1 <?php
2 /*
3 * This code is part of GOsa (http://www.gosa-project.org)
4 * Copyright (C) 2003-2008 GONICUS GmbH
5 *
6 * ID: $$Id: class_sudo.inc 9975 2008-03-25 14:09:30Z hickert $$
7 *
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
21 */
24 /*! \brief Sudo generic class. Allow setting User/Host/Command/Runas
25 for a sudo role object.
26 */
27 class sudo extends plugin
28 {
29 /* Group attributes */
30 var $cn= "";
31 var $description= "";
33 var $sudoUser = array();
34 var $sudoCommand= array();
35 var $sudoHost = array();
36 var $sudoRunas = array();
38 var $objectclasses = array("top","sudoRole");
39 var $attributes = array("cn","description","sudoUser","sudoCommand","sudoHost","sudoRunas");
41 var $is_account = TRUE;
43 /*! \brief Returns to the base department for sudo roles.
44 This department is then used to store new roles.
45 @param Object GOsa configuration object.
46 @return String sudo store department
47 */
48 public static function get_sudoers_ou($config)
49 {
50 /***
51 GET sudo base
52 ***/
53 $base ="";
54 if(empty($base)){
55 /* Default is ou=sudoers,BASE */
56 $base = "ou=sudoers,".$config->current['BASE'];
57 }else{
59 /* Append base to given sudoers ou if missing */
60 if(!preg_match("/".normalizePreg($config->current['BASE'])."$/i",$base)){
61 if(!preg_match("/,$/",$base)){
62 $base = $base.",".$config->current['BASE'];
63 }else{
64 $base = $base.$config->current['BASE'];
65 }
66 }
67 }
68 return($base);
69 }
71 /*! \brief Initializes this sudo class, with all required attributes.
72 @param Object $config GOsa configuration object.
73 @param String $db "new" or the sudo role dn.
74 @return .
75 */
76 function sudo(&$config, $dn= NULL)
77 {
78 plugin::plugin ($config, $dn);
80 foreach(array("sudoUser","sudoCommand","sudoHost","sudoRunas") as $attr){
81 $this->$attr = array();
82 if(isset($this->attrs[$attr])){
83 $tmp = array();
84 for($i = 0 ; $i < $this->attrs[$attr]['count']; $i++){
85 $tmp[] = $this->attrs[$attr][$i];
86 }
87 $this->$attr = $tmp;
88 }
89 }
91 /*******
92 Prepare Flags
93 *******/
95 $options = array();
96 // BOOLEAN
97 $options[]=array("NAME"=>"long_otp_prompt" , "TYPE"=>"BOOLEAN", "VALUE" => "1");
98 $options[]=array("NAME"=>"ignore_dot" , "TYPE"=>"BOOLEAN", "VALUE" => "1");
99 $options[]=array("NAME"=>"mail_always" , "TYPE"=>"BOOLEAN", "VALUE" => "1");
100 $options[]=array("NAME"=>"mail_badpass" , "TYPE"=>"BOOLEAN", "VALUE" => "1");
101 $options[]=array("NAME"=>"mail_no_user" , "TYPE"=>"BOOLEAN", "VALUE" => "1");
102 $options[]=array("NAME"=>"mail_no_host" , "TYPE"=>"BOOLEAN", "VALUE" => "1");
103 $options[]=array("NAME"=>"mail_no_perms" , "TYPE"=>"BOOLEAN", "VALUE" => "1");
104 $options[]=array("NAME"=>"tty_tickets" , "TYPE"=>"BOOLEAN", "VALUE" => "1");
105 $options[]=array("NAME"=>"authenticate" , "TYPE"=>"BOOLEAN", "VALUE" => "1");
106 $options[]=array("NAME"=>"root_sudo" , "TYPE"=>"BOOLEAN", "VALUE" => "1");
107 $options[]=array("NAME"=>"log_host" , "TYPE"=>"BOOLEAN", "VALUE" => "1");
108 $options[]=array("NAME"=>"log_year" , "TYPE"=>"BOOLEAN", "VALUE" => "1");
109 $options[]=array("NAME"=>"shell_noargs" , "TYPE"=>"BOOLEAN", "VALUE" => "1");
110 $options[]=array("NAME"=>"set_home" , "TYPE"=>"BOOLEAN", "VALUE" => "1");
111 $options[]=array("NAME"=>"always_set_home" , "TYPE"=>"BOOLEAN", "VALUE" => "1");
112 $options[]=array("NAME"=>"path_info" , "TYPE"=>"BOOLEAN", "VALUE" => "1");
113 $options[]=array("NAME"=>"preserve_groups" , "TYPE"=>"BOOLEAN", "VALUE" => "1");
114 $options[]=array("NAME"=>"fqdn" , "TYPE"=>"BOOLEAN", "VALUE" => "1");
115 $options[]=array("NAME"=>"insults" , "TYPE"=>"BOOLEAN", "VALUE" => "1");
116 $options[]=array("NAME"=>"requiretty" , "TYPE"=>"BOOLEAN", "VALUE" => "1");
117 $options[]=array("NAME"=>"env_editor" , "TYPE"=>"BOOLEAN", "VALUE" => "1");
118 $options[]=array("NAME"=>"rootpw" , "TYPE"=>"BOOLEAN", "VALUE" => "1");
119 $options[]=array("NAME"=>"runaspw" , "TYPE"=>"BOOLEAN", "VALUE" => "1");
120 $options[]=array("NAME"=>"targetpw" , "TYPE"=>"BOOLEAN", "VALUE" => "1");
121 $options[]=array("NAME"=>"set_logname" , "TYPE"=>"BOOLEAN", "VALUE" => "1");
122 $options[]=array("NAME"=>"stay_setuid" , "TYPE"=>"BOOLEAN", "VALUE" => "1");
123 $options[]=array("NAME"=>"env_reset" , "TYPE"=>"BOOLEAN", "VALUE" => "1");
124 $options[]=array("NAME"=>"use_loginclass" , "TYPE"=>"BOOLEAN", "VALUE" => "1");
125 $options[]=array("NAME"=>"noexec" , "TYPE"=>"BOOLEAN", "VALUE" => "1");
126 $options[]=array("NAME"=>"ignore_local_sudoers" , "TYPE"=>"BOOLEAN", "VALUE" => "1");
128 //STRINGS
129 }
131 /*! \brief Creates the sudo generic ui.
132 @return String The generated HTML content for this plugin.
133 */
134 function execute()
135 {
136 /* Call parent execute */
137 plugin::execute();
139 /*********************
140 NEGATE values
141 *********************/
142 foreach($_POST as $name => $value){
143 if(preg_match("/^neg_/",$name)){
144 $attr = preg_replace("/^neg_([^_]*)_.*$/","\\1",$name);
145 $value= preg_replace("/^neg_[^_]*_([0-9]*)_.*$/","\\1",$name);
147 $attrs = $this->$attr;
148 if(isset( $attrs[$value])){
149 $v = $attrs[$value];
150 if(preg_match("/^!/",$v)){
151 $attrs[$value] = preg_replace("/^!/","",$v);
152 }else{
153 $attrs[$value] = "!".$v;
154 }
155 $this->$attr = $attrs;
156 }
157 break; // Do it once, image inputs will be posted twice
158 }
159 }
161 /*********************
162 Delete values
163 *********************/
164 foreach($_POST as $name => $value){
165 if(preg_match("/^del_/",$name)){
166 $attr = preg_replace("/^del_([^_]*)_.*$/","\\1",$name);
167 $value= preg_replace("/^del_[^_]*_([0-9]*)_.*$/","\\1",$name);
168 $attrs = $this->$attr;
169 if(isset( $attrs[$value])){
170 unset($attrs[$value]);
171 $this->$attr = $attrs;
172 }
173 break; // Do it once, image inputs will be posted twice
174 }
175 }
178 /*********************
179 ADD values
180 *********************/
181 foreach(array("sudoUser","sudoHost","sudoRunas") as $attr){
182 if(isset($_POST["add_".$attr]) && isset($_POST['new_'.$attr]) && !empty($_POST['new_'.$attr])){
183 if(preg_match("/^[a-z\.0-9]*$/i",$_POST['new_'.$attr])){
184 $attrs = $this->$attr;
185 $attrs[] = trim($_POST['new_'.$attr]);
186 $this->$attr = $attrs;
187 }else{
188 msg_dialog::display(_("Error"),msgPool::invalid($attr,$_POST['new_'.$attr],"/[a-z0-9]/"));
189 }
190 }
191 }
193 foreach(array("sudoCommand") as $attr){
194 if(isset($_POST["add_".$attr]) && isset($_POST['new_'.$attr])){
195 $attrs = $this->$attr;
196 $attrs[] = trim($_POST['new_'.$attr]);
197 $this->$attr = $attrs;
198 }
199 }
202 $smarty = get_smarty();
203 foreach($this->attributes as $attr){
204 $smarty->assign($attr,$this->$attr);
205 }
207 $divlist_sudoUser = new divSelectBox("divlist_sudoUser");
208 $divlist_sudoUser->SetHeight("90");
209 $divlist_sudoHost = new divSelectBox("divlist_sudoHost");
210 $divlist_sudoHost->Setheight("90");
211 $divlist_sudoRunas = new divSelectBox("divlist_sudoRunas");
212 $divlist_sudoRunas->Setheight("90");
213 $divlist_sudoCommand = new divSelectBox("divlist_sudoCommand");
214 $divlist_sudoCommand->Setheight("90");
216 $neg_img= "<img src='images/negate.png' alt='!' class='center'>";
217 $option = "<input type='image' src='images/negate.png' name='neg_%ATTR%_%KEY%' class='center'>";
218 $option.= "<input type='image' src='images/edittrash.png' name='del_%ATTR%_%KEY%' class='center'>";
219 foreach(array("sudoUser","sudoCommand","sudoHost","sudoRunas") as $attr){
220 foreach($this->$attr as $key => $entry){
221 $entry = preg_replace("/^!/",$neg_img,$entry);
222 $list_name = "divlist_".$attr;
223 $$list_name->AddEntry(
224 array(
225 array("string" => $entry),
226 array("string" => preg_replace(array("/%KEY%/","/%ATTR%/"),array($key,$attr),$option),
227 "attach" => "style='width:40px; border-right: 0px;'")));
228 }
229 }
231 $smarty->assign("divlist_sudoUser",$divlist_sudoUser->DrawList());
232 $smarty->assign("divlist_sudoHost",$divlist_sudoHost->DrawList());
233 $smarty->assign("divlist_sudoRunas",$divlist_sudoRunas->DrawList());
234 $smarty->assign("divlist_sudoCommand",$divlist_sudoCommand->DrawList());
236 return($smarty->fetch(get_template_path('generic.tpl', TRUE)));
237 }
240 /*! \brief Remove this sudo role from the ldap server
241 */
242 function remove_from_parent()
243 {
244 plugin::remove_from_parent();
246 $ldap = $this->config->get_ldap_link();
247 $ldap->cd($this->dn);
248 $ldap->rmdir($this->dn);
250 /* Send signal to the world that we've done */
251 $this->handle_post_events("remove");
252 }
255 /*! \brief Save all relevant HTML posts.
256 */
257 function save_object()
258 {
259 plugin::save_object();
260 }
263 /*! \brief Save changes into the ldap database.
264 */
265 function save()
266 {
267 plugin::save();
268 $this->cleanup();
270 $ldap = $this->config->get_ldap_link();
271 $ldap->cd($this->config->current['BASE']);
272 if($this->is_new){
273 $ldap->create_missing_trees(preg_replace('/^[^,]+,/', '', $this->dn));
274 $ldap->cd($this->dn);
275 $ldap->add($this->attrs);
277 /* Send signal to the world that we've done */
278 $this->handle_post_events("create");
279 }else{
280 $ldap->cd($this->dn);
281 $ldap->modify($this->attrs);;
283 /* Send signal to the world that we've done */
284 $this->handle_post_events("modify");
285 }
286 }
289 /*! \brief Check the given input.
290 @return Array All error messages in an array();
291 */
292 function check()
293 {
294 $message = plugin::check();
295 return ($message);
296 }
299 /*! \brief Add ACL object
300 @return Returns the ACL object.
301 */
302 static function plInfo()
303 {
304 return (array(
305 "plShortName" => _("Sudo"),
306 "plDescription" => _("Sudo role"),
307 "plSelfModify" => FALSE,
308 "plDepends" => array(),
309 "plPriority" => 0,
310 "plSection" => array("admin"),
311 "plCategory" => array("sudo" => array("objectClass" => "sudoRole", "description" => _("Sudo role"))),
313 "plProvidedAcls" => array(
314 "cn" => _("Name"),
315 "description" => _("Description"),
316 "sudoUser" => _("Users"),
317 "sudoHost" => _("Host"),
318 "sudoCommand" => _("Command"),
319 "sudoRunas" => _("Run as user"))
320 ));
321 }
322 }
323 // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
324 ?>