From: hickert Date: Wed, 9 May 2007 10:52:35 +0000 (+0000) Subject: Udpated acl check method, to use 2.5 acl style. X-Git-Url: https://git.tokkee.org/?a=commitdiff_plain;h=77e4828d5443828364ecd49908d5c7513213d71b;p=gosa.git Udpated acl check method, to use 2.5 acl style. git-svn-id: https://oss.gonicus.de/repositories/gosa/branches/2.5@6319 594d385d-05f5-0310-b6e9-bd551577e9d8 --- diff --git a/setup/class_setupStep_Migrate.inc b/setup/class_setupStep_Migrate.inc index 8354a765e..abd24c2a4 100644 --- a/setup/class_setupStep_Migrate.inc +++ b/setup/class_setupStep_Migrate.inc @@ -748,79 +748,56 @@ class Step_Migrate extends setup_step FALSE, $cv['tls']); - /* Search for gosaAcls */ + /* Search for groups that have complete permissions */ $ldap->cd($cv['base']); - $res = $ldap->cat($cv['base']); - + $res = $ldap->search("(&(objectClass=posixGroup)(gosaSubtreeACL=:all)(memberUid=*))",array("memberUid","cn")); + + /* If ldap search failed, set error message */ if(!$res){ $this->checks['acls']['STATUS'] = FALSE; $this->checks['acls']['STATUS_MSG']= _("LDAP query failed"); $this->checks['acls']['ERROR_MSG'] = _("Possibly the 'root object' is missing."); }else{ - $found = false; - $username = ""; - $attrs = $ldap->fetch(); - if(isset($attrs['gosaAclEntry'])){ - $acls = $attrs['gosaAclEntry']; - for($i = 0 ; $i < $acls['count'] ; $i++){ - $acl = $acls[$i]; - $tmp = split(":",$acl); - if($tmp[1] == "psub"){ - $members = split(",",$tmp[2]); - foreach($members as $member){ - $member = base64_decode($member); - - /* Check if acl owner is a valid GOsa user account */ - $ldap->cat($member,array("objectClass","uid","cn")); - $ret = $ldap->fetch(); - - if(isset($ret['objectClass']) && in_array("posixGroup",$ret['objectClass'])){ - $found = TRUE; - $username .= "ACL-Group: ".$ret['cn'][0]."
"; - }elseif(isset($ret['objectClass']) && in_array("gosaAccount",$ret['objectClass']) && - in_array("organizationalPerson",$ret['objectClass']) && - in_array("inetOrgPerson",$ret['objectClass'])){ - $found = TRUE; - $username .= "ACL: ".$ret['uid'][0]."
"; - } - } - }elseif($tmp[1] == "role"){ - - /* Check if acl owner is a valid GOsa user account */ - $ldap->cat(base64_decode($tmp[2]),array("gosaAclTemplate")); - $ret = $ldap->fetch(); - - if(isset($ret['gosaAclTemplate'])){ - $cnt = $ret['gosaAclTemplate']['count']; - for($e = 0 ; $e < $cnt ; $e++){ - - $a_str = $ret['gosaAclTemplate'][$e]; - if(preg_match("/^[0-9]*:psub:/",$a_str) && preg_match("/:all;cmdrw$/",$a_str)){ - - $members = split(",",$tmp[3]); - foreach($members as $member){ - $member = base64_decode($member); - - /* Check if acl owner is a valid GOsa user account */ - $ldap->cat($member,array("objectClass","uid")); - $ret = $ldap->fetch(); - - if(isset($ret['objectClass']) && in_array("gosaAccount",$ret['objectClass']) && - in_array("organizationalPerson",$ret['objectClass']) && - in_array("inetOrgPerson",$ret['objectClass'])){ - $found = TRUE; - $username .= "ACL Role: ".$ret['uid'][0]."
"; - } - } - } - } - } - } - } + + /* */ + $found = FALSE; + $debug = ""; + $admin_groups = array(); + + /* Get all returned groups */ + while($attrs = $ldap->fetch()){ + $admin_groups[]= $attrs; } + /* Walk through groups and check if memberUid exists in ldap database */ + foreach($admin_groups as $group){ + + $debug .= "".$group['cn'][0].":
"; + + $count_member = $group['memberUid']['count']; + + /* Check every single group member */ + for($i = 0 ; $i < $count_member ; $i++){ + $debug .= $group['memberUid'][$i]; + + /* Check if user exists */ + $ldap->search("(&(objectClass=gosaAccount)(uid=".$group['memberUid'][$i]."))",array("dn")); + $cnt= $ldap->count(); + + /* Update found-status if there is a member available */ + if($cnt == 1){ + $debug .= " ->Found
"; + $found = TRUE; + }elseif($cnt == 0 ){ + $debug .= " -> NOT Found
"; + }else{ + $debug .= " -> Found more than once -.-
"; + } + } + + } # For debugging - #echo $username; + # echo $debug."
----------------
"; if($found){ $this->checks['acls']['STATUS'] = TRUE;