X-Git-Url: https://git.tokkee.org/?a=blobdiff_plain;f=gosa-core%2Fplugins%2Fadmin%2Fgroups%2Fclass_groupGeneric.inc;h=82fed9121cd643897cd8e792d3c03b617c865e1d;hb=ed78890a0b417c288d33f20487d35b57223451ff;hp=9da0acb1eaf55fa253a94ad37f7732ee9279f445;hpb=ede91cea993d38464d47f6ef573ed70ce2cec357;p=gosa.git
diff --git a/gosa-core/plugins/admin/groups/class_groupGeneric.inc b/gosa-core/plugins/admin/groups/class_groupGeneric.inc
index 9da0acb1e..82fed9121 100644
--- a/gosa-core/plugins/admin/groups/class_groupGeneric.inc
+++ b/gosa-core/plugins/admin/groups/class_groupGeneric.inc
@@ -1,17 +1,33 @@
"Eins ist toll", "zwei" => "Zwei ist noch besser");
-
/* Group attributes */
var $cn= "";
var $description= "";
var $gidNumber= "";
var $memberUid= array();
+ var $memberUid_used_by_some= array();
/* Helpers */
var $base= "";
@@ -19,7 +35,6 @@ class group extends plugin
var $fon_group= FALSE;
var $smbgroup= FALSE;
var $groupType= FALSE;
- var $samba3= FALSE;
var $sambaSID= "";
var $sambaDomainName= "DEFAULT";
var $SID= "";
@@ -32,6 +47,7 @@ class group extends plugin
var $oldgroupType= "";
var $orig_dn= "";
var $orig_cn= "";
+ var $orig_base= "";
var $has_mailAccount= FALSE;
var $group_dialog= FALSE;
var $nagios_group =FALSE;
@@ -43,16 +59,24 @@ class group extends plugin
var $view_logged = FALSE;
var $allowGroupsWithSameNameInOtherSubtrees = true;
+ /* Trustmodel/AccessTo
+ */
+ var $accessTo= array();
+ var $trustModel= "";
+ var $show_ws_dialog = FALSE;
+
/* attribute list for save action */
- var $attributes= array("cn", "description", "gidNumber","memberUid","sambaGroupType","sambaSID");
+ var $attributes= array("cn", "description", "gidNumber","memberUid","sambaGroupType","sambaSID","accessTo","trustModel");
var $objectclasses= array("top", "posixGroup");
var $CopyPasteVars = array("force_gid","fon_group","smbgroup","groupType","sambaSID","sambaDomainName","SID","nagios_group","sambaGroupType");
+ var $multiple_support = TRUE;
+
function group (&$config, $dn= NULL)
{
/* Set rfc2307bis flag */
- if (isset($config->current['RFC2307BIS']) && ($config->current['RFC2307BIS']== "true")){
+ if ($config->get_cfg_value("rfc2307bis") == "true"){
$this->rfc2307bis= TRUE;
$this->attributes[]= "member";
$this->objectclasses[]= "groupOfNames";
@@ -61,7 +85,6 @@ class group extends plugin
plugin::plugin ($config, $dn);
/* Load attributes depending on the samba version */
- $this->samba3= ($config->current['SAMBAVERSION'] == 3);
$this->orig_dn= $dn;
$this->orig_cn= $this->cn;
@@ -69,10 +92,10 @@ class group extends plugin
if (isset($this->attrs['memberUid'][0])){
$tmp= array();
for ($i= 0; $i<$this->attrs['memberUid']['count']; $i++){
- $tmp[]= $this->attrs['memberUid'][$i];
+ $tmp[$this->attrs['memberUid'][$i]]= $this->attrs['memberUid'][$i];
}
$this->memberUid= $tmp;
- sort ($this->memberUid);
+ ksort ($this->memberUid);
}
/* Save gidNumber for later use */
@@ -108,14 +131,18 @@ class group extends plugin
}
/* Get samba Domain in case of samba 3 */
- if ($this->samba3 && $this->sambaSID != ""){
+ if ($this->sambaSID != ""){
$this->SID= preg_replace ("/-[^-]+$/", "", $this->sambaSID);
$ldap= $this->config->get_ldap_link();
$ldap->cd($this->config->current['BASE']);
$ldap->search ("(&(objectClass=sambaDomain)(sambaSID=$this->SID))",array("sambaAlgorithmicRidBase"));
if ($ldap->count() != 0){
$attrs= $ldap->fetch();
- $this->ridBase= $attrs['sambaAlgorithmicRidBase'][0];
+ if(isset($attrs['sambaAlgorithmicRidBase'])){
+ $this->ridBase= $attrs['sambaAlgorithmicRidBase'][0];
+ } else {
+ $this->ridBase= $this->config->get_cfg_value("sambaRidBase");
+ }
/* Get domain name for SID */
$this->sambaDomainName= "DEFAULT";
@@ -126,12 +153,12 @@ class group extends plugin
}
}
} else {
- if (isset($this->config->current['RIDBASE'])){
+ if ($this->config->get_cfg_value("sambaRidBase") != ""){
$this->sambaDomainName= "DEFAULT";
- $this->ridBase= $this->config->current['RIDBASE'];
- $this->SID= $this->config->current['SID'];
+ $this->ridBase= $this->config->get_cfg_value("sambaRidBase");
+ $this->SID= $this->config->get_cfg_value("sid");
} else {
- print_red(_("Can't find this groups SID in LDAP or in your configuration file!"));
+ msg_dialog::display(_("Configuration error"), _("Cannot find group SID in your configuration!"), ERROR_DIALOG);
}
}
@@ -144,19 +171,16 @@ class group extends plugin
}
/* Get global filter config */
- if (!is_global("gufilter")){
+ if (!session::is_set("gufilter")){
$ui= get_userinfo();
$base= get_base_from_people($ui->dn);
$gufilter= array( "dselect" => $base,
"regex" => "*");
- register_global("gufilter", $gufilter);
+ session::set("gufilter", $gufilter);
}
- $gufilter= get_global('gufilter');
-
+ $gufilter= session::get('gufilter');
$gufilter['SubSearchGroup'] = false;
- $gufilter['dselect'] = $_SESSION['gufilter']['dselect'];
-
- register_global('gufilter',$gufilter);
+ session::set('gufilter',$gufilter);
if ($this->dn == "new"){
if(session::is_set('CurrentMainBase')){
@@ -168,12 +192,39 @@ class group extends plugin
} else {
/* Get object base */
- $this->base =preg_replace ("/^[^,]+,".normalizePreg(get_groups_ou())."/","",$this->dn);
+ $this->base =preg_replace ("/^[^,]+,".preg_quote(get_groups_ou(), '/')."/i","",$this->dn);
+ }
+ $this->orig_base = $this->base;
+
+ /* Is this account a trustAccount? */
+ if (isset($this->attrs['trustModel'])){
+ $this->trustModel= $this->attrs['trustModel'][0];
+ $this->was_trust_account= TRUE;
+ } else {
+ $this->was_trust_account= FALSE;
+ $this->trustModel= "";
+ }
+
+ $this->accessTo = array();
+ if (isset($this->attrs['accessTo'])){
+ for ($i= 0; $i<$this->attrs['accessTo']['count']; $i++){
+ $tmp= $this->attrs['accessTo'][$i];
+ $this->accessTo[$tmp]= $tmp;
+ }
+ }
+
+ /* Get global filter config */
+ if (!session::is_set("sysfilter")){
+ $ui= get_userinfo();
+ $base= get_base_from_people($ui->dn);
+ $sysfilter= array( "depselect" => $base,
+ "regex" => "*");
+ session::set("sysfilter", $sysfilter);
}
/* This is always an account */
$this->is_account= TRUE;
- $this->reload();
+ $this->reload(TRUE);
}
function execute()
@@ -189,13 +240,12 @@ class group extends plugin
/* Do we represent a valid group? */
if (!$this->is_account && $this->parent === NULL){
- $display= "![\"\"](\"images/stop.png\")
".
- _("This 'dn' is no group.")."";
+ $display= "![\"\"](\"images/small-error.png\")
".msgPool::noValidExtension()."";
return ($display);
}
/* Delete user from group */
- if (isset($_POST['del_users']) && isset($_POST['members'])){
+ if (isset($_POST['del_users']) && isset($_POST['members']) && preg_match("/w/",$this->getacl("memberUid"))){
foreach ($_POST['members'] as $value){
unset ($this->members["$value"]);
$this->removeUser($value);
@@ -204,7 +254,7 @@ class group extends plugin
}
/* Add objects? */
- if (isset($_POST["edit_membership"])){
+ if (isset($_POST["edit_membership"]) && preg_match("/w/",$this->getacl("memberUid"))){
$this->group_dialog= TRUE;
$this->dialog= TRUE;
}
@@ -228,7 +278,7 @@ class group extends plugin
/* Base select dialog */
$once = true;
foreach($_POST as $name => $value){
- if((preg_match("/^chooseBase/",$name) && $once) && ($this->acl_is_moveable())){
+ if((preg_match("/^chooseBase/",$name) && $once) && $this->acl_is_writeable("base")){
$once = false;
$this->dialog = new baseSelectDialog($this->config,$this,$this->get_allowed_bases());
@@ -256,12 +306,99 @@ class group extends plugin
}
}
- /* Assign templating stuff */
+
+ /* Add user workstation? */
+ if (isset($_POST["add_ws"])){
+ $this->show_ws_dialog= TRUE;
+ $this->dialog= TRUE;
+ }
+
+ /* Add user workstation? */
+ if (isset($_POST["add_ws_finish"]) && isset($_POST['wslist'])){
+ foreach($_POST['wslist'] as $ws){
+ $this->accessTo[$ws]= $ws;
+ }
+ ksort($this->accessTo);
+ $this->is_modified= TRUE;
+ }
+
+ /* Remove user workstations? */
+ if (isset($_POST["delete_ws"]) && isset($_POST['workstation_list'])){
+ foreach($_POST['workstation_list'] as $name){
+ unset ($this->accessTo[$name]);
+ }
+ $this->is_modified= TRUE;
+ }
+
+ /* Add user workstation finished? */
+ if (isset($_POST["add_ws_finish"]) || isset($_POST["add_ws_cancel"])){
+ $this->show_ws_dialog= FALSE;
+ $this->dialog= FALSE;
+ }
+
$smarty= get_smarty();
- if ($this->samba3){
- $smarty->assign("samba3", "true");
- } else {
- $smarty->assign("samba3", "");
+
+ /* Show ws dialog */
+ if ($this->show_ws_dialog){
+
+ /* Save data */
+ $sysfilter= session::get("sysfilter");
+ foreach( array("depselect", "regex") as $type){
+ if (isset($_POST[$type])){
+ $sysfilter[$type]= $_POST[$type];
+ }
+ }
+ if (isset($_GET['search'])){
+ $s= mb_substr($_GET['search'], 0, 1, "UTF8")."*";
+ if ($s == "**"){
+ $s= "*";
+ }
+ $sysfilter['regex']= $s;
+ }
+ session::set("sysfilter", $sysfilter);
+
+ /* Get workstation list */
+ $exclude= "";
+ foreach($this->accessTo as $ws){
+ $exclude.= "(cn=$ws)";
+ }
+ if ($exclude != ""){
+ $exclude= "(!(|$exclude))";
+ }
+ $regex= $sysfilter['regex'];
+
+ /* Search for systems
+ */
+ $types = array();
+ $types['server'] = array("OU" => get_ou("serverRDN"), "OC" => "(objectClass=goServer)");
+ $types['workstation'] = array("OU" => get_ou("workstationRDN"),"OC" => "(objectClass=gotoWorkstation)");
+ $types['terminal'] = array("OU" => get_ou("terminalRDN"), "OC" => "(objectClass=gotoTerminal)");
+
+ $res = array();
+ foreach($types as $acl => $data){
+ $filter= "(&".$data['OC']."$exclude(cn=$regex))";
+ $res= array_merge($res,get_sub_list($filter,array($acl),$data['OU'],get_ou("systemRDN").$sysfilter['depselect'],
+ array("cn"), GL_SUBSEARCH | GL_SIZELIMIT));
+ }
+ $wslist = array();
+ foreach ($res as $attrs){
+ $wslist[]= preg_replace('/\$/', '', $attrs['cn'][0]);
+ }
+
+ asort($wslist);
+ $smarty->assign("search_image", get_template_path('images/lists/search.png'));
+ $smarty->assign("launchimage", get_template_path('images/lists/action.png'));
+ $smarty->assign("tree_image", get_template_path('images/lists/search-subtree.png'));
+ $smarty->assign("deplist", $this->config->idepartments);
+ $smarty->assign("alphabet", generate_alphabet());
+ foreach( array("depselect", "regex") as $type){
+ $smarty->assign("$type", $sysfilter[$type]);
+ }
+ $smarty->assign("hint", print_sizelimit_warning());
+ $smarty->assign("wslist", $wslist);
+ $smarty->assign("apply", apply_filter());
+ $display= $smarty->fetch (get_template_path('trust_machines.tpl', TRUE, dirname(__FILE__)));
+ return ($display);
}
if($this->config->search("nagiosaccount", "CLASS",array('menu'))){
@@ -280,7 +417,7 @@ class group extends plugin
if ($this->group_dialog){
/* Save data */
- $gufilter= get_global("gufilter");
+ $gufilter= session::get("gufilter");
foreach( array("dselect", "regex") as $type){
if (isset($_POST[$type])){
$gufilter[$type]= $_POST[$type];
@@ -301,15 +438,23 @@ class group extends plugin
}
$gufilter['regex']= $s;
}
- register_global("gufilter", $gufilter);
+ session::set("gufilter", $gufilter);
$this->reload();
/* Show dialog */
- $smarty->assign("search_image", get_template_path('images/search.png'));
- $smarty->assign("launchimage", get_template_path('images/small_filter.png'));
- $smarty->assign("tree_image", get_template_path('images/tree.png'));
-
- $smarty->assign("deplist", $this->get_allowed_bases("users/user"));
+ $smarty->assign("search_image", get_template_path('images/lists/search.png'));
+ $smarty->assign("launchimage", get_template_path('images/lists/action.png'));
+ $smarty->assign("tree_image", get_template_path('images/lists/search-subtree.png'));
+ $ui = get_userinfo();
+ $tmp = $ui->get_module_departments("users");
+ $deps = array();
+ foreach($this->config->idepartments as $dn => $name){
+ if(in_array($dn,$tmp)){
+ $deps[$dn] = $name;
+ }
+ }
+
+ $smarty->assign("deplist", $deps);
$smarty->assign("alphabet", generate_alphabet());
foreach( array("dselect", "regex","SubSearchGroup") as $type){
$smarty->assign("$type", $gufilter[$type]);
@@ -324,29 +469,59 @@ class group extends plugin
$smarty->assign("bases", $this->get_allowed_bases());
$smarty->assign("base_select", $this->base);
- if ($this->samba3){
- $domains= array();
- foreach($this->config->data['SERVERS']['SAMBA'] as $name => $content){
- $domains[$name]= $name;
- }
- $smarty->assign("sambaDomains", $domains);
- $smarty->assign("sambaDomainName", $this->sambaDomainName);
- $groupTypes= array(0 => _("Samba group"), 512 => _("Domain admins"), 513 => _("Domain users"),
- 514 => _("Domain guests"));
-
- /* Don't loose special groups! If not key'ed above, add it to
- the combo box... */
- if ($this->groupType >= 500 && $this->groupType <= 553 && !isset($groupTypes[$this->groupType])){
- $groupTypes[$this->groupType]= sprintf(_("Special group (%d)"), $this->groupType);
- }
-
- $smarty->assign("groupTypes", $groupTypes);
- $smarty->assign("groupType", $this->groupType);
+ $domains= array();
+ foreach($this->config->data['SERVERS']['SAMBA'] as $name => $content){
+ $domains[$name]= $name;
}
+ $smarty->assign("sambaDomains", $domains);
+ $smarty->assign("sambaDomainName", $this->sambaDomainName);
+ $groupTypes= array(0 => _("Samba group"), 512 => _("Domain admins"), 513 => _("Domain users"),
+ 514 => _("Domain guests"));
+
+ /* Don't loose special groups! If not key'ed above, add it to
+ the combo box... */
+ if ($this->groupType >= 500 && $this->groupType <= 553 && !isset($groupTypes[$this->groupType])){
+ $groupTypes[$this->groupType]= sprintf(_("Special group (%d)"), $this->groupType);
+ }
+
+ $smarty->assign("groupTypes", $groupTypes);
+ $smarty->assign("groupType", $this->groupType);
+
/* Members and users */
$smarty->assign("members", $this->members);
+ /* Work on trust modes */
+ $smarty->assign("trusthide", " disabled ");
+ $smarty->assign("trustmodeACL", $this->getacl("trustModel"));
+ if ($this->trustModel == "fullaccess"){
+ $trustmode= 1;
+ // pervent double disable tag in html code, this will disturb our clean w3c html
+ $smarty->assign("trustmode", $this->getacl("trustModel"));
+
+ } elseif ($this->trustModel == "byhost"){
+ $trustmode= 2;
+ $smarty->assign("trusthide", "");
+ } else {
+ // pervent double disable tag in html code, this will disturb our clean w3c html
+ $smarty->assign("trustmode", $this->getacl("trustModel"));
+ $trustmode= 0;
+ }
+ $smarty->assign("trustmode", $trustmode);
+ $smarty->assign("trustmodes", array( 0 => _("disabled"), 1 => _("full access"),
+ 2 => _("allow access to these hosts")));
+
+ if((count($this->accessTo))==0){
+ $smarty->assign("emptyArrAccess",true);
+ } else{
+ $smarty->assign("emptyArrAccess",false);
+
+ }
+
+ $smarty->assign("workstations", $this->accessTo);
+
+
+
/* Checkboxes */
foreach (array("force_gid", "smbgroup") as $val){
if ($this->$val == "1"){
@@ -390,36 +565,103 @@ class group extends plugin
/* Show main page */
$smarty->assign("alphabet", generate_alphabet(10));
- $smarty->assign("search_image", get_template_path('images/search.png'));
- $smarty->assign("launchimage", get_template_path('images/small_filter.png'));
- $smarty->assign("tree_image", get_template_path('images/tree.png'));
+ $smarty->assign("search_image", get_template_path('images/lists/search.png'));
+ $smarty->assign("launchimage", get_template_path('images/lists/action.png'));
+ $smarty->assign("tree_image", get_template_path('images/lists/search-subtree.png'));
$smarty->assign("deplist", $this->config->idepartments);
+
+ /* Multiple edit handling */
+ $smarty->assign("multiple_support",$this->multiple_support_active);
+
+ $smarty->assign("memberUid_All",$this->memberUid);
+ $smarty->assign("memberUid_Some",$this->memberUid_used_by_some);
+
+ foreach($this->attributes as $val){
+ if(in_array($val,$this->multi_boxes)){
+ $smarty->assign("use_".$val,TRUE);
+ }else{
+ $smarty->assign("use_".$val,FALSE);
+ }
+ }
+ foreach(array("base","smbgroup","groupType","sambaDomainName","fon_group","nagios_group","trustmode") as $val){
+ if(in_array($val,$this->multi_boxes)){
+ $smarty->assign("use_".$val,TRUE);
+ }else{
+ $smarty->assign("use_".$val,FALSE);
+ }
+ }
+
return($smarty->fetch (get_template_path('generic.tpl', TRUE)));
}
function addUser($uid)
{
- $this->memberUid[]= $uid;
- $this->memberUid= array_unique($this->memberUid);
+ /* In mutliple edit we have to handle two arrays.
+ * memberUid : Containing users used in all groups
+ * memberUid_used_by_some : Those which are not used in all groups
+ * So we have to remove the given $uid from the ..used_by_some array first.
+ */
+ if($this->multiple_support_active){
+ if(isset($this->memberUid_used_by_some[$uid])){
+ unset($this->memberUid_used_by_some[$uid]);
+ }
+ }
+
+ /* Ensure that the requested object is known to the group class
+ */
+ if(!isset($this->dnMapping[$uid])){
+ $ldap = $this->config->get_ldap_link();
+ $ldap->cd($this->config->current['BASE']);
+ $ldap->search("(&(objectClass=gosaAccount)(uid=".$uid."))",array("dn", "uid","sn","givenName"));
+ if($ldap->count() == 0 ){
+ msg_dialog::display(_("Error"),
+ sprintf(_("Adding UID '%s' to group '%s' failed: cannot find user object!"),
+ $uid,$this->cn),
+ ERROR_DIALOG);
+ return;
+ }elseif($ldap->count() >= 2){
+ msg_dialog::display(_("Error"),
+ sprintf(_("Add UID '%s' to group '%s' failed: UID is used more than once!"),
+ $uid,$this->cn),
+ ERROR_DIALOG);
+ return;
+ }else{
+ while($attrs = $ldap->fetch()){
+ $this->dnMapping[$attrs['uid'][0]] = $attrs['dn'];
+ $this->members[$attrs['uid'][0]] = $this->createResultName($attrs);
+ $this->allusers[$attrs['uid'][0]]= $this->createResultName($attrs);
+ }
+ }
+ }
+
+ $this->memberUid[$uid]= $uid;
}
+
function removeUser($uid)
{
$temp= array();
- foreach ($this->memberUid as $value){
- if ($value != $uid){
- $temp[]= $value;
+ if(isset($this->memberUid[$uid])){
+ unset($this->memberUid[$uid]);
+ }
+
+ /* We have two array contianing group members in multiple edit.
+ * this->memberUid : Groups used by all currently edited groups
+ * this->memberUid_used_by_some: Used by some
+ * So we have to remove the specified uid from both arrays.
+ */
+ if($this->multiple_support_active){
+ if(isset($this->memberUid_used_by_some[$uid])){
+ unset($this->memberUid_used_by_some[$uid]);
}
}
- $this->memberUid= $temp;
}
-
/* Reload data */
- function reload()
+ function reload($silent = FALSE)
{
/* Fix regex string */
- $gufilter = get_global("gufilter");
+ $gufilter = session::get("gufilter");
$regex = normalizeLdap($gufilter['regex']);
$MaxUser = $this->OnlyShowFirstEntries;
@@ -433,14 +675,18 @@ class group extends plugin
to be prepared when adding/deleting users)
*/
$filter = "";
- foreach ($this->memberUid as $value){
- if(!isset($this->members[$value])){
- $filter .= "(uid=".normalizeLdap($value).")";
+ if ($this->config->get_cfg_value("ldapFilterNestingLimit") == "" ||
+ count($this->memberUid) < $this->config->get_cfg_value("ldapFilterNestingLimit")){
+ foreach ($this->memberUid as $value){
+ if(!isset($this->members[$value])){
+ $filter .= "(uid=".normalizeLdap($value).")";
+ }
}
}
+
if(!empty($filter)){
$ldap->cd($this->config->current['BASE']);
- $ldap->search("(&(objectClass=gosaAccount)(!(objectClass=gosaUserTemplate))(|".$filter."))",array("dn", "uid","sn","givenName"));
+ $ldap->search("(&(objectClass=gosaAccount)(|".$filter."))",array("dn", "uid","sn","givenName"));
while($attrs = $ldap->fetch()){
$this->dnMapping[$attrs['uid'][0]] = $attrs['dn'];
$this->members[$attrs['uid'][0]] = $this->createResultName($attrs);
@@ -449,11 +695,18 @@ class group extends plugin
}
/* check if all uids are resolved */
- foreach ($this->memberUid as $value){
- if(!isset($this->members[$value])){
- $this->members[$value] = _("! unknown id")." [".$value."]";
- }
- }
+ if ($this->config->get_cfg_value("ldapFilterNestingLimit") == "" ||
+ count($this->memberUid) < $this->config->get_cfg_value("ldapFilterNestingLimit")){
+ foreach ($this->memberUid as $value){
+ if(!isset($this->members[$value])){
+ $this->members[$value] = _("! unknown UID")." [".$value."]";
+ }
+ }
+ }else{
+ foreach ($this->memberUid as $value){
+ $this->members[$value] = $value;
+ }
+ }
/* Create display list of users matching regex & filter
*/
@@ -488,8 +741,8 @@ class group extends plugin
}
/* If more than max users are found, display a message to warn the user */
- if(($i == $MaxUser)){
- print_red(sprintf(_("Your search method returned more than '%s' users, only '%s' users are shown.") , $MaxUser,$MaxUser));
+ if($i == $MaxUser && !$silent){
+ msg_dialog::display(_("Configuration error"), sprintf(_("Search returned too many results. Not displaying more than %s entries!"), $MaxUser), ERROR_DIALOG);
}
/* Sort lists */
@@ -518,13 +771,15 @@ class group extends plugin
$ldap= $this->config->get_ldap_link();
$ldap->rmdir($this->dn);
- show_ldap_error($ldap->get_error(), sprintf(_("Removing of groups/generic with dn '%s' failed."),$this->dn));
+ if (!$ldap->success()){
+ msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap->get_error(), $this->dn, LDAP_DEL, get_class()));
+ }
new log("remove","groups/".get_class($this),$this->dn,array_keys($this->attrs),$ldap->get_error());
/* Delete references to object groups */
$ldap->cd ($this->config->current['BASE']);
- $ldap->search ("(&(objectClass=gosaGroupOfNames)(member=".$this->dn."))", array("cn"));
+ $ldap->search ("(&(objectClass=gosaGroupOfNames)(member=".LDAP::prepare4filter($this->dn)."))", array("cn"));
while ($ldap->fetch()){
$og= new ogroup($this->config, $ldap->getDN());
unset($og->member[$this->dn]);
@@ -546,13 +801,11 @@ class group extends plugin
}
}
}
- $acl -> save();
+ $acl->save();
}
- /* Remove ACL dependencies too,
- */
- $tmp = new acl($this->config,$this->parent,$this->dn);
- $tmp->remove_acl();
+ /* Remove ACL dependencies, too */
+ acl::remove_acl_for($this->dn);
/* Send signal to the world that we've done */
$this->handle_post_events("remove");
@@ -596,20 +849,20 @@ class group extends plugin
}
/* Save sambaDomain attribute */
- if ($this->acl_is_writeable("sambaDomainName") && $this->samba3 && isset ($_POST['sambaDomainName'])){
+ if ($this->acl_is_writeable("sambaDomainName") && isset ($_POST['sambaDomainName'])){
$this->sambaDomainName= $_POST['sambaDomainName'];
$this->groupType= $_POST['groupType'];
}
/* Save fon attribute */
- if ($this->acl_is_writeable("fon_group")){
+ if ($this->acl_is_writeable("fonGroup")){
if (isset ($_POST['fon_group'])){
$this->fon_group= TRUE;
} else {
$this->fon_group= FALSE;
}
}
- if ($this->acl_is_writeable("nagios_group")){
+ if ($this->acl_is_writeable("nagiosGroup")){
if (isset ($_POST['nagios_group'])){
$this->nagios_group= TRUE;
} else {
@@ -617,6 +870,24 @@ class group extends plugin
}
}
}
+
+ /* Trust mode - special handling */
+ if($this->acl_is_writeable("trustModel")){
+ if (isset($_POST['trustmode'])){
+ $saved= $this->trustModel;
+ if ($_POST['trustmode'] == "1"){
+ $this->trustModel= "fullaccess";
+ } elseif ($_POST['trustmode'] == "2"){
+ $this->trustModel= "byhost";
+ } else {
+ $this->trustModel= "";
+ }
+ if ($this->trustModel != $saved){
+ $this->is_modified= TRUE;
+ }
+ }
+ }
+
}
@@ -631,7 +902,7 @@ class group extends plugin
} else {
/* Calculate new, lock uids */
$wait= 10;
- while (get_lock("uidnumber") != ""){
+ while (get_lock("gidnumber") != ""){
sleep (1);
/* timed out? */
@@ -639,13 +910,40 @@ class group extends plugin
break;
}
}
- add_lock ("uidnumber", "gosa");
- $this->gidNumber= $this->get_next_id("gidNumber", $this->dn);
+ add_lock ("gidnumber", "gosa");
+ $this->gidNumber= get_next_id("gidNumber", $this->dn);
}
}
plugin::save();
+ /* Trust accounts */
+ $objectclasses= array();
+ foreach ($this->attrs['objectClass'] as $key => $class){
+ if (preg_match('/trustAccount/i', $class)){
+ continue;
+ }
+ $objectclasses[]= $this->attrs['objectClass'][$key];
+ }
+ $this->attrs['objectClass']= $objectclasses;
+ if ($this->trustModel != ""){
+ $this->attrs['objectClass'][]= "trustAccount";
+ $this->attrs['trustModel']= $this->trustModel;
+ $this->attrs['accessTo']= array();
+ if ($this->trustModel == "byhost"){
+ foreach ($this->accessTo as $host){
+ $this->attrs['accessTo'][]= $host;
+ }
+ }
+ } else {
+ if ($this->was_trust_account){
+ $this->attrs['accessTo']= array();
+ $this->attrs['trustModel']= array();
+ }
+ }
+
+
+
/* Remove objectClass for samba/phone support */
$tmp= array();
for ($i= 0; $iattrs["objectClass"]); $i++){
@@ -660,7 +958,7 @@ class group extends plugin
$ldap= $this->config->get_ldap_link();
/* Add samba group functionality */
- if ($this->samba3 && $this->smbgroup){
+ if ($this->smbgroup){
/* Fixed undefined index ...
*/
@@ -668,12 +966,12 @@ class group extends plugin
if(isset($this->config->data['SERVERS']['SAMBA'][$this->sambaDomainName]['SID'])){
$this->SID = $this->config->data['SERVERS']['SAMBA'][$this->sambaDomainName]['SID'];
}else{
- print_red(sprintf(_("No configured SID found for '%s'."),$this->sambaDomainName));
+ msg_dialog::display(_("Error"), sprintf(_("Cannot find any SID for '%s'!"), $this->sambaDomainName), ERROR_DIALOG);
}
if(isset($this->config->data['SERVERS']['SAMBA'][$this->sambaDomainName]['RIDBASE'])){
$this->ridBase= $this->config->data['SERVERS']['SAMBA'][$this->sambaDomainName]['RIDBASE'];
}else{
- print_red(sprintf(_("No configured RIDBASE found for '%s'."),$this->sambaDomainName));
+ msg_dialog::display(_("Error"), sprintf(_("Cannot find any RIDBASE for '%s'!"), $this->sambaDomainName), ERROR_DIALOG);
}
$this->attrs['objectClass'][]= 'sambaGroupMapping';
@@ -704,8 +1002,7 @@ class group extends plugin
/* User wants me to fake the idMappings? This is useful for
making winbind resolve the group names in a reasonable amount
of time in combination with larger databases. */
- if (isset($this->config->current['SAMBAIDMAPPING']) &&
- preg_match('/true/i', $this->config->current['SAMBAIDMAPPING'])){
+ if ($this->config->get_cfg_value("sambaidmapping") == "true"){
$this->attrs['objectClass'][]= "sambaIdmapEntry";
}
@@ -723,7 +1020,7 @@ class group extends plugin
/* Take members array */
if (count ($this->memberUid)){
- $this->attrs['memberUid']= array_unique($this->memberUid);
+ $this->attrs['memberUid']= array_values(array_unique($this->memberUid));
}
/* New accounts need proper 'dn', propagate it to remaining objects */
@@ -733,10 +1030,13 @@ class group extends plugin
/* Add member dn's for RFC2307bis Support */
if ($this->rfc2307bis){
+ $this->attrs['member'] = array();
if (count($this->memberUid)){
- $this->attrs['member'] = array();
foreach($this->attrs['memberUid'] as $uid) {
- $this->attrs['member'][]= $this->dnMapping[$uid];
+
+ if(isset($this->dnMapping[$uid])){
+ $this->attrs['member'][]= $this->dnMapping[$uid];
+ }
}
} else {
$this->attrs['member'][]= $this->dn;
@@ -751,12 +1051,11 @@ class group extends plugin
if (!count ($this->memberUid)){
$this->attrs['memberUid']= array();
}
- if ($this->samba3){
- if (!$this->smbgroup){
- $this->attrs['sambaGroupType']= array();
- $this->attrs['sambaSID']= array();
- }
+ if (!$this->smbgroup){
+ $this->attrs['sambaGroupType']= array();
+ $this->attrs['sambaSID']= array();
}
+
$mode= "modify";
} else {
$mode= "add";
@@ -764,6 +1063,22 @@ class group extends plugin
$ldap->create_missing_trees(preg_replace('/^[^,]+,/', '', $this->dn));
}
+
+ /* Check generated gidNumber, it may be used by another group.
+ */
+ if($this->gidNumber != ""){
+ $ldap->cd($this->config->current['BASE']);
+ $ldap->search("(&(!(cn=".$this->orig_cn."))(objectClass=posixGroup)(gidNumber=".$this->gidNumber."))",array("cn"));
+ if($ldap->count()){
+ $cns = "";
+ while($attrs = $ldap->fetch()){
+ $cns .= $attrs['cn'][0].", ";
+ }
+ $cns = rtrim($cns,", ");
+ msg_dialog::display(_("Warning"),sprintf(_("The gidNumber '%s' is already in use by %s!"),$this->gidNumber,$cns) , WARNING_DIALOG );
+ }
+ }
+
/* Write back to ldap */
$ldap->cd($this->dn);
$this->cleanup();
@@ -783,12 +1098,13 @@ class group extends plugin
}
$ret= 0;
- if ( show_ldap_error($ldap->get_error(), sprintf(_("Removing of groups/generic with dn '%s' failed."),$this->dn))){
+ if (!$ldap->success()){
+ msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap->get_error(), $this->dn, 0, get_class()));
$ret= 1;
}
/* Remove uid lock */
- del_lock ("uidnumber");
+ del_lock ("gidnumber");
/* Post that we've done*/
$this->handle_post_events($mode);
@@ -810,12 +1126,16 @@ class group extends plugin
/* must: cn */
if ($this->cn == "" && $this->acl_is_writeable("cn")){
- $message[]= "The required field 'Name' is not set.";
+ $message[]= msgPool::required(_("Name"));
}
/* Check for valid input */
- if (!is_uid($this->cn)){
- $message[]= _("The field 'Name' contains invalid characters. Lowercase, numbers and dashes are allowed.");
+ if (!tests::is_uid($this->cn)){
+ if (strict_uid_mode()){
+ $message[]= msgPool::invalid(_("Name"), $this->cn, "/[a-z0-9_-]/");
+ } else {
+ $message[]= msgPool::invalid(_("Name"), $this->cn, "/[a-z0-9_-]/i");
+ }
}
if($this->allowGroupsWithSameNameInOtherSubtrees == true){
@@ -826,7 +1146,7 @@ class group extends plugin
$ldap->cd(get_groups_ou().$this->base);
$ldap->ls("(&(|(objectClass=gosaGroupOfNames)(objectClass=posixGroup))(cn=$this->cn))",get_groups_ou().$this->base,array("cn"));
if ($ldap->count() != 0){
- $message[]= _("Value specified as 'Name' is already used.");
+ $message[]= msgPool::duplicated(_("Name"));
}
}
@@ -840,14 +1160,14 @@ class group extends plugin
/* New entry? */
if ($this->dn == 'new'){
- $message[]= _("Value specified as 'Name' is already used.");
+ $message[]= msgPool::duplicated(_("Name"));
}
/* Moved? */
elseif ($new_dn != $this->orig_dn){
$ldap->fetch();
if ($ldap->getDN() != $this->orig_dn){
- $message[]= _("Value specified as 'Name' is already used.");
+ $message[]= msgPool::duplicated(_("Name"));
}
}
}
@@ -855,57 +1175,33 @@ class group extends plugin
/* Check ID */
if ($this->force_gid == "1"){
- if (!is_id($this->gidNumber)){
- $message[]= _("Value specified as 'GID' is not valid.");
+ if (!tests::is_id($this->gidNumber)){
+ $message[]= msgPool::invalid(_("GID"), $this->gidNumber, "/[0-9]/");
} else {
- if ($this->gidNumber < $this->config->current['MINID']){
- $message[]= _("Value specified as 'GID' is too small.");
+ if ($this->gidNumber < $this->config->get_cfg_value("minId")){
+ $message[]= msgPool::toosmall(_("GID"), $this->config->get_cfg_value("minId"));
}
}
}
-
- return ($message);
- }
-
- function get_next_id($attrib, $dn)
- {
- $ids= array();
- $ldap= $this->config->get_ldap_link();
-
- $ldap->cd ($this->config->current['BASE']);
- if (preg_match('/gidNumber/i', $attrib)){
- $oc= "posixGroup";
- } else {
- $oc= "posixAccount";
- }
- $ldap->search ("(&(objectClass=$oc)($attrib=*))", array("$attrib"));
-
- /* Get list of ids */
- while ($attrs= $ldap->fetch()){
- $ids[]= (int)$attrs["$attrib"][0];
- }
-
- /* Find out next free id near to UID_BASE */
- if (!isset($this->config->current['BASE_HOOK'])){
- $base= $this->config->current['UIDBASE'];
- } else {
- /* Call base hook */
- $base= get_base_from_hook($dn, $attrib);
- }
- for ($id= $base; $id++; $id < pow(2,32)){
- if (!in_array($id, $ids)){
- return ($id);
+
+ /* Check if we are allowed to create or move this object
+ */
+ if(!$this->orig_dn == "new" ||
+ $this->orig_base != $this->base ||
+ $this->cn != $this->orig_cn){
+
+ if($this->orig_dn == "new" && !$this->acl_is_createable($this->base)){
+ $message[] = msgPool::permCreate();
+ }elseif($this->orig_dn != "new" && !$this->acl_is_moveable($this->base)){
+ $message[] = msgPool::permMove();
}
}
- /* Check if id reached maximum */
- if ($id >= pow(2,32)){
- print_red(_("Too many users, can't allocate a free ID!"));
- exit;
- }
+ return ($message);
}
+
function getCopyDialog()
{
$vars = array("cn");
@@ -954,25 +1250,188 @@ class group extends plugin
"plSelfModify" => FALSE,
"plDepends" => array(),
"plPriority" => 0,
- "plSection" => array("admin"),
+ "plSection" => array("administration"),
"plCategory" => array("groups" => array("objectClass" => "posixGroup", "description" => _("Groups"))),
"plProvidedAcls" => array(
"cn" => _("Name"),
- "base" => _("Base"),
"description" => _("Description"),
-
- "fonGroup" => _("Phone pickup group"),
- "nagiosGroup" => _("Nagios group"),
+ "base" => _("Base"),
"gidNumber" => _("GID"),
- "memberUid" => _("Group member"),
+
"sambaGroupType" => _("Samba group type"),
"sambaDomainName" => _("Samba domain name"),
- "sambaSID" => _("Samba SID"))
+ "trustModel" => _("System trust"),
+ "fonGroup" => _("Phone pickup group"),
+ "nagiosGroup" => _("Nagios group"),
+
+ "memberUid" => _("Group member"))
));
}
-}
+
+ function multiple_save_object()
+ {
+ if(isset($_POST['group_mulitple_edit'])){
+
+ /* Create a base backup and reset the
+ base directly after calling plugin::save_object();
+ Base will be set seperatly a few lines below */
+ $base_tmp = $this->base;
+ plugin::multiple_save_object();
+ plugin::save_object();
+ $this->base = $base_tmp;
+
+ foreach(array("base","smbgroup","groupType","sambaDomainName","fon_group","nagios_group","trustmode") as $attr){
+ if(isset($_POST['use_'.$attr])){
+ $this->multi_boxes[] = $attr;
+ }
+ }
+
+ /* Get base selection */
+ if(isset($_POST['base'])){
+ $tmp = $this->get_allowed_bases();
+ if(isset($tmp[$_POST['base']])){
+ $this->base = $_POST['base'];
+ }
+ }
+
+ foreach (array( "smbgroup" => "sambaGroupType" ,"nagios_group" => "nagios_group") as $val => $aclname) {
+ if ($this->acl_is_writeable($aclname)){
+ if(isset($_POST["$val"])){
+ $this->$val= TRUE;
+ }else{
+ $this->$val= FALSE;
+ }
+ }
+ }
+
+ /* Save sambaDomain attribute */
+ if ($this->acl_is_writeable("sambaDomainName") && isset ($_POST['sambaDomainName'])){
+ $this->sambaDomainName= $_POST['sambaDomainName'];
+ $this->groupType= $_POST['groupType'];
+ }
+
+ /* Trust mode - special handling */
+ if($this->acl_is_writeable("trustModel")){
+ if (isset($_POST['trustmode'])){
+ $saved= $this->trustModel;
+ if ($_POST['trustmode'] == "1"){
+ $this->trustModel= "fullaccess";
+ } elseif ($_POST['trustmode'] == "2"){
+ $this->trustModel= "byhost";
+ } else {
+ $this->trustModel= "";
+ }
+ if ($this->trustModel != $saved){
+ $this->is_modified= TRUE;
+ }
+ }
+ }
+
+ /* Save fon attribute */
+ if ($this->acl_is_writeable("fonGroup")){
+ if (isset ($_POST['fon_group'])){
+ $this->fon_group= TRUE;
+ } else {
+ $this->fon_group= FALSE;
+ }
+ }
+ }
+ }
+
+
+ function get_multi_edit_values()
+ {
+ $ret = plugin::get_multi_edit_values();
+
+ foreach(array("base","smbgroup","groupType","sambaDomainName","fon_group","nagios_group") as $attr){
+ if(in_array($attr,$this->multi_boxes)){
+ $ret[$attr] = $this->$attr;
+ }
+ }
+
+ if(in_array("trustmode",$this->multi_boxes)){
+ $ret['trustModel'] = $this->trustModel;
+ $ret['accessTo'] = $this->accessTo;
+ }
+
+ $ret['memberUid'] = $this->memberUid;
+ $ret['memberUid_used_by_some'] = $this->memberUid_used_by_some;
+ return($ret);
+ }
+
+ function multiple_execute()
+ {
+ return($this->execute());
+ }
+
+
+ /* Initialize plugin with given atribute arrays
+ */
+ function init_multiple_support($attrs,$all)
+ {
+ plugin::init_multiple_support($attrs,$all);
+
+ $this->memberUid = array();
+ $this->memberUid_used_by_some = array();
+ if (isset($attrs['memberUid'])){
+ for ($i= 0; $i<$attrs['memberUid']['count']; $i++){
+ $this->memberUid[$attrs['memberUid'][$i]]= $attrs['memberUid'][$i];
+ }
+ ksort($this->memberUid);
+ }
+
+ if (isset($all['memberUid'])){
+ for ($i= 0; $i<$all['memberUid']['count']; $i++){
+ if(!in_array($all['memberUid'][$i],$this->memberUid)){
+ $this->memberUid_used_by_some[$all['memberUid'][$i]]= $all['memberUid'][$i];
+ }
+ }
+ ksort($this->memberUid_used_by_some);
+ }
+ }
+
+
+ function PrepareForCopyPaste($source)
+ {
+ plugin::PrepareForCopyPaste($source);
+
+ $this->memberUid = array();
+ if(isset($source['memberUid'])){
+ for($i = 0 ; $i < $source['memberUid']['count']; $i ++){
+ $this->memberUid[] = $source['memberUid'][$i];
+ }
+ }
+ $this->accessTo = array();
+ if (isset($source['accessTo'])){
+ for ($i= 0; $i<$source['accessTo']['count']; $i++){
+ $tmp= $source['accessTo'][$i];
+ $this->accessTo[$tmp]= $tmp;
+ }
+ }
+ }
+
+
+ function set_multi_edit_values($attrs)
+ {
+ $users = array();
+
+ /* Update groupMembership, keep optinal group */
+ foreach($attrs['memberUid_used_by_some'] as $uid){
+ if(in_array($uid,$this->memberUid)){
+ $users[$uid] = $uid;
+ }
+ }
+
+ /* Update groupMembership, add forced groups */
+ foreach($attrs['memberUid'] as $uid){
+ $users[$uid] = $uid;
+ }
+ plugin::set_multi_edit_values($attrs);
+ $this->memberUid = $users;
+ }
+}
// vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
?>