steffen: server/kolab-resource-handlers/kolab-resource-handlers/resmgr resmgr.php, 1.23, 1.24
cvs at intevation.de
cvs at intevation.de
Wed Sep 22 15:17:35 CEST 2004
Author: steffen
Update of /kolabrepository/server/kolab-resource-handlers/kolab-resource-handlers/resmgr
In directory doto:/tmp/cvs-serv9174/kolab-resource-handlers/resmgr
Modified Files:
resmgr.php
Log Message:
support for per user and per group policies
Index: resmgr.php
===================================================================
RCS file: /kolabrepository/server/kolab-resource-handlers/kolab-resource-handlers/resmgr/resmgr.php,v
retrieving revision 1.23
retrieving revision 1.24
diff -u -d -r1.23 -r1.24
--- resmgr.php 21 Sep 2004 15:31:20 -0000 1.23
+++ resmgr.php 22 Sep 2004 13:17:33 -0000 1.24
@@ -28,11 +28,10 @@
// What actions we can take when receiving an event request
define('RM_ACT_ALWAYS_ACCEPT', 1);
-define('RM_ACT_ALWAYS_REJECT', 2);
-define('RM_ACT_REJECT_IF_CONFLICTS', 3);
-// The following are only for groups
-define('RM_ACT_MANUAL_IF_CONFLICTS', 4);
-define('RM_ACT_MANUAL', 5);
+define('RM_ACT_REJECT_IF_CONFLICTS', 2);
+define('RM_ACT_MANUAL_IF_CONFLICTS', 3);
+define('RM_ACT_MANUAL', 4);
+define('RM_ACT_ALWAYS_REJECT', 5);
// What possible ITIP notification we can send
define('RM_ITIP_DECLINE', 1);
@@ -207,12 +206,42 @@
}
}
+function parseactionstring( $action ) {
+ switch (trim($action)) {
+ case 'ACT_ALWAYS_ACCEPT': return RM_ACT_ALWAYS_ACCEPT;
+ case 'ACT_ALWAYS_REJECT': return RM_ACT_ALWAYS_REJECT;
+ case 'ACT_REJECT_IF_CONFLICTS': return RM_ACT_REJECT_IF_CONFLICTS;
+ case 'ACT_MANUAL_IF_CONFLICTS': return RM_ACT_MANUAL_IF_CONFLICTS;
+ case 'ACT_MANUAL': return RM_ACT_MANUAL;
+ default: return false;
+ }
+}
+
+function getDN( $ldap, $mail ) {
+ global $params;
+ $filter = "(&(objectClass=kolabInetOrgPerson)(|(mail=$mail)(alias=$mail)))";
+ $result = ldap_search($ldap, $params['base_dn'],
+ $filter,
+ array('dn'));
+ if (!$result) {
+ myLog('Unable to perform LDAP search: ' . ldap_error($ldap));
+ return false;
+ }
+ $dn = false;
+ if( ldap_count_entries( $ldap, $result ) > 0 ) {
+ $entries = ldap_get_entries($ldap, $result);
+ $dn = $entries[0]['dn'];
+ }
+ ldap_free_result( $result );
+ return $dn;
+}
+
/**
* Look up action and encrypted password from LDAP and decrypt it
*/
function getLDAPData()
{
- global $resource, $params;
+ global $resource, $params, $sender;
// Connect to the LDAP server and retrieve the users' password
$ldap = ldap_connect($params['ldap_uri']);
@@ -235,9 +264,8 @@
return false;
}
- $action = $entries[0]['kolabresourceaction'][0];
+ $actions = $entries[0]['kolabresourceaction'];
$encpw = base64_decode($entries[0]['kolabencryptedpassword'][0]);
- ldap_close($ldap);
// Now get private key and decrypt the password
$pkd = file_get_contents($params['priv_key_file']);
@@ -250,36 +278,55 @@
if (!openssl_private_decrypt($encpw, $cleartext, $pkey)) {
while ($msg = openssl_error_string())
myLog("Error decrypting password: $msg");
+ ldap_free_result( $result );
+ ldap_close($ldap);
return false;
}
openssl_free_key($pkey);
-
- switch ($action) {
- case 'ACT_ALWAYS_ACCEPT':
- $action = RM_ACT_ALWAYS_ACCEPT;
- break;
-
- case 'ACT_ALWAYS_REJECT':
- $action = RM_ACT_ALWAYS_REJECT;
- break;
-
- case 'ACT_REJECT_IF_CONFLICTS':
- $action = RM_ACT_REJECT_IF_CONFLICTS;
- break;
-
- case 'ACT_MANUAL_IF_CONFLICTS':
- $action = RM_ACT_MANUAL_IF_CONFLICTS;
- break;
-
- case 'ACT_MANUAL':
- $action = RM_ACT_MANUAL;
- break;
-
- default:
- $action = false;
+
+ $policies = array();
+ $defaultpolicy = false;
+ foreach( $actions as $action ) {
+ if( ereg( '(.*):(.*)', $action, $regs ) ) {
+ myLog('found policy '.$regs[1].':'.$regs[2], RM_LOG_DEBUG );
+ $policies[$regs[1]] = parseactionstring($regs[2]);
+ } else {
+ $defaultpolicy = parseactionstring($action);
+ }
+ }
+ // Find sender's policy
+ if( array_key_exists( $sender, $policies ) ) {
+ // We have an exact match, stop processing
+ $action = $policies[$sender];
+ myLog("Found exact policy match $action for $sender", RM_LOG_DEBUG);
+ } else {
+ $action = false;
+ $dn = getDN( $ldap, $sender );
+ if( $dn ) {
+ // Sender is local, check for groups
+ foreach( $policies as $gid => $policy ) {
+ list($cn, $domain) = split( '@', $gid );
+ if( $domain != $params['email_domain'] ) continue;
+ $result = ldap_search($ldap, $params['base_dn'],
+ "(&(objectClass=kolabGroupOfNames)(cn=$cn)(member=$dn))",
+ array('dn'));
+ if (!$result) {
+ myLog('Unable to perform LDAP search: ' . ldap_error($ldap));
+ return false;
+ }
+ if(ldap_count_entries($ldap, $result) > 0) {
+ // User is member of group
+ if( !$action ) $action = $policy;
+ else $action = min( $action, $policy );
+ }
+ }
+ }
+ if( !$action && $defaultpolicy ) $action = $defaultpolicy;
}
+
+ ldap_close($ldap);
return array( 'password' => $cleartext, 'action' => $action );
}
@@ -814,9 +861,10 @@
// Set some parameters
$params['calendar_user'] = $resource;
$params['calendar_uid'] = getResourceUid();
-$ldapdata = getLDAPData();
+$ldapdata = &getLDAPData();
$params['calendar_pass'] = $ldapdata['password'];
$params['action'] = $ldapdata['action'];
+myLog("Action for $sender is ".$params['action'], RM_LOG_DEBUG);
if( !$params['action'] ) {
// Use defaults
if( $params['group'] ) {
More information about the commits
mailing list