X-Git-Url: https://git.tokkee.org/?a=blobdiff_plain;f=gosa-core%2Finclude%2Fclass_plugin.inc;h=0691c206073d220480c29269e45c8d395ee68038;hb=30d939bbc772a9b8cdd9704e8034101e957ab972;hp=2c804e967ad20073832cd07e700064cb0fd23e45;hpb=26ed90923dc2292f528c4abb08a8a4ef0fc14b36;p=gosa.git diff --git a/gosa-core/include/class_plugin.inc b/gosa-core/include/class_plugin.inc index 2c804e967..0691c2060 100644 --- a/gosa-core/include/class_plugin.inc +++ b/gosa-core/include/class_plugin.inc @@ -139,7 +139,7 @@ class plugin \param dn Distinguished name to initialize plugin from \sa plugin() */ - function plugin (&$config, $dn= NULL, $parent= NULL) + function plugin (&$config, $dn= NULL, $object= NULL) { /* Configuration is fine, allways */ $this->config= &$config; @@ -150,8 +150,14 @@ class plugin return; } + /* Check if this entry was opened in read only mode */ if(isset($_POST['open_readonly'])){ - $this->read_only = TRUE; + if(session::global_is_set("LOCK_CACHE")){ + $cache = &session::get("LOCK_CACHE"); + if(isset($cache['READ_ONLY'][$this->dn])){ + $this->read_only = TRUE; + } + } } /* Save current dn as acl_base */ @@ -161,8 +167,8 @@ class plugin if ($dn !== NULL){ /* Load data to 'attrs' and save 'dn' */ - if ($parent !== NULL){ - $this->attrs= $parent->attrs; + if ($object !== NULL){ + $this->attrs= $object->attrs; } else { $ldap= $this->config->get_ldap_link(); $ldap->cat ($dn); @@ -253,11 +259,13 @@ class plugin function execute() { /* This one is empty currently. Fabian - please fill in the docu code */ - session::set('current_class_for_help',get_class($this)); + session::global_set('current_class_for_help',get_class($this)); /* Reset Lock message POST/GET check array, to prevent perg_match errors*/ session::set('LOCK_VARS_TO_USE',array()); - session::set('LOCK_VARS_USED',array()); + session::set('LOCK_VARS_USED_GET',array()); + session::set('LOCK_VARS_USED_POST',array()); + session::set('LOCK_VARS_USED_REQUEST',array()); } /*! \brief execute plugin @@ -738,6 +746,39 @@ class plugin } } + + /* Create unique DN */ + function create_unique_dn2($data, $base) + { + $ldap= $this->config->get_ldap_link(); + $base= preg_replace("/^,*/", "", $base); + + /* Try to use plain entry first */ + $dn= "$data,$base"; + $attribute= preg_replace('/=.*$/', '', $data); + $ldap->cat ($dn, array('dn')); + if (!$ldap->fetch()){ + return ($dn); + } + + /* Look for additional attributes */ + foreach ($this->attributes as $attr){ + if ($attr == $attribute || $this->$attr == ""){ + continue; + } + + $dn= "$data+$attr=".$this->$attr.",$base"; + $ldap->cat ($dn, array('dn')); + if (!$ldap->fetch()){ + return ($dn); + } + } + + /* None found */ + return ("none"); + } + + /* Create unique DN */ function create_unique_dn($attribute, $base) { @@ -768,6 +809,7 @@ class plugin return ("none"); } + function rebind($ldap, $referral) { $credentials= LDAP::get_credentials($referral, $this->config->current['REFERRAL']); @@ -797,7 +839,8 @@ class plugin ldap_set_rebind_proc($ds, array(&$this, "rebind")); } - $r=ldap_bind($ds,$this->config->current['ADMINDN'], $this->config->current['ADMINPASSWORD']); + $pwd = $this->config->get_credentials($this->config->current['ADMINPASSWORD']); + $r=ldap_bind($ds,$this->config->current['ADMINDN'], $pwd); $sr=ldap_read($ds, LDAP::fix($src_dn), "objectClass=*"); /* Fill data from LDAP */ @@ -844,6 +887,9 @@ class plugin /* FAIvariable=.../..., cn=.. could not be saved, because the attribute FAIvariable was different to the dn FAIvariable=..., cn=... */ + + if(!is_array($new['objectClass'])) $new['objectClass'] = array($new['objectClass']); + if(in_array_ics("FAIdebconfInfo",$new['objectClass'])){ $new['FAIvariable'] = $ldap->fix($new['FAIvariable']); } @@ -919,7 +965,10 @@ class plugin $ldap->cd($this->config->current['BASE']); $ldap->create_missing_trees(preg_replace("/^[^,]+,/","",$dst_dn)); if (!$ldap->rename_dn($src_dn,$dst_dn)){ - msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap->get_error(), $src_dn, "", get_class())); +# msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap->get_error(), $src_dn, "", get_class())); + new log("debug","Ldap Protocol v3 implementation error, ldap_rename failed, falling back to manual copy.","FROM: $src_dn -- TO: $dst_dn",array(),$ldap->get_error()); + @DEBUG(DEBUG_LDAP,__LINE__,__FUNCTION__,__FILE__,"Rename failed FROM: $src_dn -- TO: $dst_dn", + "Ldap Protocol v3 implementation error, falling back to maunal method."); return(FALSE); } @@ -930,48 +979,47 @@ class plugin array("dn","objectClass"),GL_SUBSEARCH | GL_NO_ACL_CHECK); foreach($leaf_objs as $obj){ $new_dn = $obj['dn']; - $old_dn = preg_replace("/".preg_quote($dst_dn, '/')."$/i",$src_dn,$new_dn); + $old_dn = preg_replace("/".preg_quote(LDAP::convert($dst_dn), '/')."$/i",$src_dn,LDAP::convert($new_dn)); $this->update_acls($old_dn,$new_dn); } - /* Get all objectGroups defined in this database. - and check if there is an entry matching the source dn, - if this is the case, then update this objectgroup to use the new dn. - */ - $ogroups = get_sub_list("(&(objectClass=gosaGroupOfNames)(member=*))","ogroups", - array(get_ou("ogroupRDN")),$this->config->current['BASE'],array("member"), - GL_SUBSEARCH | GL_NO_ACL_CHECK) ; + // Migrate objectgroups if needed + $ogroups = get_sub_list("(&(objectClass=gosaGroupOfNames)(member=".LDAP::prepare4filter(LDAP::fix($src_dn))."))","ogroups", array(get_ou("ogroupRDN")),$this->config->current['BASE'],array("dn"), GL_SUBSEARCH | GL_NO_ACL_CHECK); - /* Walk through all objectGroups and check if there are - members matching the source dn - */ + // Walk through all objectGroups foreach($ogroups as $ogroup){ - if(isset($ogroup['member'])){ + // Migrate old to new dn + $o_ogroup= new ogroup($this->config,$ogroup['dn']); + if (isset($o_group->member[$src_dn])) { + unset($o_ogroup->member[$src_dn]); + } + $o_ogroup->member[$dst_dn]= $dst_dn; + + // Save object group + $o_ogroup->save(); + } - /* Reset class object, this will be initialized with class_ogroup on demand - */ - $o_ogroup = NULL; - for($i = 0 ; $i < $ogroup['member']['count'] ; $i ++){ + // Migrate rfc groups if needed + $groups = get_sub_list("(&(objectClass=posixGroup)(member=".LDAP::prepare4filter(LDAP::fix($src_dn))."))","groups", array(get_ou("groupRDN")),$this->config->current['BASE'],array("dn"), GL_SUBSEARCH | GL_NO_ACL_CHECK); - $c_mem = $ogroup['member'][$i]; - - if(preg_match("/".preg_quote($src_dn, '/')."$/i",$c_mem)){ - - $d_mem = preg_replace("/".preg_quote($src_dn, '/')."$/i",$dst_dn,$ogroup['member'][$i]); + // Walk through all POSIX groups + foreach($groups as $group){ - if($o_ogroup == NULL){ - $o_ogroup = new ogroup($this->config,$ogroup['dn']); - } + // Migrate old to new dn + $o_group= new group($this->config,$group['dn']); + $o_group->save(); + } - unset($o_ogroup->member[$c_mem]); - $o_ogroup->member[$d_mem]= $d_mem; - } - } - - /* Save object group if there were changes made on the membership */ - if($o_ogroup != NULL){ - $o_ogroup->save(); - } + /* Update roles to use the new entry dn */ + $roles = get_sub_list("(&(objectClass=organizationalRole)(roleOccupant=".LDAP::prepare4filter(LDAP::fix($src_dn))."))","roles", array(get_ou("roleRDN")),$this->config->current['BASE'],array("dn"), GL_SUBSEARCH | GL_NO_ACL_CHECK); + + // Walk through all roles + foreach($roles as $role){ + $role = new roleGeneric($this->config,$role['dn']); + $key= array_search($src_dn, $role->roleOccupant); + if($key !== FALSE){ + $role->roleOccupant[$key] = $dst_dn; + $role->save(); } } @@ -984,7 +1032,7 @@ class plugin if(count($leaf_deps)){ $this->config->get_departments(); $this->config->make_idepartments(); - session::set("config",$this->config); + session::global_set("config",$this->config); $ui =get_userinfo(); $ui->reset_acl_cache(); } @@ -1104,11 +1152,8 @@ class plugin if (isset($source[$var])){ if(isset($source[$var]['count'])){ if($source[$var]['count'] > 1){ - $this->$var = array(); - $tmp = array(); - for($i = 0 ; $i < $source[$var]['count']; $i++){ - $tmp = $source[$var][$i]; - } + $tmp= $source[$var]; + unset($tmp['count']); $this->$var = $tmp; }else{ $this->$var = $source[$var][0]; @@ -1224,7 +1269,7 @@ class plugin }else{ $server = $config->get_cfg_value("snapshotURI"); $user = $config->get_cfg_value("snapshotAdminDn"); - $password = $config->get_cfg_value("snapshotAdminPassword"); + $password = $this->config->get_credentials($config->get_cfg_value("snapshotAdminPassword")); $snapldapbase = $config->get_cfg_value("snapshotBase"); $ldap_to = new ldapMultiplexer(new LDAP($user,$password, $server)); @@ -1297,7 +1342,10 @@ class plugin $this->dn = $dn; $ldap = $this->config->get_ldap_link(); $ldap->cd($this->config->current['BASE']); - $ldap->rmdir_recursive($dn); + $ldap->rmdir_recursive($this->dn); + if(!$ldap->success()){ + msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap->get_error(), $this->dn)); + } $this->dn = $old_dn; } @@ -1306,30 +1354,7 @@ class plugin There will also be some errors psoted, if the configuration failed */ function snapshotEnabled() { - $config = $this->config; - if($config->get_cfg_value("enableSnapshots") == "true"){ - /* Check if the snapshot_base is defined */ - if ($config->get_cfg_value("snapshotBase") == ""){ - msg_dialog::display(_("Configuration error"), sprintf(_("The snapshot functionality is enabled, but the required variable '%s' is not set."),"snapshotBase"), ERROR_DIALOG); - return(FALSE); - } - - /* check if there are special server configurations for snapshots */ - if ($config->get_cfg_value("snapshotURI") != ""){ - - /* check if all required vars are available to create a new ldap connection */ - $missing = ""; - foreach(array("snapshotURI","snapshotAdminDn","snapshotAdminPassword","snapshotBase") as $var){ - if($config->get_cfg_value($var) == ""){ - $missing .= $var." "; - msg_dialog::display(_("Configuration error"), sprintf(_("The snapshot functionality is enabled, but the required variable '%s' is not set."), $missing), ERROR_DIALOG); - return(FALSE); - } - } - } - return(TRUE); - } - return(FALSE); + return $this->config->snapshotEnabled(); } @@ -1351,7 +1376,7 @@ class plugin }else{ $server = $this->config->get_cfg_value("snapshotURI"); $user = $this->config->get_cfg_value("snapshotAdminDn"); - $password = $this->config->get_cfg_value("snapshotAdminPassword"); + $password = $this->config->get_credentials($this->config->get_cfg_value("snapshotAdminPassword")); $snapldapbase = $this->config->get_cfg_value("snapshotBase"); $ldap_to = new ldapMultiplexer(new LDAP($user,$password, $server)); $ldap_to -> cd($snapldapbase); @@ -1409,7 +1434,7 @@ class plugin }else{ $server = $this->config->get_cfg_value("snapshotURI"); $user = $this->config->get_cfg_value("snapshotAdminDn"); - $password = $this->config->get_cfg_value("snapshotAdminPassword"); + $password = $this->config->get_credentials($this->config->get_cfg_value("snapshotAdminPassword")); $snapldapbase = $this->config->get_cfg_value("snapshotBase"); $ldap_to = new ldapMultiplexer(new LDAP($user,$password, $server)); $ldap_to -> cd($snapldapbase); @@ -1475,7 +1500,7 @@ class plugin }else{ $server = $this->config->get_cfg_value("snapshotURI"); $user = $this->config->get_cfg_value("snapshotAdminDn"); - $password = $this->config->get_cfg_value("snapshotAdminPassword"); + $password = $this->config->get_credentials($this->config->get_cfg_value("snapshotAdminPassword")); $snapldapbase = $this->config->get_cfg_value("snapshotBase"); $ldap_to = new ldapMultiplexer(new LDAP($user,$password, $server)); $ldap_to -> cd($snapldapbase); @@ -1507,10 +1532,11 @@ class plugin $this->parent = $parent; foreach($_POST as $name => $value){ - $entry = base64_decode(preg_replace("/_[xy]$/","",$name)); /* Create a new snapshot, display a dialog */ - if(preg_match("/^CreateSnapShotDialog_/",$name) && $once){ + if(preg_match("/^CreateSnapShotDialog_[^_]*_[xy]$/",$name) && $once){ + + $entry = base64_decode(preg_replace("/^CreateSnapShotDialog_([^_]*)_[xy]$/","\\1",$name)); $once = false; $entry = preg_replace("/^CreateSnapShotDialog_/","",$entry); @@ -1524,8 +1550,8 @@ class plugin /* Restore a snapshot, display a dialog with all snapshots of the current object */ if(preg_match("/^RestoreSnapShotDialog_/",$name) && $once){ $once = false; - $entry = preg_replace("/^RestoreSnapShotDialog_/","",$entry); - if(!empty($entry) && $ui->allow_snapshot_restore($entry,$this->parent->acl_module)){ + $entry = base64_decode(preg_replace("/^RestoreSnapShotDialog_([^_]*)_[xy]$/i","\\1",$name)); + if(!empty($entry) && $ui->allow_snapshot_restore($this->dn,$this->parent->acl_module)){ $this->snapDialog = new SnapShotDialog($this->config,$entry,$this); $this->snapDialog->display_restore_dialog = true; }else{ @@ -1538,7 +1564,7 @@ class plugin || preg_match("/^RestoreDeletedSnapShot_/",$name)) && $once){ $once = false; - if($ui->allow_snapshot_restore($base,$this->parent->acl_module)){ + if($ui->allow_snapshot_restore($this->dn,$this->parent->acl_module)){ $this->snapDialog = new SnapShotDialog($this->config,"",$this); $this->snapDialog->set_snapshot_bases($baseSuffixe); $this->snapDialog->display_restore_dialog = true; @@ -1551,8 +1577,9 @@ class plugin /* Restore selected snapshot */ if(preg_match("/^RestoreSnapShot_/",$name) && $once){ $once = false; - $entry = preg_replace("/^RestoreSnapShot_/","",$entry); - if(!empty($entry) && $ui->allow_snapshot_restore($entry,$this->parent->acl_module)){ + $entry = base64_decode(preg_replace("/^RestoreSnapShot_([^_]*)_[xy]$/i","\\1",$name)); + + if(!empty($entry) && $ui->allow_snapshot_restore($this->dn,$this->parent->acl_module)){ $this->restore_snapshot($entry); $this->snapDialog = NULL; }else{ @@ -1716,10 +1743,10 @@ class plugin } /* Update userinfo if necessary */ - $ui = session::get('ui'); + $ui = session::global_get('ui'); if($ui->dn == $old_dn){ $ui->dn = $new_dn; - session::set('ui',$ui); + session::global_set('ui',$ui); new log("view","acl/".get_class($this),$this->dn,array(),"Updated current object dn from '".$old_dn."' to '".$new_dn."'"); } @@ -1814,9 +1841,10 @@ class plugin /* Copy needed attributes */ foreach ($this->attributes as $val){ $found= array_key_ics($val, $this->multi_attrs); + if ($found != ""){ - if(isset($this->multi_attrs["$found"][0])){ - $this->$val= $this->multi_attrs["$found"][0]; + if(isset($this->multi_attrs["$val"][0])){ + $this->$val= $this->multi_attrs["$val"][0]; } } } @@ -1864,11 +1892,13 @@ class plugin function multiple_execute() { /* This one is empty currently. Fabian - please fill in the docu code */ - session::set('current_class_for_help',get_class($this)); + session::global_set('current_class_for_help',get_class($this)); /* Reset Lock message POST/GET check array, to prevent perg_match errors*/ session::set('LOCK_VARS_TO_USE',array()); - session::set('LOCK_VARS_USED',array()); + session::set('LOCK_VARS_USED_GET',array()); + session::set('LOCK_VARS_USED_POST',array()); + session::set('LOCK_VARS_USED_REQUEST',array()); return("Multiple edit is currently not implemented for this plugin."); } @@ -2026,10 +2056,10 @@ class plugin /* Check permissions for each category, if there is at least one category which support read or paste permissions for the given base, then display the specific actions. */ - $readable = $pasteable = TRUE; + $readable = $pasteable = false; foreach($category as $cat){ - $readable |= $ui->get_category_permissions($base,$cat); - $pasteable|= $ui->is_pasteable($base,$cat); + $readable= $readable || preg_match('/r/', $ui->get_category_permissions($base, $cat)); + $pasteable= $pasteable || $ui->is_pasteable($base, $cat) == 1; } if(($cut || $copy) && isset($this->CopyPasteHandler) && is_object($this->CopyPasteHandler)){ @@ -2063,6 +2093,11 @@ class plugin { return(array()); } + + function is_modal_dialog() + { + return(isset($this->dialog) && $this->dialog); + } } // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler: