddress; - }else{ - foreach(array("workgeneric","termgeneric","servgeneric") as $type){ - if(isset($this->systab->by_object[$type]->netConfigDNS->macAddress)){ - $mac = $this->systab->by_object[$type]->netConfigDNS->macAddress; - break; - } - } - } - - /* Add installation event - */ - if(!empty($mac) && isset($events['BY_CLASS']['DaemonEvent_install'])){ - $evt = $events['BY_CLASS']['DaemonEvent_install']; - $tmp = new $evt['CLASS_NAME']($this->config); - $tmp->add_targets(array($mac)); - $header = $tmp->get_trigger_action(); - $data = $tmp->save(); - $data['macaddress'] = $mac; - $o_queue = new gosaSupportDaemon(); - $o_queue->send_data($header,$mac,$data,TRUE); - if($o_queue->is_error()){ - msg_dialog::display(_("Daemon"),sprintf(_("Something went wrong while talking to the daemon: %s."), - $o_queue->get_error()),ERROR_DIALOG); - } - } - } if(session::is_set('SelectedSystemType')){ session::un_set('SelectedSystemType'); @@ -943,7 +963,7 @@ class systems extends plugin } else { /* Ok. There seem to be errors regarding to the tab data, show message and continue as usual. */ - show_errors($message); + msg_dialog::displayChecks($message); } } @@ -978,6 +998,7 @@ class systems extends plugin $dialog = FALSE; $hide_apply = $this->dn == "new"; + $hide_apply = ($this->dn == "new") || (preg_match("/".normalizePreg(get_ou("incomingou"))."/",$this->dn)); if(is_object($this->systab) && !isset($this->systab->by_object)){ $dialog = TRUE; $hide_apply = TRUE; @@ -994,13 +1015,13 @@ class systems extends plugin if (!$dialog){ $display.= "

\n"; - $display.= "\n"; + $display.= "\n"; $display.= " \n"; if (!$hide_apply){ - $display.= "\n"; + $display.= "\n"; $display.= " \n"; } - $display.= "\n"; + $display.= "\n"; $display.= "

"; } return ($display); @@ -1066,6 +1087,9 @@ class systems extends plugin function save_object() { $this->DivListSystem->save_object(); + if(is_object($this->CopyPasteHandler)){ + $this->CopyPasteHandler->save_object(); + } } @@ -1080,7 +1104,7 @@ class systems extends plugin { } - function adapt_from_template($dn) + function adapt_from_template($dn, $skip= array()) { } @@ -1135,17 +1159,18 @@ class systems extends plugin } /* Walk through all possible search combinations, and search for some objects if the checkbox is enabled */ - $filter = "(|(&".$userregex."(objectClass=goHard)(cn=".$this->DivListSystem->Regex.")))"; foreach($objs as $checkBox => $oc){ if($this->DivListSystem->$checkBox){ if($this->DivListSystem->SubSearch){ if($oc['CLASS'] != ""){ + $filter = "(&".$userregex."(objectClass=".$oc['CLASS'].")(cn=".$this->DivListSystem->Regex."))"; $new_res = get_sub_list($filter, $sys_categories ,$oc['TREE'], $base,$sys_attrs, GL_SUBSEARCH | GL_SIZELIMIT); $res = array_merge($res,$new_res); } }else{ /* User filter? */ if($oc['CLASS'] != ""){ + $filter = "(&".$userregex."(objectClass=".$oc['CLASS'].")(cn=".$this->DivListSystem->Regex."))"; $res = array_merge($res,get_list($filter,$sys_categories,$oc['TREE'].$base, $sys_attrs, GL_SIZELIMIT)); } } @@ -1153,6 +1178,7 @@ class systems extends plugin } /* Search for incoming objects */ + $filter = "(|(&".$userregex."(objectClass=goHard)(cn=".$this->DivListSystem->Regex.")))"; $res = array_merge($res,get_list($filter,$sys_categories, get_ou('incomingou').$base,$sys_attrs, GL_SIZELIMIT)); /* Get all gotoTerminal's */ @@ -1382,13 +1408,10 @@ class systems extends plugin /* Return C&P dialog */ if($this->start_pasting_copied_objects && $this->CopyPasteHandler->entries_queued()){ - - /* Load entry from queue and set base */ - $this->CopyPasteHandler->load_entry_from_queue(); - $this->CopyPasteHandler->SetVar("base",$this->DivListSystem->selectedBase); /* Get dialog */ $data = $this->CopyPasteHandler->execute(); + $this->CopyPasteHandler->SetVar("base",$this->DivListSystem->selectedBase); /* Return dialog data */ if(!empty($data)){ @@ -1437,7 +1460,7 @@ class systems extends plugin { $temp= ""; $conv= array( - "NQ" => array("select_newsystem.png",_("New System from incoming")), + "NQ" => array("select_newsystem.png",_("New system from incoming")), "D" => array("select_default.png",_("Template")), "T" => array("select_terminal.png",_("Terminal")), "L" => array("select_workstation.png",_("Workstation")), @@ -1449,10 +1472,10 @@ class systems extends plugin "GS" => array("select_server_green.png",_("Server is installing")), "YS" => array("select_server_yellow.png",_("Server is waiting for action")), "RS" => array("select_server_red.png",_("Server installation failed")), - "W" => array("select_winstation.png",_("Winstation")), - "C" => array("select_component.png",_("Network Device")), - "NT"=> array("select_new_terminal.png",_("New Terminal")), - "NL"=> array("select_new_workstation.png",_("New Workstation")), + "W" => array("select_winstation.png",_("Win workstation")), + "C" => array("select_component.png",_("Network device")), + "NT"=> array("select_new_terminal.png",_("New terminal")), + "NL"=> array("select_new_workstation.png",_("New workstation")), "P" => array("select_printer.png",_("Printer"))); if((isset($input['is_new']))&&(!empty($input['is_new']))){