steffen: server/kolab-resource-handlers/kolab-resource-handlers/resmgr resmgr.php, 1.23, 1.24

cvs at intevation.de cvs at intevation.de
Wed Sep 22 15:17:35 CEST 2004


Author: steffen

Update of /kolabrepository/server/kolab-resource-handlers/kolab-resource-handlers/resmgr
In directory doto:/tmp/cvs-serv9174/kolab-resource-handlers/resmgr

Modified Files:
	resmgr.php 
Log Message:
support for per user and per group policies

Index: resmgr.php
===================================================================
RCS file: /kolabrepository/server/kolab-resource-handlers/kolab-resource-handlers/resmgr/resmgr.php,v
retrieving revision 1.23
retrieving revision 1.24
diff -u -d -r1.23 -r1.24
--- resmgr.php	21 Sep 2004 15:31:20 -0000	1.23
+++ resmgr.php	22 Sep 2004 13:17:33 -0000	1.24
@@ -28,11 +28,10 @@
 
 // What actions we can take when receiving an event request
 define('RM_ACT_ALWAYS_ACCEPT',              1);
-define('RM_ACT_ALWAYS_REJECT',              2);
-define('RM_ACT_REJECT_IF_CONFLICTS',        3);
-// The following are only for groups
-define('RM_ACT_MANUAL_IF_CONFLICTS',        4);
-define('RM_ACT_MANUAL',                     5);
+define('RM_ACT_REJECT_IF_CONFLICTS',        2);
+define('RM_ACT_MANUAL_IF_CONFLICTS',        3);
+define('RM_ACT_MANUAL',                     4);
+define('RM_ACT_ALWAYS_REJECT',              5);
 
 // What possible ITIP notification we can send
 define('RM_ITIP_DECLINE',                   1);
@@ -207,12 +206,42 @@
     }
 }
 
+function parseactionstring( $action ) {
+  switch (trim($action)) {
+  case 'ACT_ALWAYS_ACCEPT': return RM_ACT_ALWAYS_ACCEPT;
+  case 'ACT_ALWAYS_REJECT': return RM_ACT_ALWAYS_REJECT;
+  case 'ACT_REJECT_IF_CONFLICTS': return RM_ACT_REJECT_IF_CONFLICTS;
+  case 'ACT_MANUAL_IF_CONFLICTS': return RM_ACT_MANUAL_IF_CONFLICTS;
+  case 'ACT_MANUAL': return RM_ACT_MANUAL;
+  default:  return false;
+  }
+}
+
+function getDN( $ldap, $mail ) {
+  global $params;
+  $filter = "(&(objectClass=kolabInetOrgPerson)(|(mail=$mail)(alias=$mail)))";
+  $result = ldap_search($ldap, $params['base_dn'],
+			$filter,
+			array('dn'));
+  if (!$result) {
+    myLog('Unable to perform LDAP search: ' . ldap_error($ldap));
+    return false;
+  }
+  $dn = false;
+  if( ldap_count_entries( $ldap, $result ) > 0 ) {
+    $entries = ldap_get_entries($ldap, $result);
+    $dn = $entries[0]['dn'];
+  }
+  ldap_free_result( $result );
+  return $dn;
+}
+
 /**
  * Look up action and encrypted password from LDAP and decrypt it
  */
 function getLDAPData()
 {
-    global $resource, $params;
+    global $resource, $params, $sender;
 
     // Connect to the LDAP server and retrieve the users' password
     $ldap = ldap_connect($params['ldap_uri']);
@@ -235,9 +264,8 @@
         return false;
     }
 
-    $action = $entries[0]['kolabresourceaction'][0];
+    $actions = $entries[0]['kolabresourceaction'];
     $encpw = base64_decode($entries[0]['kolabencryptedpassword'][0]);
-    ldap_close($ldap);
 
     // Now get private key and decrypt the password
     $pkd = file_get_contents($params['priv_key_file']);
@@ -250,36 +278,55 @@
     if (!openssl_private_decrypt($encpw, $cleartext, $pkey)) {
         while ($msg = openssl_error_string())
             myLog("Error decrypting password: $msg");
+	ldap_free_result( $result );
+	ldap_close($ldap);
         return false;
     }
 
     openssl_free_key($pkey);
-
-    switch ($action) {
-    case 'ACT_ALWAYS_ACCEPT':
-        $action = RM_ACT_ALWAYS_ACCEPT;
-        break;
-
-    case 'ACT_ALWAYS_REJECT':
-        $action = RM_ACT_ALWAYS_REJECT;
-        break;
-
-    case 'ACT_REJECT_IF_CONFLICTS':
-        $action = RM_ACT_REJECT_IF_CONFLICTS;
-        break;
-
-    case 'ACT_MANUAL_IF_CONFLICTS':
-        $action = RM_ACT_MANUAL_IF_CONFLICTS;
-        break;
-
-    case 'ACT_MANUAL':
-        $action = RM_ACT_MANUAL;
-        break;
-
-    default:
-        $action = false;
+    
+    $policies = array();
+    $defaultpolicy = false;
+    foreach( $actions as $action ) {
+      if( ereg( '(.*):(.*)', $action, $regs ) ) {
+	myLog('found policy '.$regs[1].':'.$regs[2], RM_LOG_DEBUG );
+	$policies[$regs[1]] = parseactionstring($regs[2]);
+      } else {
+	$defaultpolicy = parseactionstring($action);
+      }
+    }
+    // Find sender's policy
+    if( array_key_exists( $sender, $policies ) ) {
+      // We have an exact match, stop processing
+      $action = $policies[$sender];
+      myLog("Found exact policy match $action for $sender", RM_LOG_DEBUG);
+    } else {
+      $action = false;
+      $dn = getDN( $ldap, $sender );
+      if( $dn ) {
+	// Sender is local, check for groups
+	foreach( $policies as $gid => $policy ) {
+	  list($cn, $domain) = split( '@', $gid );
+	  if( $domain != $params['email_domain'] ) continue;
+	  $result = ldap_search($ldap, $params['base_dn'],
+				"(&(objectClass=kolabGroupOfNames)(cn=$cn)(member=$dn))",
+				array('dn'));
+	  if (!$result) {
+	    myLog('Unable to perform LDAP search: ' . ldap_error($ldap));
+	    return false;
+	  }
+	  if(ldap_count_entries($ldap, $result) > 0) {
+	    // User is member of group
+	    if( !$action ) $action = $policy;
+	    else $action = min( $action, $policy );
+	  }
+	}
+      }
+      if( !$action && $defaultpolicy ) $action = $defaultpolicy;
     }
 
+
+    ldap_close($ldap);
     return array( 'password' => $cleartext, 'action' => $action );
 }
 
@@ -814,9 +861,10 @@
 // Set some parameters
 $params['calendar_user'] = $resource;
 $params['calendar_uid'] = getResourceUid();
-$ldapdata = getLDAPData();
+$ldapdata = &getLDAPData();
 $params['calendar_pass'] = $ldapdata['password'];
 $params['action'] = $ldapdata['action'];
+myLog("Action for $sender is ".$params['action'], RM_LOG_DEBUG);
 if( !$params['action'] ) {
     // Use defaults
     if( $params['group'] ) {





More information about the commits mailing list