/** * returns grants by owner * * eGW has owner based grants whereas Tine 2.0 has container based grants. * this class reads the egw owner grants and converts them into Tine 2.0 grants * attacheable to a tine 2.0 container * * @param string $_application * @param string $_accountId * @return Tinebase_Record_RecordSet of Tinebase_Model_Grant * @throws Tinebase_Exception_NotFound */ public function getGrantsByOwner($_application, $_accountId) { $egwAccountId = $this->mapAccountIdTine2Egw($_accountId); $acl_account = array($egwAccountId); if ($egwAccountId > 0) { $user = Tinebase_User::getInstance()->getUserById($_accountId); $groupIds = $user->getGroupMemberships(); foreach ($groupIds as $groupId) { try { $acl_account[] = $this->mapAccountIdTine2Egw($groupId, 'Group'); } catch (Exception $e) { $this->_log->INFO(__METHOD__ . '::' . __LINE__ . " skipping group {$groupId} in grants migration cause: " . $e); } } } $select = $this->_egwDb->select()->from(array('grants' => 'egw_acl'))->where($this->_egwDb->quoteInto($this->_egwDb->quoteIdentifier('acl_appname') . ' = ?', $_application))->where($this->_egwDb->quoteInto($this->_egwDb->quoteIdentifier('acl_account') . ' IN (?)', $acl_account)); $egwGrantDatas = $this->_egwDb->fetchAll($select, NULL, Zend_Db::FETCH_ASSOC); // print_r($egwGrantDatas); // in a first run we merge grants from different sources $effectiveGrants = array(); if ($egwAccountId > 0) { // owner has implicitly all grants in egw $effectiveGrants[$egwAccountId] = 31; } foreach ($egwGrantDatas as $egwGrantData) { // grants are int != 0 if ((int) $egwGrantData['acl_location'] == 0) { continue; } // NOTE: The grant source is not resolveable in Tine 2.0! // In Tine 2.0 grants are directly given to a container $grantsSource = $egwGrantData['acl_account']; $grantsDestination = $egwGrantData['acl_location']; $grantsGiven = $egwGrantData['acl_rights']; if (!(isset($effectiveGrants[$grantsDestination]) || array_key_exists($grantsDestination, $effectiveGrants))) { $effectiveGrants[$grantsDestination] = 0; } $effectiveGrants[$grantsDestination] |= $grantsGiven; } //print_r($effectiveGrants); // convert to tine grants $tineGrants = new Tinebase_Record_RecordSet('Tinebase_Model_Grants'); foreach ($effectiveGrants as $grantAccount => $egwGrants) { $tineGrant = new Tinebase_Model_Grants(array('account_id' => $this->mapAccountIdEgw2Tine($grantAccount), 'account_type' => (int) $grantAccount > 0 ? Tinebase_Acl_Rights::ACCOUNT_TYPE_USER : Tinebase_Acl_Rights::ACCOUNT_TYPE_GROUP)); foreach ($this->_grantMap as $egwGrant => $tineGrantString) { $tineGrant->{$tineGrantString} = (bool) ($egwGrants & $egwGrant); } // the owner also gets admin grants if ($egwAccountId > 0 && $grantAccount == $egwAccountId) { $tineGrant->{Tinebase_Model_Grants::GRANT_ADMIN} = TRUE; } $tineGrant->{Tinebase_Model_Grants::GRANT_EXPORT} = $tineGrant->{Tinebase_Model_Grants::GRANT_READ}; $tineGrant->{Tinebase_Model_Grants::GRANT_SYNC} = $tineGrant->{Tinebase_Model_Grants::GRANT_READ}; $tineGrant->{Tinebase_Model_Grants::GRANT_FREEBUSY} = $this->getApplication()->name == 'Calendar'; $tineGrants->addRecord($tineGrant); } // print_r($tineGrants->toArray()); // for group owners (e.g. group addressbooks) we need an container admin if ($egwAccountId < 0) { $adminGroup = Tinebase_Group::getInstance()->getDefaultAdminGroup(); $tineGrant = new Tinebase_Model_Grants(array('account_id' => $this->mapAccountIdEgw2Tine($_accountId), 'account_type' => Tinebase_Acl_Rights::ACCOUNT_TYPE_GROUP)); $tineGrant->{Tinebase_Model_Grants::GRANT_ADMIN} = TRUE; $tineGrants->addRecord($tineGrant); } return $tineGrants; }
/** * generates challenge (message 2) * * @return string hex */ protected function _getChallengeMessage() { $clientFlags = $this->getClientFlags(); $useNTLM2SessionSecurity = $clientFlags & self::FLAG_NEGOTIATE_NTLM2_KEY; $this->_log->INFO("client " . ($useNTLM2SessionSecurity ? 'supports' : " dosn't") . ' NTLM2 Session Security'); // force NTLM2 as this implies NTLMv2 or NTLM2 session response //$this->_serverFlags |= self::FLAG_NEGOTIATE_NTLM2_KEY; // todo: decide by serverFlags $targetInfoBuffer = $this->_getTargetInfoBuffer($this->_targetInfo); // todo: decide by serverFlags $targetNameBuffer = bin2hex($this->toUTF16LE($this->_targetInfo[self::TARGETINFO_DOMAIN])); // base offset to first buffer $offset = 48; $message2 = '4e544c4d53535000' . '02000000' . bin2hex(pack('vvV', strlen($targetNameBuffer) / 2, strlen($targetNameBuffer) / 2, $offset)) . $this->getServerFlags() . $this->_getChallenge() . '0000000000000000' . bin2hex(pack('vvV', strlen($targetInfoBuffer) / 2, strlen($targetInfoBuffer) / 2, $offset += strlen($targetNameBuffer) / 2)) . $targetNameBuffer . $targetInfoBuffer; $this->_log->INFO('server generated ntlm message #2'); $this->_log->DEBUG("ntlmMessage #2: {$message2}"); return $message2; }