X-Git-Url: https://git.tokkee.org/?a=blobdiff_plain;f=gosa-core%2Fplugins%2Fadmin%2Fgroups%2Fclass_groupGeneric.inc;h=82fed9121cd643897cd8e792d3c03b617c865e1d;hb=ed78890a0b417c288d33f20487d35b57223451ff;hp=9cc0e5c423fd5f062649c075ab82fed3d9c90e9e;hpb=8dedb60f61d619c58690dd7ca6b794a7961ed45c;p=gosa.git diff --git a/gosa-core/plugins/admin/groups/class_groupGeneric.inc b/gosa-core/plugins/admin/groups/class_groupGeneric.inc index 9cc0e5c42..82fed9121 100644 --- a/gosa-core/plugins/admin/groups/class_groupGeneric.inc +++ b/gosa-core/plugins/admin/groups/class_groupGeneric.inc @@ -35,7 +35,6 @@ class group extends plugin var $fon_group= FALSE; var $smbgroup= FALSE; var $groupType= FALSE; - var $samba3= FALSE; var $sambaSID= ""; var $sambaDomainName= "DEFAULT"; var $SID= ""; @@ -77,7 +76,7 @@ class group extends plugin function group (&$config, $dn= NULL) { /* Set rfc2307bis flag */ - if (isset($config->current['RFC2307BIS']) && ($config->current['RFC2307BIS']== "true")){ + if ($config->get_cfg_value("rfc2307bis") == "true"){ $this->rfc2307bis= TRUE; $this->attributes[]= "member"; $this->objectclasses[]= "groupOfNames"; @@ -86,7 +85,6 @@ class group extends plugin plugin::plugin ($config, $dn); /* Load attributes depending on the samba version */ - $this->samba3= ($config->current['SAMBAVERSION'] == 3); $this->orig_dn= $dn; $this->orig_cn= $this->cn; @@ -133,7 +131,7 @@ class group extends plugin } /* Get samba Domain in case of samba 3 */ - if ($this->samba3 && $this->sambaSID != ""){ + if ($this->sambaSID != ""){ $this->SID= preg_replace ("/-[^-]+$/", "", $this->sambaSID); $ldap= $this->config->get_ldap_link(); $ldap->cd($this->config->current['BASE']); @@ -143,7 +141,7 @@ class group extends plugin if(isset($attrs['sambaAlgorithmicRidBase'])){ $this->ridBase= $attrs['sambaAlgorithmicRidBase'][0]; } else { - $this->ridBase= $this->config->current['RIDBASE']; + $this->ridBase= $this->config->get_cfg_value("sambaRidBase"); } /* Get domain name for SID */ @@ -155,10 +153,10 @@ class group extends plugin } } } else { - if (isset($this->config->current['RIDBASE'])){ + if ($this->config->get_cfg_value("sambaRidBase") != ""){ $this->sambaDomainName= "DEFAULT"; - $this->ridBase= $this->config->current['RIDBASE']; - $this->SID= $this->config->current['SID']; + $this->ridBase= $this->config->get_cfg_value("sambaRidBase"); + $this->SID= $this->config->get_cfg_value("sid"); } else { msg_dialog::display(_("Configuration error"), _("Cannot find group SID in your configuration!"), ERROR_DIALOG); } @@ -194,7 +192,7 @@ class group extends plugin } else { /* Get object base */ - $this->base =preg_replace ("/^[^,]+,".normalizePreg(get_groups_ou())."/","",$this->dn); + $this->base =preg_replace ("/^[^,]+,".preg_quote(get_groups_ou(), '/')."/i","",$this->dn); } $this->orig_base = $this->base; @@ -226,7 +224,7 @@ class group extends plugin /* This is always an account */ $this->is_account= TRUE; - $this->reload(); + $this->reload(TRUE); } function execute() @@ -280,7 +278,7 @@ class group extends plugin /* Base select dialog */ $once = true; foreach($_POST as $name => $value){ - if((preg_match("/^chooseBase/",$name) && $once) && ($this->acl_is_moveable())){ + if((preg_match("/^chooseBase/",$name) && $once) && $this->acl_is_writeable("base")){ $once = false; $this->dialog = new baseSelectDialog($this->config,$this,$this->get_allowed_bases()); @@ -372,14 +370,14 @@ class group extends plugin /* Search for systems */ $types = array(); - $types['server'] = array("OU" => get_ou("serverou"), "OC" => "(objectClass=goServer)"); - $types['workstation'] = array("OU" => get_ou("workstationou"),"OC" => "(objectClass=gotoWorkstation)"); - $types['terminal'] = array("OU" => get_ou("terminalou"), "OC" => "(objectClass=gotoTerminal)"); + $types['server'] = array("OU" => get_ou("serverRDN"), "OC" => "(objectClass=goServer)"); + $types['workstation'] = array("OU" => get_ou("workstationRDN"),"OC" => "(objectClass=gotoWorkstation)"); + $types['terminal'] = array("OU" => get_ou("terminalRDN"), "OC" => "(objectClass=gotoTerminal)"); $res = array(); foreach($types as $acl => $data){ $filter= "(&".$data['OC']."$exclude(cn=$regex))"; - $res= array_merge($res,get_sub_list($filter,array($acl),$data['OU'],get_ou("systemsou").$sysfilter['depselect'], + $res= array_merge($res,get_sub_list($filter,array($acl),$data['OU'],get_ou("systemRDN").$sysfilter['depselect'], array("cn"), GL_SUBSEARCH | GL_SIZELIMIT)); } $wslist = array(); @@ -403,13 +401,6 @@ class group extends plugin return ($display); } - /* Assign templating stuff */ - if ($this->samba3){ - $smarty->assign("samba3", "true"); - } else { - $smarty->assign("samba3", ""); - } - if($this->config->search("nagiosaccount", "CLASS",array('menu'))){ $smarty->assign("nagios",true); }else{ @@ -478,26 +469,25 @@ class group extends plugin $smarty->assign("bases", $this->get_allowed_bases()); $smarty->assign("base_select", $this->base); - if ($this->samba3){ - $domains= array(); - foreach($this->config->data['SERVERS']['SAMBA'] as $name => $content){ - $domains[$name]= $name; - } - $smarty->assign("sambaDomains", $domains); - $smarty->assign("sambaDomainName", $this->sambaDomainName); - $groupTypes= array(0 => _("Samba group"), 512 => _("Domain admins"), 513 => _("Domain users"), - 514 => _("Domain guests")); - - /* Don't loose special groups! If not key'ed above, add it to - the combo box... */ - if ($this->groupType >= 500 && $this->groupType <= 553 && !isset($groupTypes[$this->groupType])){ - $groupTypes[$this->groupType]= sprintf(_("Special group (%d)"), $this->groupType); - } + $domains= array(); + foreach($this->config->data['SERVERS']['SAMBA'] as $name => $content){ + $domains[$name]= $name; + } + $smarty->assign("sambaDomains", $domains); + $smarty->assign("sambaDomainName", $this->sambaDomainName); + $groupTypes= array(0 => _("Samba group"), 512 => _("Domain admins"), 513 => _("Domain users"), + 514 => _("Domain guests")); - $smarty->assign("groupTypes", $groupTypes); - $smarty->assign("groupType", $this->groupType); + /* Don't loose special groups! If not key'ed above, add it to + the combo box... */ + if ($this->groupType >= 500 && $this->groupType <= 553 && !isset($groupTypes[$this->groupType])){ + $groupTypes[$this->groupType]= sprintf(_("Special group (%d)"), $this->groupType); } + $smarty->assign("groupTypes", $groupTypes); + $smarty->assign("groupType", $this->groupType); + + /* Members and users */ $smarty->assign("members", $this->members); @@ -593,7 +583,7 @@ class group extends plugin $smarty->assign("use_".$val,FALSE); } } - foreach(array("base","smbgroup","groupType","sambaDomainName","fon_group") as $val){ + foreach(array("base","smbgroup","groupType","sambaDomainName","fon_group","nagios_group","trustmode") as $val){ if(in_array($val,$this->multi_boxes)){ $smarty->assign("use_".$val,TRUE); }else{ @@ -617,6 +607,33 @@ class group extends plugin } } + /* Ensure that the requested object is known to the group class + */ + if(!isset($this->dnMapping[$uid])){ + $ldap = $this->config->get_ldap_link(); + $ldap->cd($this->config->current['BASE']); + $ldap->search("(&(objectClass=gosaAccount)(uid=".$uid."))",array("dn", "uid","sn","givenName")); + if($ldap->count() == 0 ){ + msg_dialog::display(_("Error"), + sprintf(_("Adding UID '%s' to group '%s' failed: cannot find user object!"), + $uid,$this->cn), + ERROR_DIALOG); + return; + }elseif($ldap->count() >= 2){ + msg_dialog::display(_("Error"), + sprintf(_("Add UID '%s' to group '%s' failed: UID is used more than once!"), + $uid,$this->cn), + ERROR_DIALOG); + return; + }else{ + while($attrs = $ldap->fetch()){ + $this->dnMapping[$attrs['uid'][0]] = $attrs['dn']; + $this->members[$attrs['uid'][0]] = $this->createResultName($attrs); + $this->allusers[$attrs['uid'][0]]= $this->createResultName($attrs); + } + } + } + $this->memberUid[$uid]= $uid; } @@ -641,7 +658,7 @@ class group extends plugin } /* Reload data */ - function reload() + function reload($silent = FALSE) { /* Fix regex string */ $gufilter = session::get("gufilter"); @@ -658,8 +675,8 @@ class group extends plugin to be prepared when adding/deleting users) */ $filter = ""; - if(!isset($this->config->current['LDAP_FILTER_NESTING_LIMIT']) || - count($this->memberUid) < $this->config->current['LDAP_FILTER_NESTING_LIMIT']){ + if ($this->config->get_cfg_value("ldapFilterNestingLimit") == "" || + count($this->memberUid) < $this->config->get_cfg_value("ldapFilterNestingLimit")){ foreach ($this->memberUid as $value){ if(!isset($this->members[$value])){ $filter .= "(uid=".normalizeLdap($value).")"; @@ -669,7 +686,7 @@ class group extends plugin if(!empty($filter)){ $ldap->cd($this->config->current['BASE']); - $ldap->search("(&(objectClass=gosaAccount)(!(objectClass=gosaUserTemplate))(|".$filter."))",array("dn", "uid","sn","givenName")); + $ldap->search("(&(objectClass=gosaAccount)(|".$filter."))",array("dn", "uid","sn","givenName")); while($attrs = $ldap->fetch()){ $this->dnMapping[$attrs['uid'][0]] = $attrs['dn']; $this->members[$attrs['uid'][0]] = $this->createResultName($attrs); @@ -678,11 +695,11 @@ class group extends plugin } /* check if all uids are resolved */ - if(!isset($this->config->current['LDAP_FILTER_NESTING_LIMIT']) || - count($this->memberUid) < $this->config->current['LDAP_FILTER_NESTING_LIMIT']){ + if ($this->config->get_cfg_value("ldapFilterNestingLimit") == "" || + count($this->memberUid) < $this->config->get_cfg_value("ldapFilterNestingLimit")){ foreach ($this->memberUid as $value){ if(!isset($this->members[$value])){ - $this->members[$value] = _("! unknown id")." [".$value."]"; + $this->members[$value] = _("! unknown UID")." [".$value."]"; } } }else{ @@ -724,7 +741,7 @@ class group extends plugin } /* If more than max users are found, display a message to warn the user */ - if($i == $MaxUser){ + if($i == $MaxUser && !$silent){ msg_dialog::display(_("Configuration error"), sprintf(_("Search returned too many results. Not displaying more than %s entries!"), $MaxUser), ERROR_DIALOG); } @@ -787,10 +804,8 @@ class group extends plugin $acl->save(); } - /* Remove ACL dependencies too, - */ - $tmp = new acl($this->config,$this->parent,$this->dn); - $tmp->remove_acl(); + /* Remove ACL dependencies, too */ + acl::remove_acl_for($this->dn); /* Send signal to the world that we've done */ $this->handle_post_events("remove"); @@ -834,7 +849,7 @@ class group extends plugin } /* Save sambaDomain attribute */ - if ($this->acl_is_writeable("sambaDomainName") && $this->samba3 && isset ($_POST['sambaDomainName'])){ + if ($this->acl_is_writeable("sambaDomainName") && isset ($_POST['sambaDomainName'])){ $this->sambaDomainName= $_POST['sambaDomainName']; $this->groupType= $_POST['groupType']; } @@ -887,7 +902,7 @@ class group extends plugin } else { /* Calculate new, lock uids */ $wait= 10; - while (get_lock("uidnumber") != ""){ + while (get_lock("gidnumber") != ""){ sleep (1); /* timed out? */ @@ -895,8 +910,8 @@ class group extends plugin break; } } - add_lock ("uidnumber", "gosa"); - $this->gidNumber= $this->get_next_id("gidNumber", $this->dn); + add_lock ("gidnumber", "gosa"); + $this->gidNumber= get_next_id("gidNumber", $this->dn); } } @@ -943,7 +958,7 @@ class group extends plugin $ldap= $this->config->get_ldap_link(); /* Add samba group functionality */ - if ($this->samba3 && $this->smbgroup){ + if ($this->smbgroup){ /* Fixed undefined index ... */ @@ -987,8 +1002,7 @@ class group extends plugin /* User wants me to fake the idMappings? This is useful for making winbind resolve the group names in a reasonable amount of time in combination with larger databases. */ - if (isset($this->config->current['SAMBAIDMAPPING']) && - preg_match('/true/i', $this->config->current['SAMBAIDMAPPING'])){ + if ($this->config->get_cfg_value("sambaidmapping") == "true"){ $this->attrs['objectClass'][]= "sambaIdmapEntry"; } @@ -1019,7 +1033,10 @@ class group extends plugin $this->attrs['member'] = array(); if (count($this->memberUid)){ foreach($this->attrs['memberUid'] as $uid) { - $this->attrs['member'][]= $this->dnMapping[$uid]; + + if(isset($this->dnMapping[$uid])){ + $this->attrs['member'][]= $this->dnMapping[$uid]; + } } } else { $this->attrs['member'][]= $this->dn; @@ -1034,12 +1051,11 @@ class group extends plugin if (!count ($this->memberUid)){ $this->attrs['memberUid']= array(); } - if ($this->samba3){ - if (!$this->smbgroup){ - $this->attrs['sambaGroupType']= array(); - $this->attrs['sambaSID']= array(); - } + if (!$this->smbgroup){ + $this->attrs['sambaGroupType']= array(); + $this->attrs['sambaSID']= array(); } + $mode= "modify"; } else { $mode= "add"; @@ -1047,6 +1063,22 @@ class group extends plugin $ldap->create_missing_trees(preg_replace('/^[^,]+,/', '', $this->dn)); } + + /* Check generated gidNumber, it may be used by another group. + */ + if($this->gidNumber != ""){ + $ldap->cd($this->config->current['BASE']); + $ldap->search("(&(!(cn=".$this->orig_cn."))(objectClass=posixGroup)(gidNumber=".$this->gidNumber."))",array("cn")); + if($ldap->count()){ + $cns = ""; + while($attrs = $ldap->fetch()){ + $cns .= $attrs['cn'][0].", "; + } + $cns = rtrim($cns,", "); + msg_dialog::display(_("Warning"),sprintf(_("The gidNumber '%s' is already in use by %s!"),$this->gidNumber,$cns) , WARNING_DIALOG ); + } + } + /* Write back to ldap */ $ldap->cd($this->dn); $this->cleanup(); @@ -1072,7 +1104,7 @@ class group extends plugin } /* Remove uid lock */ - del_lock ("uidnumber"); + del_lock ("gidnumber"); /* Post that we've done*/ $this->handle_post_events($mode); @@ -1146,8 +1178,8 @@ class group extends plugin if (!tests::is_id($this->gidNumber)){ $message[]= msgPool::invalid(_("GID"), $this->gidNumber, "/[0-9]/"); } else { - if ($this->gidNumber < $this->config->current['MINID']){ - $message[]= msgPool::toosmall(_("GID"), $this->config->current['MINID']); + if ($this->gidNumber < $this->config->get_cfg_value("minId")){ + $message[]= msgPool::toosmall(_("GID"), $this->config->get_cfg_value("minId")); } } @@ -1169,43 +1201,6 @@ class group extends plugin return ($message); } - function get_next_id($attrib, $dn) - { - $ids= array(); - $ldap= $this->config->get_ldap_link(); - - $ldap->cd ($this->config->current['BASE']); - if (preg_match('/gidNumber/i', $attrib)){ - $oc= "posixGroup"; - } else { - $oc= "posixAccount"; - } - $ldap->search ("(&(objectClass=$oc)($attrib=*))", array("$attrib")); - - /* Get list of ids */ - while ($attrs= $ldap->fetch()){ - $ids[]= (int)$attrs["$attrib"][0]; - } - - /* Find out next free id near to UID_BASE */ - if (!isset($this->config->current['BASE_HOOK'])){ - $base= $this->config->current['UIDBASE']; - } else { - /* Call base hook */ - $base= get_base_from_hook($dn, $attrib); - } - for ($id= $base; $id++; $id < pow(2,32)){ - if (!in_array($id, $ids)){ - return ($id); - } - } - - /* Check if id reached maximum */ - if ($id >= pow(2,32)){ - msg_dialog::display(_("Error"), _("Cannot allocate a free ID!"), ERROR_DIALOG); - exit; - } - } function getCopyDialog() { @@ -1255,7 +1250,7 @@ class group extends plugin "plSelfModify" => FALSE, "plDepends" => array(), "plPriority" => 0, - "plSection" => array("admin"), + "plSection" => array("administration"), "plCategory" => array("groups" => array("objectClass" => "posixGroup", "description" => _("Groups"))), "plProvidedAcls" => array( @@ -1288,7 +1283,7 @@ class group extends plugin plugin::save_object(); $this->base = $base_tmp; - foreach(array("base","smbgroup","groupType","sambaDomainName","fon_group") as $attr){ + foreach(array("base","smbgroup","groupType","sambaDomainName","fon_group","nagios_group","trustmode") as $attr){ if(isset($_POST['use_'.$attr])){ $this->multi_boxes[] = $attr; } @@ -1302,7 +1297,7 @@ class group extends plugin } } - foreach (array( "smbgroup" => "sambaGroupType") as $val => $aclname) { + foreach (array( "smbgroup" => "sambaGroupType" ,"nagios_group" => "nagios_group") as $val => $aclname) { if ($this->acl_is_writeable($aclname)){ if(isset($_POST["$val"])){ $this->$val= TRUE; @@ -1313,11 +1308,28 @@ class group extends plugin } /* Save sambaDomain attribute */ - if ($this->acl_is_writeable("sambaDomainName") && $this->samba3 && isset ($_POST['sambaDomainName'])){ + if ($this->acl_is_writeable("sambaDomainName") && isset ($_POST['sambaDomainName'])){ $this->sambaDomainName= $_POST['sambaDomainName']; $this->groupType= $_POST['groupType']; } + /* Trust mode - special handling */ + if($this->acl_is_writeable("trustModel")){ + if (isset($_POST['trustmode'])){ + $saved= $this->trustModel; + if ($_POST['trustmode'] == "1"){ + $this->trustModel= "fullaccess"; + } elseif ($_POST['trustmode'] == "2"){ + $this->trustModel= "byhost"; + } else { + $this->trustModel= ""; + } + if ($this->trustModel != $saved){ + $this->is_modified= TRUE; + } + } + } + /* Save fon attribute */ if ($this->acl_is_writeable("fonGroup")){ if (isset ($_POST['fon_group'])){ @@ -1334,11 +1346,17 @@ class group extends plugin { $ret = plugin::get_multi_edit_values(); - foreach(array("base","smbgroup","groupType","sambaDomainName","fon_group") as $attr){ + foreach(array("base","smbgroup","groupType","sambaDomainName","fon_group","nagios_group") as $attr){ if(in_array($attr,$this->multi_boxes)){ $ret[$attr] = $this->$attr; } } + + if(in_array("trustmode",$this->multi_boxes)){ + $ret['trustModel'] = $this->trustModel; + $ret['accessTo'] = $this->accessTo; + } + $ret['memberUid'] = $this->memberUid; $ret['memberUid_used_by_some'] = $this->memberUid_used_by_some; return($ret); @@ -1386,6 +1404,13 @@ class group extends plugin $this->memberUid[] = $source['memberUid'][$i]; } } + $this->accessTo = array(); + if (isset($source['accessTo'])){ + for ($i= 0; $i<$source['accessTo']['count']; $i++){ + $tmp= $source['accessTo'][$i]; + $this->accessTo[$tmp]= $tmp; + } + } }