X-Git-Url: https://git.tokkee.org/?a=blobdiff_plain;f=gosa-core%2Finclude%2Fclass_plugin.inc;h=bb5bd9e87b0cd310fa2ec80b50471993504ef6ad;hb=7d0eab6bb81d3010130879061ea00542071f5b76;hp=35cbce9e7e6e5bcac1cd5c2b1b28e1be9e240c43;hpb=434959652679c3a0bccca42ce9e858b4d595be30;p=gosa.git diff --git a/gosa-core/include/class_plugin.inc b/gosa-core/include/class_plugin.inc index 35cbce9e7..bb5bd9e87 100644 --- a/gosa-core/include/class_plugin.inc +++ b/gosa-core/include/class_plugin.inc @@ -139,7 +139,7 @@ class plugin \param dn Distinguished name to initialize plugin from \sa plugin() */ - function plugin (&$config, $dn= NULL, $parent= NULL) + function plugin (&$config, $dn= NULL, $object= NULL) { /* Configuration is fine, allways */ $this->config= &$config; @@ -167,8 +167,8 @@ class plugin if ($dn !== NULL){ /* Load data to 'attrs' and save 'dn' */ - if ($parent !== NULL){ - $this->attrs= $parent->attrs; + if ($object !== NULL){ + $this->attrs= $object->attrs; } else { $ldap= $this->config->get_ldap_link(); $ldap->cat ($dn); @@ -252,9 +252,7 @@ class plugin } - /*! \brief execute plugin - - Generates the html output for this node + /*! \brief Generates the html output for this node */ function execute() { @@ -263,11 +261,12 @@ class plugin /* Reset Lock message POST/GET check array, to prevent perg_match errors*/ session::set('LOCK_VARS_TO_USE',array()); - session::set('LOCK_VARS_USED',array()); + session::set('LOCK_VARS_USED_GET',array()); + session::set('LOCK_VARS_USED_POST',array()); + session::set('LOCK_VARS_USED_REQUEST',array()); } - /*! \brief execute plugin - Removes object from parent + /*! \brief Removes object from parent */ function remove_from_parent() { @@ -305,7 +304,7 @@ class plugin } - /*! \brief Save HTML posted data to object + /*! \brief Save HTML posted data to object */ function save_object() { @@ -343,7 +342,7 @@ class plugin } - /* Save data to LDAP, depending on is_account we save or delete */ + /*! \brief Save data to LDAP, depending on is_account we save or delete */ function save() { /* include global link_info */ @@ -438,7 +437,7 @@ class plugin } } - /* Check formular input */ + /*! \brief Check formular input */ function check() { $message= array(); @@ -562,14 +561,14 @@ class plugin } } - /* Indicate whether a password change is needed or not */ + /* \brief Indicate whether a password change is needed or not */ function password_change_needed() { return FALSE; } - /* Show header message for tab dialogs */ + /*! \brief Show header message for tab dialogs */ function show_enable_header($button_text, $text, $disabled= FALSE) { if (($disabled == TRUE) || (!$this->acl_is_createable())){ @@ -585,7 +584,7 @@ class plugin } - /* Show header message for tab dialogs */ + /*! \brief Show header message for tab dialogs */ function show_disable_header($button_text, $text, $disabled= FALSE) { if (($disabled == TRUE) || !$this->acl_is_removeable()){ @@ -601,7 +600,7 @@ class plugin } - /* Show header message for tab dialogs */ + /*! \brief Show header message for tab dialogs */ function show_header($button_text, $text, $disabled= FALSE) { echo "FIXME: show_header should be replaced by show_disable_header and show_enable_header
"; @@ -618,7 +617,7 @@ class plugin return($display); } - + /*! \brief Executes commands after an object has been created */ function postcreate($add_attrs= array()) { /* Find postcreate entries for this class */ @@ -661,6 +660,7 @@ class plugin } } + /*! \brief Execute commands after an object has been modified */ function postmodify($add_attrs= array()) { /* Find postcreate entries for this class */ @@ -702,6 +702,7 @@ class plugin } } + /*! \brief Executes a command after an object has been removed */ function postremove($add_attrs= array()) { /* Find postremove entries for this class */ @@ -744,7 +745,40 @@ class plugin } } + /* Create unique DN */ + function create_unique_dn2($data, $base) + { + $ldap= $this->config->get_ldap_link(); + $base= preg_replace("/^,*/", "", $base); + + /* Try to use plain entry first */ + $dn= "$data,$base"; + $attribute= preg_replace('/=.*$/', '', $data); + $ldap->cat ($dn, array('dn')); + if (!$ldap->fetch()){ + return ($dn); + } + + /* Look for additional attributes */ + foreach ($this->attributes as $attr){ + if ($attr == $attribute || $this->$attr == ""){ + continue; + } + + $dn= "$data+$attr=".$this->$attr.",$base"; + $ldap->cat ($dn, array('dn')); + if (!$ldap->fetch()){ + return ($dn); + } + } + + /* None found */ + return ("none"); + } + + + /*! \brief Create unique DN */ function create_unique_dn($attribute, $base) { $ldap= $this->config->get_ldap_link(); @@ -774,6 +808,7 @@ class plugin return ("none"); } + function rebind($ldap, $referral) { $credentials= LDAP::get_credentials($referral, $this->config->current['REFERRAL']); @@ -803,7 +838,8 @@ class plugin ldap_set_rebind_proc($ds, array(&$this, "rebind")); } - $r=ldap_bind($ds,$this->config->current['ADMINDN'], $this->config->current['ADMINPASSWORD']); + $pwd = $this->config->get_credentials($this->config->current['ADMINPASSWORD']); + $r=ldap_bind($ds,$this->config->current['ADMINDN'], $pwd); $sr=ldap_read($ds, LDAP::fix($src_dn), "objectClass=*"); /* Fill data from LDAP */ @@ -850,6 +886,9 @@ class plugin /* FAIvariable=.../..., cn=.. could not be saved, because the attribute FAIvariable was different to the dn FAIvariable=..., cn=... */ + + if(!is_array($new['objectClass'])) $new['objectClass'] = array($new['objectClass']); + if(in_array_ics("FAIdebconfInfo",$new['objectClass'])){ $new['FAIvariable'] = $ldap->fix($new['FAIvariable']); } @@ -907,14 +946,18 @@ class plugin - /*! \brief Move a given ldap object indentified by $src_dn \ - to the given destination $dst_dn \ - * Ensure that all references are updated (ogroups) \ - * Update ACLs \ - * Update accessTo \ - @param String The source dn. - @param String The destination dn. - @return Boolean TRUE on success else FALSE. + /*! \brief Rename/Move a given src_dn to the given dest_dn + * + * Move a given ldap object indentified by $src_dn to the + * given destination $dst_dn + * + * - Ensure that all references are updated (ogroups) + * - Update ACLs + * - Update accessTo + * + * \param string 'src_dn' the source DN. + * \param string 'dst_dn' the destination DN. + * \return boolean TRUE on success else FALSE. */ function rename($src_dn, $dst_dn) { @@ -925,7 +968,10 @@ class plugin $ldap->cd($this->config->current['BASE']); $ldap->create_missing_trees(preg_replace("/^[^,]+,/","",$dst_dn)); if (!$ldap->rename_dn($src_dn,$dst_dn)){ - msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap->get_error(), $src_dn, "", get_class())); +# msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap->get_error(), $src_dn, "", get_class())); + new log("debug","Ldap Protocol v3 implementation error, ldap_rename failed, falling back to manual copy.","FROM: $src_dn -- TO: $dst_dn",array(),$ldap->get_error()); + @DEBUG(DEBUG_LDAP,__LINE__,__FUNCTION__,__FILE__,"Rename failed FROM: $src_dn -- TO: $dst_dn", + "Ldap Protocol v3 implementation error, falling back to maunal method."); return(FALSE); } @@ -936,48 +982,47 @@ class plugin array("dn","objectClass"),GL_SUBSEARCH | GL_NO_ACL_CHECK); foreach($leaf_objs as $obj){ $new_dn = $obj['dn']; - $old_dn = preg_replace("/".preg_quote($dst_dn, '/')."$/i",$src_dn,$new_dn); + $old_dn = preg_replace("/".preg_quote(LDAP::convert($dst_dn), '/')."$/i",$src_dn,LDAP::convert($new_dn)); $this->update_acls($old_dn,$new_dn); } - /* Get all objectGroups defined in this database. - and check if there is an entry matching the source dn, - if this is the case, then update this objectgroup to use the new dn. - */ - $ogroups = get_sub_list("(&(objectClass=gosaGroupOfNames)(member=*))","ogroups", - array(get_ou("ogroupRDN")),$this->config->current['BASE'],array("member"), - GL_SUBSEARCH | GL_NO_ACL_CHECK) ; + // Migrate objectgroups if needed + $ogroups = get_sub_list("(&(objectClass=gosaGroupOfNames)(member=".LDAP::prepare4filter(LDAP::fix($src_dn))."))","ogroups", array(get_ou("ogroupRDN")),$this->config->current['BASE'],array("dn"), GL_SUBSEARCH | GL_NO_ACL_CHECK); - /* Walk through all objectGroups and check if there are - members matching the source dn - */ + // Walk through all objectGroups foreach($ogroups as $ogroup){ - if(isset($ogroup['member'])){ + // Migrate old to new dn + $o_ogroup= new ogroup($this->config,$ogroup['dn']); + if (isset($o_group->member[$src_dn])) { + unset($o_ogroup->member[$src_dn]); + } + $o_ogroup->member[$dst_dn]= $dst_dn; + + // Save object group + $o_ogroup->save(); + } - /* Reset class object, this will be initialized with class_ogroup on demand - */ - $o_ogroup = NULL; - for($i = 0 ; $i < $ogroup['member']['count'] ; $i ++){ + // Migrate rfc groups if needed + $groups = get_sub_list("(&(objectClass=posixGroup)(member=".LDAP::prepare4filter(LDAP::fix($src_dn))."))","groups", array(get_ou("groupRDN")),$this->config->current['BASE'],array("dn"), GL_SUBSEARCH | GL_NO_ACL_CHECK); - $c_mem = $ogroup['member'][$i]; - - if(preg_match("/".preg_quote($src_dn, '/')."$/i",$c_mem)){ - - $d_mem = preg_replace("/".preg_quote($src_dn, '/')."$/i",$dst_dn,$ogroup['member'][$i]); + // Walk through all POSIX groups + foreach($groups as $group){ - if($o_ogroup == NULL){ - $o_ogroup = new ogroup($this->config,$ogroup['dn']); - } + // Migrate old to new dn + $o_group= new group($this->config,$group['dn']); + $o_group->save(); + } - unset($o_ogroup->member[$c_mem]); - $o_ogroup->member[$d_mem]= $d_mem; - } - } - - /* Save object group if there were changes made on the membership */ - if($o_ogroup != NULL){ - $o_ogroup->save(); - } + /* Update roles to use the new entry dn */ + $roles = get_sub_list("(&(objectClass=organizationalRole)(roleOccupant=".LDAP::prepare4filter(LDAP::fix($src_dn))."))","roles", array(get_ou("roleRDN")),$this->config->current['BASE'],array("dn"), GL_SUBSEARCH | GL_NO_ACL_CHECK); + + // Walk through all roles + foreach($roles as $role){ + $role = new roleGeneric($this->config,$role['dn']); + $key= array_search($src_dn, $role->roleOccupant); + if($key !== FALSE){ + $role->roleOccupant[$key] = $dst_dn; + $role->save(); } } @@ -999,7 +1044,7 @@ class plugin } - + function move($src_dn, $dst_dn) { /* Do not copy if only upper- lowercase has changed */ @@ -1040,7 +1085,7 @@ class plugin } - /* Move/Rename complete trees */ + /* \brief Move/Rename complete trees */ function recursive_move($src_dn, $dst_dn) { /* Check if the destination entry exists */ @@ -1090,6 +1135,7 @@ class plugin } + /*! \brief Prepare for Copy & Paste */ function PrepareForCopyPaste($source) { $todo = $this->attributes; @@ -1110,11 +1156,8 @@ class plugin if (isset($source[$var])){ if(isset($source[$var]['count'])){ if($source[$var]['count'] > 1){ - $this->$var = array(); - $tmp = array(); - for($i = 0 ; $i < $source[$var]['count']; $i++){ - $tmp = $source[$var][$i]; - } + $tmp= $source[$var]; + unset($tmp['count']); $this->$var = $tmp; }else{ $this->$var = $source[$var][0]; @@ -1126,12 +1169,13 @@ class plugin } } - function tag_attrs(&$at, $dn= "", $tag= "", $show= false) - { - /* Skip tagging? + /*! \brief Get gosaUnitTag for the given DN If this is called from departmentGeneric, we have to skip this tagging procedure. - */ + */ + function tag_attrs(&$at, $dn= "", $tag= "", $show= false) + { + /* Skip tagging? */ if($this->skipTagging){ return; } @@ -1172,7 +1216,8 @@ class plugin } } } - + + /*! \brief Add unit tag */ /* Remove tags that may already be here... */ remove_objectClass("gosaAdministrativeUnitTag", $at); if (isset($at['gosaUnitTag'])){ @@ -1196,7 +1241,11 @@ class plugin } - /* Add possibility to stop remove process */ + /*! \brief Test for removability of the object + * + * Allows testing of conditions for removal of object. If removal should be aborted + * the function needs to remove an error message. + * */ function allow_remove() { $reason= ""; @@ -1204,7 +1253,7 @@ class plugin } - /* Create a snapshot of the current object */ + /*! \brief Create a snapshot of the current object */ function create_snapshot($type= "snapshot", $description= array()) { @@ -1230,7 +1279,7 @@ class plugin }else{ $server = $config->get_cfg_value("snapshotURI"); $user = $config->get_cfg_value("snapshotAdminDn"); - $password = $config->get_cfg_value("snapshotAdminPassword"); + $password = $this->config->get_credentials($config->get_cfg_value("snapshotAdminPassword")); $snapldapbase = $config->get_cfg_value("snapshotBase"); $ldap_to = new ldapMultiplexer(new LDAP($user,$password, $server)); @@ -1296,6 +1345,7 @@ class plugin } } + /*! \brief Remove a snapshot */ function remove_snapshot($dn) { $ui = get_userinfo(); @@ -1311,39 +1361,19 @@ class plugin } - /* returns true if snapshots are enabled, and false if it is disalbed - There will also be some errors psoted, if the configuration failed */ + /*! \brief Test if snapshotting is enabled + * + * Test weither snapshotting is enabled or not. There will also be some errors posted, + * if the configuration failed + * \return TRUE if snapshots are enabled, and FALSE if it is disabled + */ function snapshotEnabled() { - $config = $this->config; - if($config->get_cfg_value("enableSnapshots") == "true"){ - /* Check if the snapshot_base is defined */ - if ($config->get_cfg_value("snapshotBase") == ""){ - msg_dialog::display(_("Configuration error"), sprintf(_("The snapshot functionality is enabled, but the required variable '%s' is not set."),"snapshotBase"), ERROR_DIALOG); - return(FALSE); - } - - /* check if there are special server configurations for snapshots */ - if ($config->get_cfg_value("snapshotURI") != ""){ - - /* check if all required vars are available to create a new ldap connection */ - $missing = ""; - foreach(array("snapshotURI","snapshotAdminDn","snapshotAdminPassword","snapshotBase") as $var){ - if($config->get_cfg_value($var) == ""){ - $missing .= $var." "; - msg_dialog::display(_("Configuration error"), sprintf(_("The snapshot functionality is enabled, but the required variable '%s' is not set."), $missing), ERROR_DIALOG); - return(FALSE); - } - } - } - return(TRUE); - } - return(FALSE); + return $this->config->snapshotEnabled(); } - /* Return available snapshots for the given base - */ + /* \brief Return available snapshots for the given base */ function Available_SnapsShots($dn,$raw = false) { if(!$this->snapshotEnabled()) return(array()); @@ -1360,7 +1390,7 @@ class plugin }else{ $server = $this->config->get_cfg_value("snapshotURI"); $user = $this->config->get_cfg_value("snapshotAdminDn"); - $password = $this->config->get_cfg_value("snapshotAdminPassword"); + $password = $this->config->get_credentials($this->config->get_cfg_value("snapshotAdminPassword")); $snapldapbase = $this->config->get_cfg_value("snapshotBase"); $ldap_to = new ldapMultiplexer(new LDAP($user,$password, $server)); $ldap_to -> cd($snapldapbase); @@ -1418,7 +1448,7 @@ class plugin }else{ $server = $this->config->get_cfg_value("snapshotURI"); $user = $this->config->get_cfg_value("snapshotAdminDn"); - $password = $this->config->get_cfg_value("snapshotAdminPassword"); + $password = $this->config->get_credentials($this->config->get_cfg_value("snapshotAdminPassword")); $snapldapbase = $this->config->get_cfg_value("snapshotBase"); $ldap_to = new ldapMultiplexer(new LDAP($user,$password, $server)); $ldap_to -> cd($snapldapbase); @@ -1469,7 +1499,7 @@ class plugin } - /* Restore selected snapshot */ + /* \brief Restore selected snapshot */ function restore_snapshot($dn) { if(!$this->snapshotEnabled()) return(array()); @@ -1484,7 +1514,7 @@ class plugin }else{ $server = $this->config->get_cfg_value("snapshotURI"); $user = $this->config->get_cfg_value("snapshotAdminDn"); - $password = $this->config->get_cfg_value("snapshotAdminPassword"); + $password = $this->config->get_credentials($this->config->get_cfg_value("snapshotAdminPassword")); $snapldapbase = $this->config->get_cfg_value("snapshotBase"); $ldap_to = new ldapMultiplexer(new LDAP($user,$password, $server)); $ldap_to -> cd($snapldapbase); @@ -1603,6 +1633,7 @@ class plugin } + /*! \brief Return plugin informations for acl handling */ static function plInfo() { return array(); @@ -1676,11 +1707,12 @@ class plugin } - /*! \brief Returns a list of all available departments for this object. - If this object is new, all departments we are allowed to create a new user in are returned. - If this is an existing object, return all deps. we are allowed to move tis object too. - - @return Array [dn] => "..name" // All deps. we are allowed to act on. + /*! \brief Returns a list of all available departments for this object. + * + * If this object is new, all departments we are allowed to create a new user in + * are returned. If this is an existing object, return all deps. + * We are allowed to move tis object too. + * \return array [dn] => "..name" // All deps. we are allowed to act on. */ function get_allowed_bases() { @@ -1715,8 +1747,8 @@ class plugin /* This function updates ACL settings if $old_dn was used. - * $old_dn specifies the actually used dn - * $new_dn specifies the destiantion dn + * \param string 'old_dn' specifies the actually used dn + * \param string 'new_dn' specifies the destiantion dn */ function update_acls($old_dn,$new_dn,$output_changes = FALSE) { @@ -1746,7 +1778,7 @@ class plugin $acls = array(); $found = false; for($i = 0 ; $i < $attrs['gosaAclEntry']['count'] ; $i ++ ){ - $acl_parts = split(":",$attrs['gosaAclEntry'][$i]); + $acl_parts = explode(":",$attrs['gosaAclEntry'][$i]); /* Roles uses antoher data storage order, members are stored int the third part, while the members in direct ACL assignments are stored in the second part. @@ -1800,9 +1832,10 @@ class plugin - /* This function enables the entry Serial ID check. - * If an entry was edited while we have edited the entry too, - * an error message will be shown. + /*! \brief Enable the Serial ID check + * + * This function enables the entry Serial ID check. If an entry was edited while + * we have edited the entry too, an error message will be shown. * To configure this check correctly read the FAQ. */ function enable_CSN_check() @@ -1814,7 +1847,7 @@ class plugin /*! \brief Prepares the plugin to be used for multiple edit * Update plugin attributes with given array of attribtues. - * @param array Array with attributes that must be updated. + * \param array Array with attributes that must be updated. */ function init_multiple_support($attrs,$all) { @@ -1825,9 +1858,10 @@ class plugin /* Copy needed attributes */ foreach ($this->attributes as $val){ $found= array_key_ics($val, $this->multi_attrs); + if ($found != ""){ - if(isset($this->multi_attrs["$found"][0])){ - $this->$val= $this->multi_attrs["$found"][0]; + if(isset($this->multi_attrs["$val"][0])){ + $this->$val= $this->multi_attrs["$val"][0]; } } } @@ -1844,7 +1878,7 @@ class plugin /*! \brief Returns all values that have been modfied in multiple edit mode. - @return array Cotaining all mdofied values. + \return array Cotaining all modified values. */ function get_multi_edit_values() { @@ -1868,10 +1902,7 @@ class plugin } - /*! \brief execute plugin - - Generates the html output for this node - */ + /*! \brief Generates the html output for this node for multi edit*/ function multiple_execute() { /* This one is empty currently. Fabian - please fill in the docu code */ @@ -1879,13 +1910,15 @@ class plugin /* Reset Lock message POST/GET check array, to prevent perg_match errors*/ session::set('LOCK_VARS_TO_USE',array()); - session::set('LOCK_VARS_USED',array()); + session::set('LOCK_VARS_USED_GET',array()); + session::set('LOCK_VARS_USED_POST',array()); + session::set('LOCK_VARS_USED_REQUEST',array()); return("Multiple edit is currently not implemented for this plugin."); } - /*! \brief Save HTML posted data to object for multiple edit + /*! \brief Save HTML posted data to object for multiple edit */ function multiple_save_object() { @@ -1924,7 +1957,7 @@ class plugin } - /*! \brief Returns all attributes of this plugin, + /*! \brief Returns all attributes of this plugin, to be able to detect multiple used attributes in multi_plugg::detect_multiple_used_attributes(). @return array Attributes required for intialization of multi_plug @@ -1937,7 +1970,7 @@ class plugin /*! \brief Check given values in multiple edit - @return array Error messages + \return array Error messages */ function multiple_check() { @@ -1947,7 +1980,7 @@ class plugin /*! \brief Returns the snapshot header part for "Actions" menu in management dialogs - @param $layer_menu + \param $layer_menu */ function get_snapshot_header($base,$category) { @@ -2037,10 +2070,10 @@ class plugin /* Check permissions for each category, if there is at least one category which support read or paste permissions for the given base, then display the specific actions. */ - $readable = $pasteable = TRUE; + $readable = $pasteable = false; foreach($category as $cat){ - $readable |= $ui->get_category_permissions($base,$cat); - $pasteable|= $ui->is_pasteable($base,$cat); + $readable= $readable || preg_match('/r/', $ui->get_category_permissions($base, $cat)); + $pasteable= $pasteable || $ui->is_pasteable($base, $cat) == 1; } if(($cut || $copy) && isset($this->CopyPasteHandler) && is_object($this->CopyPasteHandler)){