From 7e00edb60cde0c7e37323706e209b904a6d0801e Mon Sep 17 00:00:00 2001
From: hickert <hickert@594d385d-05f5-0310-b6e9-bd551577e9d8>
Date: Mon, 8 Mar 2010 08:42:21 +0000
Subject: [PATCH] Fixed ACL handling

git-svn-id: https://oss.gonicus.de/repositories/gosa/branches/2.6@16342 594d385d-05f5-0310-b6e9-bd551577e9d8
---
 .../admin/systems/class_filterSYSTEMS.inc     | 135 +++++++++++++++++-
 1 file changed, 128 insertions(+), 7 deletions(-)

diff --git a/gosa-plugins/systems/admin/systems/class_filterSYSTEMS.inc b/gosa-plugins/systems/admin/systems/class_filterSYSTEMS.inc
index 178dee31c..945e845a5 100644
--- a/gosa-plugins/systems/admin/systems/class_filterSYSTEMS.inc
+++ b/gosa-plugins/systems/admin/systems/class_filterSYSTEMS.inc
@@ -2,7 +2,7 @@
 
 class filterSYSTEMS {
 
-  static function query($parent,$base, $scope, $filter, $attributes, $category, $objectStorage= "")
+  static function query($parent,$base, $scope, $filter, $attributes, $category, $objectStorage= array())
   {
     $ui = get_userinfo();
     global $config;
@@ -10,7 +10,11 @@ class filterSYSTEMS {
     // Check whether the arp handling active or not
     $arp_handling_active = ($config->search("ArpNewDevice","CLASS",array('tabs')) != "");
 
-    $entries = filterLDAP::query($parent,$base, $scope, $filter, $attributes, $category, $objectStorage);
+    $config= session::global_get('config');
+    $ldap= $config->get_ldap_link(TRUE);
+    $flag= ($scope == "sub")?GL_SUBSEARCH:0;
+    $entries = filterSYSTEMS::get_list($parent,$base, $filter, $attributes, $category, $objectStorage, $flag | GL_SIZELIMIT);
+
     foreach($entries as $key => $entry){
       if(preg_match("/".preg_quote(get_ou('systemIncomingRDN'),'/')."/i", $entry['dn'])){
 
@@ -31,11 +35,11 @@ class filterSYSTEMS {
           $entries[$key]['cn'][0].= " <i>("._("New device").")</i>";
         }
 
-      // Detect SAMBA machines
+        // Detect SAMBA machines
       }elseif(in_array('sambaSamAccount', $entry['objectClass']) && preg_match("/\$$/", $entry['cn'][0])){
         $entries[$key]['objectClass'][] = 'FAKE_OC_winstation';
 
-      // Detect Workstation & templates
+        // Detect Workstation & templates
       }elseif(in_array('gotoWorkstation', $entry['objectClass'])){
         if(!isset($entry['macAddress'][0]) || $entry['macAddress'][0] == "-"){
           continue; // We do not need templates anymore, we've ogroups now.
@@ -46,7 +50,7 @@ class filterSYSTEMS {
           $entries[$key]['objectClass'][] = 'FAKE_OC_PWD_changeAble';
         }
 
-      // Detect Terminal & templates
+        // Detect Terminal & templates
       }elseif(in_array('gotoTerminal', $entry['objectClass'])){
         if(!isset($entry['macAddress'][0]) || $entry['macAddress'][0] == "-"){
           continue; // We do not need templates anymore, we've ogroups now.
@@ -57,7 +61,7 @@ class filterSYSTEMS {
           $entries[$key]['objectClass'][] = 'FAKE_OC_PWD_changeAble';
         }
 
-      // Detect Server & templates
+        // Detect Server & templates
       }elseif(in_array('goServer', $entry['objectClass'])){
         if(!isset($entry['macAddress'][0]) || $entry['macAddress'][0] == "-"){
           continue; // We do not need templates anymore, we've ogroups now.
@@ -68,7 +72,7 @@ class filterSYSTEMS {
           $entries[$key]['objectClass'][] = 'FAKE_OC_PWD_changeAble';
         }
 
-      // Detect ieee802Device
+        // Detect ieee802Device
       }elseif(in_array('ieee802Device', $entry['objectClass'])){
         $pwd_acl = $ui->get_permissions($entry['dn'],'component/componentGeneric','userPassword');
         if(preg_match("/w/",$pwd_acl)){
@@ -142,6 +146,123 @@ class filterSYSTEMS {
     }
     return($entries);
   }
+
+
+  static function get_list($parent,$base, $filter, $attributes, $category, $objectStorage, $flags= GL_SUBSEARCH)
+  {
+    $ui= session::global_get('ui');
+    $config= session::global_get('config');
+
+    // Move to arrays for category and objectStorage
+    if (!is_array($category)) {
+      $category= array($category);
+    }
+
+    // Store in base - i.e. is a rdn value empty?
+    $storeOnBase= count($objectStorage) == 1 && empty($objectStorage[0]);
+
+    $method= ($storeOnBase && !($flags & GL_SUBSEARCH))?"ls":"search";
+
+    // Initialize search bases
+    $bases= array();
+
+    // Get list of sub bases to search on
+    if ($storeOnBase) {
+      $bases[$base]= "";
+    } else {
+      foreach ($objectStorage as $oc) {
+        $oc= preg_replace('/,$/', '', $oc);
+        $tmp= explode(',', $oc);
+        if (count($tmp) == 1) {
+          preg_match('/([^=]+)=(.*)$/', $oc, $m);
+          if ($flags & GL_SUBSEARCH) {
+            $bases[$base][]= $m[1].":dn:=".$m[2];
+          } else {
+            $bases["$oc,$base"][]= $m[1].":dn:=".$m[2];
+          }
+        } else {
+          // No, there's no \, in pre defined RDN values
+          preg_match('/^([^,]+),(.*)$/', $oc, $matches);
+          preg_match('/([^=]+)=(.*)$/', $matches[1], $m);
+          if ($flags & GL_SUBSEARCH) {
+            $bases[$base][]= $m[1].":dn:=".$m[2];
+          } else {
+            $bases[$matches[2].",$base"][]= $m[1].":dn:=".$m[2];
+          }
+        }
+      }
+    }
+    // Get LDAP link
+    $ldap= $config->get_ldap_link($flags & GL_SIZELIMIT);
+
+    // Do search for every base
+    $result= array();
+    $limit_exceeded = FALSE;
+    foreach($bases as $base => $dnFilters) {
+
+      // Break if the size limit is exceeded
+      if($limit_exceeded){
+        return($result);
+      }
+
+      // Switch to new base and search
+      if (is_array($dnFilters)){
+        $dnFilter= "(|";
+        foreach ($dnFilters as $df) {
+          $dnFilter.= "($df)";
+        }
+        $dnFilter.= ")";
+      } else {
+        $dnFilter= "";
+      }
+      $ldap->cd($base);
+      if ($method == "ls") {
+        $ldap->ls("(&$filter$dnFilter)", $base, $attributes);
+      } else {
+        $ldap->search("(&$filter$dnFilter)", $attributes);
+      }
+
+      // Check for size limit exceeded messages for GUI feedback
+      if (preg_match("/size limit/i", $ldap->get_error())){
+        session::set('limit_exceeded', TRUE);
+        $limit_exceeded = TRUE;
+      }
+
+      /* Crawl through result entries and perform the migration to the
+         result array */
+      while($attrs = $ldap->fetch()) {
+        $dn= $ldap->getDN();
+
+        /* Convert dn into a printable format */
+        if ($flags & GL_CONVERT){
+          $attrs["dn"]= convert_department_dn($dn);
+        } else {
+          $attrs["dn"]= $dn;
+        }
+
+        /* Skip ACL checks if we are forced to skip those checks */
+        if($flags & GL_NO_ACL_CHECK){
+          $result[]= $attrs;
+        }else{
+
+          if(preg_match("/".preg_quote(get_ou('systemIncomingRDN'),'/')."/i",$dn)){
+            $attrs['objectClass'][] = "gotoTerminal";
+          }
+          $obj = $parent->headpage->getObjectType($parent->headpage->objectTypes, $attrs['objectClass']);
+
+          if(isset($obj['category'])){
+            $o = $obj['category']."/".$obj['class'];
+            if(preg_match("/r/",$ui->get_permissions($dn,$o))){
+              $result[]= $attrs;
+            }
+          }
+        }
+      }
+
+    }
+
+    return $result;
+  }
 }
 
 ?>
-- 
2.30.2