/**
* returns grants by owner
*
* eGW has owner based grants whereas Tine 2.0 has container based grants.
* this class reads the egw owner grants and converts them into Tine 2.0 grants
* attacheable to a tine 2.0 container
*
* @param string $_application
* @param string $_accountId
* @return Tinebase_Record_RecordSet of Tinebase_Model_Grant
* @throws Tinebase_Exception_NotFound
*/
public function getGrantsByOwner($_application, $_accountId)
{
$egwAccountId = $this->mapAccountIdTine2Egw($_accountId);
$acl_account = array($egwAccountId);
if ($egwAccountId > 0) {
$user = Tinebase_User::getInstance()->getUserById($_accountId);
$groupIds = $user->getGroupMemberships();
foreach ($groupIds as $groupId) {
try {
$acl_account[] = $this->mapAccountIdTine2Egw($groupId, 'Group');
} catch (Exception $e) {
$this->_log->INFO(__METHOD__ . '::' . __LINE__ . " skipping group {$groupId} in grants migration cause: " . $e);
}
}
}
$select = $this->_egwDb->select()->from(array('grants' => 'egw_acl'))->where($this->_egwDb->quoteInto($this->_egwDb->quoteIdentifier('acl_appname') . ' = ?', $_application))->where($this->_egwDb->quoteInto($this->_egwDb->quoteIdentifier('acl_account') . ' IN (?)', $acl_account));
$egwGrantDatas = $this->_egwDb->fetchAll($select, NULL, Zend_Db::FETCH_ASSOC);
// print_r($egwGrantDatas);
// in a first run we merge grants from different sources
$effectiveGrants = array();
if ($egwAccountId > 0) {
// owner has implicitly all grants in egw
$effectiveGrants[$egwAccountId] = 31;
}
foreach ($egwGrantDatas as $egwGrantData) {
// grants are int != 0
if ((int) $egwGrantData['acl_location'] == 0) {
continue;
}
// NOTE: The grant source is not resolveable in Tine 2.0!
// In Tine 2.0 grants are directly given to a container
$grantsSource = $egwGrantData['acl_account'];
$grantsDestination = $egwGrantData['acl_location'];
$grantsGiven = $egwGrantData['acl_rights'];
if (!(isset($effectiveGrants[$grantsDestination]) || array_key_exists($grantsDestination, $effectiveGrants))) {
$effectiveGrants[$grantsDestination] = 0;
}
$effectiveGrants[$grantsDestination] |= $grantsGiven;
}
//print_r($effectiveGrants);
// convert to tine grants
$tineGrants = new Tinebase_Record_RecordSet('Tinebase_Model_Grants');
foreach ($effectiveGrants as $grantAccount => $egwGrants) {
$tineGrant = new Tinebase_Model_Grants(array('account_id' => $this->mapAccountIdEgw2Tine($grantAccount), 'account_type' => (int) $grantAccount > 0 ? Tinebase_Acl_Rights::ACCOUNT_TYPE_USER : Tinebase_Acl_Rights::ACCOUNT_TYPE_GROUP));
foreach ($this->_grantMap as $egwGrant => $tineGrantString) {
$tineGrant->{$tineGrantString} = (bool) ($egwGrants & $egwGrant);
}
// the owner also gets admin grants
if ($egwAccountId > 0 && $grantAccount == $egwAccountId) {
$tineGrant->{Tinebase_Model_Grants::GRANT_ADMIN} = TRUE;
}
$tineGrant->{Tinebase_Model_Grants::GRANT_EXPORT} = $tineGrant->{Tinebase_Model_Grants::GRANT_READ};
$tineGrant->{Tinebase_Model_Grants::GRANT_SYNC} = $tineGrant->{Tinebase_Model_Grants::GRANT_READ};
$tineGrant->{Tinebase_Model_Grants::GRANT_FREEBUSY} = $this->getApplication()->name == 'Calendar';
$tineGrants->addRecord($tineGrant);
}
// print_r($tineGrants->toArray());
// for group owners (e.g. group addressbooks) we need an container admin
if ($egwAccountId < 0) {
$adminGroup = Tinebase_Group::getInstance()->getDefaultAdminGroup();
$tineGrant = new Tinebase_Model_Grants(array('account_id' => $this->mapAccountIdEgw2Tine($_accountId), 'account_type' => Tinebase_Acl_Rights::ACCOUNT_TYPE_GROUP));
$tineGrant->{Tinebase_Model_Grants::GRANT_ADMIN} = TRUE;
$tineGrants->addRecord($tineGrant);
}
return $tineGrants;
}
/**
* generates challenge (message 2)
*
* @return string hex
*/
protected function _getChallengeMessage()
{
$clientFlags = $this->getClientFlags();
$useNTLM2SessionSecurity = $clientFlags & self::FLAG_NEGOTIATE_NTLM2_KEY;
$this->_log->INFO("client " . ($useNTLM2SessionSecurity ? 'supports' : " dosn't") . ' NTLM2 Session Security');
// force NTLM2 as this implies NTLMv2 or NTLM2 session response
//$this->_serverFlags |= self::FLAG_NEGOTIATE_NTLM2_KEY;
// todo: decide by serverFlags
$targetInfoBuffer = $this->_getTargetInfoBuffer($this->_targetInfo);
// todo: decide by serverFlags
$targetNameBuffer = bin2hex($this->toUTF16LE($this->_targetInfo[self::TARGETINFO_DOMAIN]));
// base offset to first buffer
$offset = 48;
$message2 = '4e544c4d53535000' . '02000000' . bin2hex(pack('vvV', strlen($targetNameBuffer) / 2, strlen($targetNameBuffer) / 2, $offset)) . $this->getServerFlags() . $this->_getChallenge() . '0000000000000000' . bin2hex(pack('vvV', strlen($targetInfoBuffer) / 2, strlen($targetInfoBuffer) / 2, $offset += strlen($targetNameBuffer) / 2)) . $targetNameBuffer . $targetInfoBuffer;
$this->_log->INFO('server generated ntlm message #2');
$this->_log->DEBUG("ntlmMessage #2: {$message2}");
return $message2;
}
