0d02166e68d46cbb845e24b1e4ca0d75d27115e5
1 <?php
2 /*
3 * This code is part of GOsa (http://www.gosa-project.org)
4 * Copyright (C) 2003-2008 GONICUS GmbH
5 *
6 * ID: $$Id: class_sudo.inc 9975 2008-03-25 14:09:30Z hickert $$
7 *
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
21 */
23 class sudo extends plugin
24 {
25 /* Group attributes */
26 var $cn= "";
27 var $description= "";
29 var $sudoUser = array();
30 var $sudoCommand= array();
31 var $sudoHost = array();
32 var $sudoRunas = array();
34 var $objectclasses = array("top","sudoRole");
35 var $attributes = array("cn","description","sudoUser","sudoCommand","sudoHost","sudoRunas");
37 var $is_account = TRUE;
39 public static function get_sudoers_ou($config)
40 {
41 /***
42 GET sudo base
43 ***/
44 $base ="";
45 if(empty($base)){
46 /* Default is ou=sudoers,BASE */
47 $base = "ou=sudoers,".$config->current['BASE'];
48 }else{
50 /* Append base to given sudoers ou if missing */
51 if(!preg_match("/".normalizePreg($config->current['BASE'])."$/i",$base)){
52 if(!preg_match("/,$/",$base)){
53 $base = $base.",".$config->current['BASE'];
54 }else{
55 $base = $base.$config->current['BASE'];
56 }
57 }
58 }
59 return($base);
60 }
62 function sudo(&$config, $dn= NULL)
63 {
64 plugin::plugin ($config, $dn);
66 foreach(array("sudoUser","sudoCommand","sudoHost","sudoRunas") as $attr){
67 $this->$attr = array();
68 if(isset($this->attrs[$attr])){
69 $tmp = array();
70 for($i = 0 ; $i < $this->attrs[$attr]['count']; $i++){
71 $tmp[] = $this->attrs[$attr][$i];
72 }
73 $this->$attr = $tmp;
74 }
75 }
77 /*******
78 Prepare Flags
79 *******/
81 $options = array();
82 // BOOLEAN
83 $options[]=array("NAME"=>"long_otp_prompt" , "TYPE"=>"BOOLEAN", "VALUE" => "1");
84 $options[]=array("NAME"=>"ignore_dot" , "TYPE"=>"BOOLEAN", "VALUE" => "1");
85 $options[]=array("NAME"=>"mail_always" , "TYPE"=>"BOOLEAN", "VALUE" => "1");
86 $options[]=array("NAME"=>"mail_badpass" , "TYPE"=>"BOOLEAN", "VALUE" => "1");
87 $options[]=array("NAME"=>"mail_no_user" , "TYPE"=>"BOOLEAN", "VALUE" => "1");
88 $options[]=array("NAME"=>"mail_no_host" , "TYPE"=>"BOOLEAN", "VALUE" => "1");
89 $options[]=array("NAME"=>"mail_no_perms" , "TYPE"=>"BOOLEAN", "VALUE" => "1");
90 $options[]=array("NAME"=>"tty_tickets" , "TYPE"=>"BOOLEAN", "VALUE" => "1");
91 $options[]=array("NAME"=>"authenticate" , "TYPE"=>"BOOLEAN", "VALUE" => "1");
92 $options[]=array("NAME"=>"root_sudo" , "TYPE"=>"BOOLEAN", "VALUE" => "1");
93 $options[]=array("NAME"=>"log_host" , "TYPE"=>"BOOLEAN", "VALUE" => "1");
94 $options[]=array("NAME"=>"log_year" , "TYPE"=>"BOOLEAN", "VALUE" => "1");
95 $options[]=array("NAME"=>"shell_noargs" , "TYPE"=>"BOOLEAN", "VALUE" => "1");
96 $options[]=array("NAME"=>"set_home" , "TYPE"=>"BOOLEAN", "VALUE" => "1");
97 $options[]=array("NAME"=>"always_set_home" , "TYPE"=>"BOOLEAN", "VALUE" => "1");
98 $options[]=array("NAME"=>"path_info" , "TYPE"=>"BOOLEAN", "VALUE" => "1");
99 $options[]=array("NAME"=>"preserve_groups" , "TYPE"=>"BOOLEAN", "VALUE" => "1");
100 $options[]=array("NAME"=>"fqdn" , "TYPE"=>"BOOLEAN", "VALUE" => "1");
101 $options[]=array("NAME"=>"insults" , "TYPE"=>"BOOLEAN", "VALUE" => "1");
102 $options[]=array("NAME"=>"requiretty" , "TYPE"=>"BOOLEAN", "VALUE" => "1");
103 $options[]=array("NAME"=>"env_editor" , "TYPE"=>"BOOLEAN", "VALUE" => "1");
104 $options[]=array("NAME"=>"rootpw" , "TYPE"=>"BOOLEAN", "VALUE" => "1");
105 $options[]=array("NAME"=>"runaspw" , "TYPE"=>"BOOLEAN", "VALUE" => "1");
106 $options[]=array("NAME"=>"targetpw" , "TYPE"=>"BOOLEAN", "VALUE" => "1");
107 $options[]=array("NAME"=>"set_logname" , "TYPE"=>"BOOLEAN", "VALUE" => "1");
108 $options[]=array("NAME"=>"stay_setuid" , "TYPE"=>"BOOLEAN", "VALUE" => "1");
109 $options[]=array("NAME"=>"env_reset" , "TYPE"=>"BOOLEAN", "VALUE" => "1");
110 $options[]=array("NAME"=>"use_loginclass" , "TYPE"=>"BOOLEAN", "VALUE" => "1");
111 $options[]=array("NAME"=>"noexec" , "TYPE"=>"BOOLEAN", "VALUE" => "1");
112 $options[]=array("NAME"=>"ignore_local_sudoers" , "TYPE"=>"BOOLEAN", "VALUE" => "1");
114 //STRINGS
115 }
117 function execute()
118 {
119 /* Call parent execute */
120 plugin::execute();
122 /*********************
123 NEGATE values
124 *********************/
125 foreach($_POST as $name => $value){
126 if(preg_match("/^neg_/",$name)){
127 $attr = preg_replace("/^neg_([^_]*)_.*$/","\\1",$name);
128 $value= preg_replace("/^neg_[^_]*_([0-9]*)_.*$/","\\1",$name);
130 $attrs = $this->$attr;
131 if(isset( $attrs[$value])){
132 $v = $attrs[$value];
133 if(preg_match("/^!/",$v)){
134 $attrs[$value] = preg_replace("/^!/","",$v);
135 }else{
136 $attrs[$value] = "!".$v;
137 }
138 $this->$attr = $attrs;
139 }
140 break; // Do it once, image inputs will be posted twice
141 }
142 }
144 /*********************
145 Delete values
146 *********************/
147 foreach($_POST as $name => $value){
148 if(preg_match("/^del_/",$name)){
149 $attr = preg_replace("/^del_([^_]*)_.*$/","\\1",$name);
150 $value= preg_replace("/^del_[^_]*_([0-9]*)_.*$/","\\1",$name);
151 $attrs = $this->$attr;
152 if(isset( $attrs[$value])){
153 unset($attrs[$value]);
154 $this->$attr = $attrs;
155 }
156 break; // Do it once, image inputs will be posted twice
157 }
158 }
161 /*********************
162 ADD values
163 *********************/
164 foreach(array("sudoUser","sudoHost","sudoRunas") as $attr){
165 if(isset($_POST["add_".$attr]) && isset($_POST['new_'.$attr]) && !empty($_POST['new_'.$attr])){
166 if(preg_match("/^[a-z\.0-9]*$/i",$_POST['new_'.$attr])){
167 $attrs = $this->$attr;
168 $attrs[] = trim($_POST['new_'.$attr]);
169 $this->$attr = $attrs;
170 }else{
171 msg_dialog::display(_("Invalid"),msgPool::invalid($attr,$_POST['new_'.$attr],"/[a-z0-9]/"));
172 }
173 }
174 }
176 foreach(array("sudoCommand") as $attr){
177 if(isset($_POST["add_".$attr]) && isset($_POST['new_'.$attr])){
178 $attrs = $this->$attr;
179 $attrs[] = trim($_POST['new_'.$attr]);
180 $this->$attr = $attrs;
181 }
182 }
185 $smarty = get_smarty();
186 foreach($this->attributes as $attr){
187 $smarty->assign($attr,$this->$attr);
188 }
190 $divlist_sudoUser = new divSelectBox("divlist_sudoUser");
191 $divlist_sudoUser->SetHeight("90");
192 $divlist_sudoHost = new divSelectBox("divlist_sudoHost");
193 $divlist_sudoHost->Setheight("90");
194 $divlist_sudoRunas = new divSelectBox("divlist_sudoRunas");
195 $divlist_sudoRunas->Setheight("90");
196 $divlist_sudoCommand = new divSelectBox("divlist_sudoCommand");
197 $divlist_sudoCommand->Setheight("90");
199 $neg_img= "<img src='images/negate.png' alt='!' class='center'>";
200 $option = "<input type='image' src='images/negate.png' name='neg_%ATTR%_%KEY%' class='center'>";
201 $option.= "<input type='image' src='images/edittrash.png' name='del_%ATTR%_%KEY%' class='center'>";
202 foreach(array("sudoUser","sudoCommand","sudoHost","sudoRunas") as $attr){
203 foreach($this->$attr as $key => $entry){
204 $entry = preg_replace("/^!/",$neg_img,$entry);
205 $list_name = "divlist_".$attr;
206 $$list_name->AddEntry(
207 array(
208 array("string" => $entry),
209 array("string" => preg_replace(array("/%KEY%/","/%ATTR%/"),array($key,$attr),$option),
210 "attach" => "style='width:40px; border-right: 0px;'")));
211 }
212 }
214 $smarty->assign("divlist_sudoUser",$divlist_sudoUser->DrawList());
215 $smarty->assign("divlist_sudoHost",$divlist_sudoHost->DrawList());
216 $smarty->assign("divlist_sudoRunas",$divlist_sudoRunas->DrawList());
217 $smarty->assign("divlist_sudoCommand",$divlist_sudoCommand->DrawList());
219 return($smarty->fetch(get_template_path('generic.tpl', TRUE)));
220 }
222 function remove_from_parent()
223 {
224 plugin::remove_from_parent();
226 $ldap = $this->config->get_ldap_link();
227 $ldap->cd($this->dn);
228 $ldap->rmdir($this->dn);
230 /* Send signal to the world that we've done */
231 $this->handle_post_events("remove");
232 }
234 /* Save data to object */
235 function save_object()
236 {
237 plugin::save_object();
238 }
240 /* Save to LDAP */
241 function save()
242 {
243 plugin::save();
244 $this->cleanup();
246 $ldap = $this->config->get_ldap_link();
247 $ldap->cd($this->config->current['BASE']);
248 if($this->is_new){
249 $ldap->create_missing_trees(preg_replace('/^[^,]+,/', '', $this->dn));
250 $ldap->cd($this->dn);
251 $ldap->add($this->attrs);
253 /* Send signal to the world that we've done */
254 $this->handle_post_events("create");
255 }else{
256 $ldap->cd($this->dn);
257 $ldap->modify($this->attrs);;
259 /* Send signal to the world that we've done */
260 $this->handle_post_events("modify");
261 }
262 }
264 function check()
265 {
266 $message = plugin::check();
267 return ($message);
268 }
270 /* Return plugin informations for acl handling */
271 static function plInfo()
272 {
273 return (array(
274 "plShortName" => _("Sudo"),
275 "plDescription" => _("Sudo role"),
276 "plSelfModify" => FALSE,
277 "plDepends" => array(),
278 "plPriority" => 0,
279 "plSection" => array("admin"),
280 "plCategory" => array("sudo" => array("objectClass" => "sudoRole", "description" => _("Sudo role"))),
282 "plProvidedAcls" => array(
283 "cn" => _("Name"),
284 "description" => _("Description"),
285 "sudoUser" => _("Users"),
286 "sudoHost" => _("Host"),
287 "sudoCommand" => _("Command"),
288 "sudoRunas" => _("Run as user"))
289 ));
290 }
291 }
292 // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
293 ?>