1 <?php
2 /*
3 * This code is part of GOsa (http://www.gosa-project.org)
4 * Copyright (C) 2003-2008 GONICUS GmbH
5 *
6 * ID: $$Id: class_sudo.inc 9975 2008-03-25 14:09:30Z hickert $$
7 *
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
21 */
24 /*! \brief Sudo generic class. Allow setting User/Host/Command/Runas
25 for a sudo role object.
26 */
27 class sudo extends plugin
28 {
29 /* Group attributes */
30 var $cn= "";
31 var $description= "";
33 var $sudoUser = array("ALL");
34 var $sudoCommand= array();
35 var $sudoHost = array("ALL");
36 var $sudoRunas = array("ALL");
38 var $objectclasses = array("top","sudoRole");
39 var $attributes = array("cn","description","sudoUser","sudoCommand","sudoHost","sudoRunas");
41 var $is_account = TRUE;
43 var $dialog;
45 /*! \brief Returns to the base department for sudo roles.
46 This department is then used to store new roles.
47 @param Object GOsa configuration object.
48 @return String sudo store department
49 */
50 public static function get_sudoers_ou($config)
51 {
52 /***
53 GET sudo base
54 ***/
55 $base ="";
56 if(empty($base)){
57 /* Default is ou=sudoers,BASE */
58 $base = "ou=sudoers,".$config->current['BASE'];
59 }else{
61 /* Append base to given sudoers ou if missing */
62 if(!preg_match("/".normalizePreg($config->current['BASE'])."$/i",$base)){
63 if(!preg_match("/,$/",$base)){
64 $base = $base.",".$config->current['BASE'];
65 }else{
66 $base = $base.$config->current['BASE'];
67 }
68 }
69 }
70 return($base);
71 }
73 /*! \brief Initializes this sudo class, with all required attributes.
74 @param Object $config GOsa configuration object.
75 @param String $db "new" or the sudo role dn.
76 @return .
77 */
78 function sudo(&$config, $dn= NULL)
79 {
80 plugin::plugin ($config, $dn);
82 if($this->initially_was_account){
83 foreach(array("sudoUser","sudoCommand","sudoHost","sudoRunas") as $attr){
84 $this->$attr = array();
85 if(isset($this->attrs[$attr])){
86 $tmp = array();
87 for($i = 0 ; $i < $this->attrs[$attr]['count']; $i++){
88 $tmp[] = $this->attrs[$attr][$i];
89 }
90 $this->$attr = $tmp;
91 }
92 }
93 }
94 }
97 /*! \brief Creates the sudo generic ui.
98 @return String The generated HTML content for this plugin.
99 */
100 function execute()
101 {
102 /* Call parent execute */
103 plugin::execute();
105 /*********************
106 Add users
107 *********************/
109 if(isset($_POST['list_sudoUser']) && !is_object($this->dialog)){
110 $used = array();
111 foreach($this->sudoUser as $name){
112 $used[] = preg_replace("/^!/","",$name);
113 }
114 $this->dialog =new target_list_users($this->config,$used);
115 }
117 /* Add selected hosts to the sudoUser list */
118 if(isset($_POST['SaveMultiSelectWindow']) && $this->dialog instanceof target_list_users){
119 foreach($this->dialog->save() as $entry){
120 $cn = trim($entry['uid'][0]);
121 if(!in_array($cn,$this->sudoUser) && !in_array("!".$cn,$this->sudoUser)){
122 $this->sudoUser[] = $cn;
123 }
124 }
125 unset($this->dialog);
126 $this->dialog = NULL;
127 }
130 /*********************
131 Add systems
132 *********************/
134 if(isset($_POST['list_sudoHost']) && !is_object($this->dialog)){
135 $used = array();
136 foreach($this->sudoHost as $name){
137 $used[] = preg_replace("/^!/","",$name);
138 }
139 $this->dialog =new target_list_systems($this->config,$used);
140 }
142 /* Add selected hosts to the sudoHost list */
143 if(isset($_POST['SaveMultiSelectWindow']) && $this->dialog instanceof target_list_systems){
144 foreach($this->dialog->save() as $entry){
145 $cn = trim($entry['cn'][0]);
146 if(!in_array($cn,$this->sudoHost) && !in_array("!".$cn,$this->sudoHost)){
147 $this->sudoHost[] = $cn;
148 }
149 }
150 unset($this->dialog);
151 $this->dialog = NULL;
152 }
155 /*********************
156 Dialog handling / display / close
157 *********************/
159 if(isset($_POST['CloseMultiSelectWindow']) && is_object($this->dialog)){
160 unset($this->dialog);
161 $this->dialog = NULL;
162 }
164 if(is_object($this->dialog)){
165 return($this->dialog->execute());
166 }
169 /*********************
170 NEGATE values
171 *********************/
172 foreach($_POST as $name => $value){
173 if(preg_match("/^neg_/",$name)){
174 $attr = preg_replace("/^neg_([^_]*)_.*$/","\\1",$name);
175 $value= preg_replace("/^neg_[^_]*_([0-9]*)_.*$/","\\1",$name);
177 $attrs = $this->$attr;
178 if(isset( $attrs[$value])){
179 $v = $attrs[$value];
180 if(preg_match("/^!/",$v)){
181 $attrs[$value] = preg_replace("/^!/","",$v);
182 }else{
183 $attrs[$value] = "!".$v;
184 }
185 $this->$attr = $attrs;
186 }
187 break; // Do it once, image inputs will be posted twice
188 }
189 }
191 /*********************
192 Delete values
193 *********************/
194 foreach($_POST as $name => $value){
195 if(preg_match("/^del_/",$name)){
196 $attr = preg_replace("/^del_([^_]*)_.*$/","\\1",$name);
197 $value= preg_replace("/^del_[^_]*_([0-9]*)_.*$/","\\1",$name);
198 $attrs = $this->$attr;
199 if(isset( $attrs[$value])){
200 unset($attrs[$value]);
201 $this->$attr = $attrs;
202 }
203 break; // Do it once, image inputs will be posted twice
204 }
205 }
208 /*********************
209 ADD values
210 *********************/
211 foreach(array("sudoUser","sudoHost","sudoRunas") as $attr){
212 if(isset($_POST["add_".$attr]) && isset($_POST['new_'.$attr]) && !empty($_POST['new_'.$attr])){
213 if(preg_match("/^[a-z\.0-9]*$/i",$_POST['new_'.$attr])){
214 $attrs = $this->$attr;
215 $attrs[] = trim($_POST['new_'.$attr]);
216 $this->$attr = $attrs;
217 }else{
218 msg_dialog::display(_("Error"),msgPool::invalid($attr,$_POST['new_'.$attr],"/[a-z0-9]/"));
219 }
220 }
221 }
223 foreach(array("sudoCommand") as $attr){
224 if(isset($_POST["add_".$attr]) && isset($_POST['new_'.$attr])){
225 $attrs = $this->$attr;
226 $attrs[] = trim($_POST['new_'.$attr]);
227 $this->$attr = $attrs;
228 }
229 }
232 $smarty = get_smarty();
233 foreach($this->attributes as $attr){
234 $smarty->assign($attr,$this->$attr);
235 }
237 $divlist_sudoUser = new divSelectBox("divlist_sudoUser");
238 $divlist_sudoUser->SetHeight("90");
239 $divlist_sudoHost = new divSelectBox("divlist_sudoHost");
240 $divlist_sudoHost->Setheight("90");
241 $divlist_sudoRunas = new divSelectBox("divlist_sudoRunas");
242 $divlist_sudoRunas->Setheight("90");
243 $divlist_sudoCommand = new divSelectBox("divlist_sudoCommand");
244 $divlist_sudoCommand->Setheight("90");
246 $neg_img= "<img src='images/negate.png' alt='!' class='center'>";
247 $option = "<input type='image' src='images/negate.png' name='neg_%ATTR%_%KEY%' class='center'>";
248 $option.= "<input type='image' src='images/edittrash.png' name='del_%ATTR%_%KEY%' class='center'>";
249 foreach(array("sudoUser","sudoCommand","sudoHost","sudoRunas") as $attr){
250 foreach($this->$attr as $key => $entry){
251 $entry = preg_replace("/^!/",$neg_img,$entry);
252 $list_name = "divlist_".$attr;
253 $$list_name->AddEntry(
254 array(
255 array("string" => $entry),
256 array("string" => preg_replace(array("/%KEY%/","/%ATTR%/"),array($key,$attr),$option),
257 "attach" => "style='width:40px; border-right: 0px;'")));
258 }
259 }
261 $smarty->assign("divlist_sudoUser",$divlist_sudoUser->DrawList());
262 $smarty->assign("divlist_sudoHost",$divlist_sudoHost->DrawList());
263 $smarty->assign("divlist_sudoRunas",$divlist_sudoRunas->DrawList());
264 $smarty->assign("divlist_sudoCommand",$divlist_sudoCommand->DrawList());
266 return($smarty->fetch(get_template_path('generic.tpl', TRUE)));
267 }
270 /*! \brief Remove this sudo role from the ldap server
271 */
272 function remove_from_parent()
273 {
274 plugin::remove_from_parent();
276 $ldap = $this->config->get_ldap_link();
277 $ldap->cd($this->dn);
278 $ldap->rmdir($this->dn);
280 /* Send signal to the world that we've done */
281 $this->handle_post_events("remove");
282 }
285 /*! \brief Save all relevant HTML posts.
286 */
287 function save_object()
288 {
289 plugin::save_object();
291 if(is_object($this->dialog)){
292 $this->dialog->save_object();
293 }
294 }
297 /*! \brief Save changes into the ldap database.
298 */
299 function save()
300 {
301 plugin::save();
302 $this->cleanup();
304 $ldap = $this->config->get_ldap_link();
305 $ldap->cd($this->config->current['BASE']);
306 if($this->is_new){
307 $ldap->create_missing_trees(preg_replace('/^[^,]+,/', '', $this->dn));
308 $ldap->cd($this->dn);
309 $ldap->add($this->attrs);
311 /* Send signal to the world that we've done */
312 $this->handle_post_events("create");
313 }else{
314 $ldap->cd($this->dn);
315 $ldap->modify($this->attrs);;
317 /* Send signal to the world that we've done */
318 $this->handle_post_events("modify");
319 }
321 if (!$ldap->success()){
322 msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap->get_error(), $this->dn, LDAP_DEL, get_class()));
323 }
324 }
327 /*! \brief Check the given input.
328 @return Array All error messages in an array();
329 */
330 function check()
331 {
332 $message = plugin::check();
333 return ($message);
334 }
337 /*! \brief Add ACL object
338 @return Returns the ACL object.
339 */
340 static function plInfo()
341 {
342 return (array(
343 "plShortName" => _("Sudo"),
344 "plDescription" => _("Sudo role"),
345 "plSelfModify" => FALSE,
346 "plDepends" => array(),
347 "plPriority" => 0,
348 "plSection" => array("admin"),
349 "plCategory" => array("sudo" => array("objectClass" => "sudoRole", "description" => _("Sudo role"))),
351 "plProvidedAcls" => array(
352 "cn" => _("Name"),
353 "description" => _("Description"),
354 "sudoUser" => _("Users"),
355 "sudoHost" => _("Host"),
356 "sudoCommand" => _("Command"),
357 "sudoRunas" => _("Run as user"))
358 ));
359 }
360 }
361 // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
362 ?>