1 <?php
2 /*
3 * This code is part of GOsa (http://www.gosa-project.org)
4 * Copyright (C) 2003-2008 GONICUS GmbH
5 *
6 * ID: $$Id: class_sudoManagement.inc 10099 2008-04-01 12:52:01Z hickert $$
7 *
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
21 */
23 class sudoManagement extends plugin
24 {
25 /* Definitions */
26 var $plHeadline = "Sudo";
27 var $plDescription = "Manage sudo roles";
29 var $DivListSudo = NULL;
30 var $base = "";
32 function sudoManagement (&$config, &$ui)
33 {
34 /* Save configuration for internal use */
35 $this->config = &$config;
36 $this->ui = &$ui;
37 $this->base = get_ou("sudoou");
39 echo "base checks, maybe it is not set, or it do not exists";;
41 /* Copy & Paste enabled ?*/
42 if((isset($this->config->data['MAIN']['ENABLECOPYPASTE']))&&
43 (preg_match("/true/i",$this->config->data['MAIN']['ENABLECOPYPASTE']))){
44 $this->CopyPasteHandler = new CopyPasteHandler($this->config);
45 }
47 /* Create dialog object */
48 $this->DivListSudo = new divListSudo($this->config,$this);
49 }
52 function execute()
53 {
54 /* Call parent execute */
55 plugin::execute();
57 /* Store these posts if the current object is locked (used by somebody else)*/
58 session::set('LOCK_VARS_TO_USE',array("/^act$/","/^id$/","/^group_edit_/","/^group_del_/","/^item_selected/","/^remove_multiple_sudos/","/^multiple_edit/","/menu_action/"));
60 /* Save data */
61 $s_action = "";
62 $s_entry = "";
64 $s_entry = preg_replace("/_.$/","",$s_entry);
66 /* handle C&P from layers menu */
67 if(isset($_POST['menu_action']) && preg_match("/^multiple_copy_systems/",$_POST['menu_action'])){
68 $s_action = "copy_multiple";
69 }
71 $smarty= get_smarty();
73 /********************
74 Create notification event
75 ********************/
77 /********************
78 Create a new group ...
79 ********************/
81 /* New group? */
82 if ($s_action=="new"){
84 /* Check create permissions */
85 $acl = $this->ui->get_permissions($this->DivListSudo->selectedBase,"sudos/group");
86 if(preg_match("/c/",$acl)){
88 /* By default we set 'dn' to 'new', all relevant plugins will
89 react on this. */
90 $this->dn= "new";
92 /* Create new grouptab object */
93 $this->grouptab= new grouptabs($this->config, $this->config->data['TABS']['GROUPTABS'], $this->dn);
95 /* Set up the group ACL's for this 'dn' */
96 $this->grouptab->set_acl_base($this->DivListSudo->selectedBase);
97 }
98 }
101 /********************
102 Save Group Tab/Object Changes
103 ********************/
105 /* Finish group edit is triggered by the tabulator dialog, so
106 the user wants to save edited data. Check and save at this
107 point. */
108 if ((isset($_POST['edit_finish']) || isset($_POST['edit_apply'])) && (isset($this->grouptab->config)) ){
110 /* Check tabs, will feed message array
111 Save, or display error message? */
112 $message= $this->grouptab->check();
113 if (count($message) == 0){
115 /* Save user data to ldap */
116 $this->grouptab->save();
118 if (!isset($_POST['edit_apply'])){
119 /* Group has been saved successfully, remove lock from LDAP. */
120 if ($this->dn != "new"){
121 del_lock ($this->dn);
122 }
124 /* There's no page reload so we have to read new sudos at this point. */
125 //$this->reload ();
126 unset ($this->grouptab);
127 $this->grouptab= NULL;
128 session::un_set('objectinfo');
129 }
130 } else {
131 /* Ok. There seem to be errors regarding to the tab data,
132 show message and continue as usual. */
133 msg_dialog::displayChecks($message);
134 }
135 }
138 /********************
139 Edit multiple entries
140 ********************/
142 /* User wants to edit data? */
143 if ($s_action == "multiple_edit" && !isset($this->grouptab->config)){
145 $this->dn = array();
146 foreach($this->list_get_selected_items() as $id){
147 $this->dn[] = $this->list[$id]['dn'];;
148 }
149 $tmp = new multi_plug($this->config,"grouptabs",$this->config->data['TABS']['GROUPTABS'],
150 $this->dn,$this->DivListSudo->selectedBase,"groups");
151 if ($tmp->entries_locked()){
152 return($tmp->display_lock_message());
153 }
154 $tmp->lock_entries($this->ui->dn);
155 if($tmp->multiple_available()){
156 $this->grouptab = $tmp;
157 session::set('objectinfo',$this->grouptab->get_object_info());
158 }
159 }
162 /********************
163 Edit existing group
164 ********************/
166 /* User wants to edit data? */
167 if (($s_action=="edit") && (!isset($this->grouptab-> config))){
169 /* Get 'dn' from posted 'uid', must be unique */
170 $this->dn= $this->list[trim($s_entry)]['dn'];
172 /* Check locking & lock entry if required */
173 $user = get_lock($this->dn);
174 if ($user != ""){
175 return(gen_locked_message ($user, $this->dn));
176 }
177 add_lock ($this->dn, $this->ui->dn);
179 /* Register grouptab to trigger edit dialog */
180 $this->grouptab= new grouptabs($this->config,$this->config->data['TABS']['GROUPTABS'], $this->dn);
181 $this->grouptab->set_acl_base($this->dn);
182 session::set('objectinfo',$this->dn);
183 }
186 /********************
187 Delete MULTIPLE entries requested, display confirm dialog
188 ********************/
190 if ($s_action=="del_multiple"){
191 $ids = $this->list_get_selected_items();
193 if(count($ids)){
195 foreach($ids as $id){
196 $dn = $this->list[$id]['dn'];
197 if (($user= get_lock($dn)) != ""){
198 return(gen_locked_message ($user, $dn));
199 }
200 $this->dns[$id] = $dn;
201 }
203 $dns_names = array();
204 foreach($this->dns as $dn){
205 add_lock ($dn, $this->ui->dn);
206 $dns_names[] =@LDAP::fix($dn);
207 }
209 /* Lock the current entry, so nobody will edit it during deletion */
210 $smarty->assign("info", msgPool::deleteInfo($dns_names,_("group")));
211 $smarty->assign("multiple", true);
212 return($smarty->fetch(get_template_path('remove.tpl', TRUE)));
213 }
214 }
217 /********************
218 Delete MULTIPLE entries confirmed
219 ********************/
221 /* Confirmation for deletion has been passed. Groups should be deleted. */
222 if (isset($_POST['delete_multiple_groups_confirm'])){
224 /* Remove user by user and check acls before removeing them */
225 foreach($this->dns as $key => $dn){
227 /* Load permissions for selected 'dn' and check if
228 we're allowed to remove this 'dn' */
229 $acl = $this->ui->get_permissions($dn,"groups/group");
230 if(preg_match("/d/",$acl)){
232 /* Delete request is permitted, perform LDAP action */
233 $this->grouptab= new grouptabs($this->config,$this->config->data['TABS']['GROUPTABS'], $dn);
234 $this->grouptab->set_acl_base($dn);
235 $this->grouptab->delete ();
236 unset ($this->grouptab);
237 $this->grouptab= NULL;
239 } else {
241 /* Normally this shouldn't be reached, send some extra
242 logs to notify the administrator */
243 msg_dialog::display(_("Permission error"), msgPool::permDelete(), ERROR_DIALOG);
244 new log("security","groups/".get_class($this),$dn,array(),"Tried to trick deletion.");
245 }
246 /* Remove lock file after successfull deletion */
247 del_lock ($dn);
248 unset($this->dns[$key]);
249 }
250 }
253 /********************
254 Delete MULTIPLE entries Canceled
255 ********************/
257 /* Remove lock */
258 if(isset($_POST['delete_multiple_user_cancel'])){
259 foreach($this->dns as $key => $dn){
260 del_lock ($dn);
261 unset($this->dns[$key]);
262 }
263 }
266 /********************
267 Delete group
268 ********************/
270 /* Remove group was requested */
271 if ($s_action=="del"){
273 /* Get 'dn' from posted 'uid' */
274 $this->dn= $this->list[trim($s_entry)]['dn'];
276 /* Load permissions for selected 'dn' and check if
277 we're allowed to remove this 'dn' */
278 $acl = $this->ui->get_permissions($this->dn,"groups/group");
279 if(preg_match("/d/",$acl)){
281 /* Check locking, save current plugin in 'back_plugin', so
282 the dialog knows where to return. */
283 if (($user= get_lock($this->dn)) != ""){
284 return(gen_locked_message ($user, $this->dn));
285 }
287 /* Lock the current entry, so nobody will edit it during deletion */
288 add_lock ($this->dn, $this->ui->dn);
289 $smarty->assign("info", msgPool::deleteInfo(@LDAP::fix($this->dn),_("group")));
290 $smarty->assign("multiple", false);
291 return($smarty->fetch(get_template_path('remove.tpl', TRUE)));
293 } else {
295 /* Obviously the user isn't allowed to delete. Show message and clean session. */
296 msg_dialog::display(_("Permission error"), msgPool::permDelete());
297 }
298 }
301 /********************
302 Delete group confirmed
303 ********************/
305 /* Confirmation for deletion has been passed. Group should be deleted. */
306 if (isset($_POST['delete_group_confirm'])){
308 /* Some nice guy may send this as POST, so we've to check
309 for the permissions again. */
310 $acl = $this->ui->get_permissions($this->dn,"groups/group");
311 if(preg_match("/d/",$acl)){
313 /* Delete request is permitted, perform LDAP action */
314 $this->grouptab= new grouptabs($this->config,$this->config->data['TABS']['GROUPTABS'], $this->dn);
315 $this->grouptab->set_acl_base($this->dn);
316 $this->grouptab->delete ();
317 unset ($this->grouptab);
318 $this->grouptab= NULL;
320 /* Group list has changed, reload it. */
321 //$this->reload ();
323 } else {
325 /* Normally this shouldn't be reached, send some extra
326 logs to notify the administrator */
327 msg_dialog::display(_("Permission error"), msgPool::permDelete(), ERROR_DIALOG);
328 new log("security","groups/".get_class($this),$dn,array(),"Tried to trick deletion.");
329 }
331 /* Remove lock file after successfull deletion */
332 del_lock ($this->dn);
333 session::un_set('objectinfo');
334 }
337 /********************
338 Delete group canceled
339 ********************/
341 /* Delete group canceled? */
342 if (isset($_POST['delete_cancel'])){
343 del_lock ($this->dn);
344 session::un_set('objectinfo');
345 }
348 /********************
349 A dialog was canceled
350 ********************/
352 /* Cancel dialogs */
353 if (isset($_POST['edit_cancel']) || isset($_POST['password_cancel'])){
354 if(isset($this->grouptab->dn)){
355 del_lock ($this->grouptab->dn);
356 }
357 unset ($this->grouptab);
358 $this->grouptab= NULL;
359 session::un_set('objectinfo');
360 }
363 /********************
364 If there is currently a dialog open, display it
365 ********************/
367 /* Show tab dialog if object is present */
368 if (isset($this->grouptab->config)){
369 $display= $this->grouptab->execute();
371 /* Don't show buttons if tab dialog requests this */
372 if(isset($this->grouptab->by_object)){
373 if (!$this->grouptab->by_object[$this->grouptab->current]->dialog){
374 $display.= "<p style=\"text-align:right\">\n";
375 $display.= "<input type=submit name=\"edit_finish\" style=\"width:80px\" value=\"".msgPool::okButton()."\">\n";
376 $display.= " \n";
377 if ($this->dn != "new"){
378 $display.= "<input type=submit name=\"edit_apply\" value=\"".msgPool::applyButton()."\">\n";
379 $display.= " \n";
380 }
381 $display.= "<input type=submit name=\"edit_cancel\" value=\"".msgPool::cancelButton()."\">\n";
382 $display.= "</p>";
383 }
384 }
385 return ($display);
386 }
388 /* Display dialog with group list */
389 $this->DivListSudo->parent = &$this;
390 $this->DivListSudo->execute();
391 $this->reload ();
392 $this->DivListSudo->setEntries($this->list);
393 return($this->DivListSudo->Draw());
394 }
397 function list_get_selected_items()
398 {
399 $ids = array();
400 foreach($_POST as $name => $value){
401 if(preg_match("/^item_selected_[0-9]*$/",$name)){
402 $id = preg_replace("/^item_selected_/","",$name);
403 $ids[$id] = $id;
404 }
405 }
406 return($ids);
407 }
410 function reload($CreatePosixsList=false)
411 {
412 $this->list = array();
413 $base = $this->base;
415 $Regex = $this->DivListSudo->Regex;
416 $UserRegex = $this->DivListSudo->UserRegex;
417 $SubSearch = $this->DivListSudo->SubSearch;
419 /********************
420 Create filter depending on selected checkboxes
421 ********************/
422 $values = array("cn","description","sudoUser","sudoCommand","sudoOption");
423 $ff = "(&(|(cn=".$Regex.")(description=".$Regex.")(sudoUser=".$UserRegex.")(objectClass=sudoRole)))";
424 $res = get_list($ff, "sudo",$base,$values, GL_SUBSEARCH);
425 $tmp = array();
426 foreach($res as $attrs){
427 $tmp[$attrs['cn'][0]] = $attrs;
428 }
429 uksort($tmp, 'strnatcasecmp');
430 $this->list = $tmp;
431 }
434 /* Save data to object */
435 function save_object()
436 {
437 $this->DivListSudo->save_object();
438 }
441 function remove_lock()
442 {
443 if (isset($this->grouptab->dn)){
444 del_lock ($this->grouptab->dn);
445 }
446 }
449 function remove_from_parent()
450 {
451 /* Optionally execute a command after we're done */
452 $this->postremove();
453 }
456 /* Save to LDAP */
457 function save()
458 {
459 /* Optionally execute a command after we're done */
460 $this->postcreate();
461 }
463 /* Unused functions */
464 function check() { }
465 function adapt_from_template($dn, $skip= array()) { }
466 function password_change_needed() { }
467 }
468 // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
469 ?>