1 <?php
2 /*
3 * This code is part of GOsa (http://www.gosa-project.org)
4 * Copyright (C) 2003-2008 GONICUS GmbH
5 *
6 * ID: $$Id: class_sudoManagement.inc 10099 2008-04-01 12:52:01Z hickert $$
7 *
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
21 */
23 /*! \brief This is the sudo management class. \
24 This class allows to add/remove/edit sudo roles with GOsa. \
25 All roles will be listed by this plugin, the displayed objects \
26 can also be filtered.
27 */
28 class sudoManagement extends plugin
29 {
30 /* Definitions */
31 public $plHeadline = "Sudo roles";
32 public $plDescription = "Manage sudo roles";
34 private $DivListSudo = NULL;
35 private $sudotabs = NULL;
36 private $base = "";
38 private $start_pasting_copied_objects = FALSE;
40 /*! \brief */
41 public function __construct(&$config, &$ui)
42 {
43 /* Save configuration for internal use */
44 $this->config = &$config;
45 $this->ui = &$ui;
46 $this->base = sudo::get_sudoers_ou($this->config);
48 /* Copy & Paste enabled ?*/
49 if((isset($this->config->data['MAIN']['ENABLECOPYPASTE']))&&(preg_match("/true/i",$this->config->data['MAIN']['ENABLECOPYPASTE']))){
50 $this->CopyPasteHandler = new CopyPasteHandler($this->config);
51 }
53 /* Create dialog object */
54 $this->DivListSudo = new divListSudo($this->config,$this);
55 }
58 /*! \brief Generate && Display HTML content
59 */
60 public function execute()
61 {
62 /* Call parent execute */
63 plugin::execute();
65 /********************
66 Handle Posts
67 ********************/
69 /* Store these posts if the current object is locked (used by somebody else)*/
70 session::set('LOCK_VARS_TO_USE',array(
71 "/^act$/","/^id$/","/^sudo_edit_/","/^cut_/","/^copy_/",
72 "/^sudo_del_/","/^item_selected/","/menu_action/"));
75 /* Get html posts */
76 $s_action = "";
77 $s_entry = "";
78 foreach($_POST as $name => $value){
79 if(preg_match("/^sudo_edit_/",$name)){
80 $s_action = "edit_role";
81 $s_entry = preg_replace("/^sudo_edit_([0-9]*).*$/","\\1",$name);
82 }
83 if(preg_match("/^sudo_del_/",$name)){
84 $s_action = "del_role";
85 $s_entry = preg_replace("/^sudo_del_([0-9]*).*$/","\\1",$name);
86 }elseif(preg_match("/^editPaste.*/i",$name)){
87 $s_action="editPaste";
88 }elseif(preg_match("/^copy_.*/",$name)){
89 $s_action="copy";
90 $s_entry = preg_replace("/^copy_([0-9]*).*$/i","\\1",$name);
91 # }elseif(preg_match("/^cut_.*/",$name)){
92 # $s_action="cut";
93 # $s_entry = preg_replace("/^cut_([0-9]*).*$/i","\\1",$name);
94 }
95 }
97 if(isset($_GET['act']) && isset($_GET['id']) && $_GET['act'] == "edit_entry"){
98 $id = trim($_GET['id']);
99 if(isset($this->list[$id])){
100 $s_action = "edit_role";
101 $s_entry = $id;
102 }
103 }
105 if(isset($_POST['menu_action']) && in_array($_POST['menu_action'],array("new_role","del_role","new_default","editPaste"))){
106 $s_action = $_POST['menu_action'];
107 }
109 /* handle C&P from layers menu */
110 if(isset($_POST['menu_action']) && preg_match("/^multiple_copy_sudo/",$_POST['menu_action'])){
111 $s_action = "copy_multiple";
112 }
114 $smarty= get_smarty();
116 /********************
117 Copy & Paste Handling ...
118 ********************/
120 /* Display the copy & paste dialog, if it is currently open */
121 $ret = $this->copyPasteHandling_from_queue($s_action,$s_entry);
122 if($ret){
123 return($ret);
124 }
127 /********************
128 Create a new sudo ...
129 ********************/
131 /* New sudo? */
132 if ($s_action=="new_role" || $s_action == "new_default"){
134 /* Check create permissions */
135 $acl = $this->ui->get_permissions($this->base,"sudo/sudo");
136 if(preg_match("/c/",$acl)){
138 /* By default we set 'dn' to 'new', all relevant plugins will
139 react on this. */
140 $this->dn= "new";
142 /* Create new sudotabs object */
143 $this->sudotabs= new sudotabs($this->config, $this->config->data['TABS']['SUDOTABS'], $this->dn);
145 /* Set up the sudo ACL's for this 'dn' */
146 $this->sudotabs->set_acl_base($this->base);
148 /* This entry will become the default entry */
149 if($s_action == "new_default"){
150 $this->sudotabs->set_default(TRUE);
151 }
152 }
153 }
156 /********************
157 Save Sudo Tab/Object Changes
158 ********************/
160 /* Save changes */
161 if ((isset($_POST['edit_finish']) || isset($_POST['edit_apply'])) && is_object($this->sudotabs)){
163 /* Check tabs, will feed message array
164 Save, or display error message? */
165 $message= $this->sudotabs->check();
166 if (count($message) == 0){
168 /* Save user data to ldap */
169 $this->sudotabs->save();
171 if (!isset($_POST['edit_apply'])){
173 /* Sudo has been saved successfully, remove lock from LDAP. */
174 if ($this->dn != "new"){
175 del_lock ($this->dn);
176 }
177 unset ($this->sudotabs);
178 $this->sudotabs= NULL;
179 session::un_set('objectinfo');
180 }else{
181 $this->dn = $this->sudotabs->dn;
182 $this->sudotabs= new sudotabs($this->config, $this->config->data['TABS']['SUDOTABS'], $this->dn);
183 session::set('objectinfo',$this->dn);
184 }
185 } else {
186 /* Ok. There seem to be errors regarding to the tab data,
187 show message and continue as usual. */
188 msg_dialog::displayChecks($message);
189 }
190 }
193 /********************
194 Edit existing role
195 ********************/
197 /* User wants to edit data? */
198 if (($s_action=="edit_role") && !is_object($this->sudotabs)){
200 /* Get 'dn' from posted 'uid', must be unique */
201 $this->dn= $this->list[trim($s_entry)]['dn'];
203 /* Check locking & lock entry if required */
204 $user = get_lock($this->dn);
205 if ($user != ""){
206 return(gen_locked_message ($user, $this->dn));
207 }
208 add_lock ($this->dn, $this->ui->dn);
210 /* Register sudotabs to trigger edit dialog */
211 $this->sudotabs= new sudotabs($this->config,$this->config->data['TABS']['SUDOTABS'], $this->dn);
212 $this->sudotabs->set_acl_base($this->base);
213 session::set('objectinfo',$this->dn);
214 }
217 /********************
218 Delete entries requested, display confirm dialog
219 ********************/
221 if ($s_action=="del_role"){
222 $ids = $this->list_get_selected_items();
223 if(!count($ids) && $s_entry!=""){
224 $ids = array($s_entry);
225 }
227 if(count($ids)){
229 /* Create list of entries to delete */
230 $this->dns = array();
231 $dns_names = array();
232 foreach($ids as $id){
233 $dn = $this->list[$id]['dn'];
234 $this->dns[$id] = $dn;
235 $dns_names[] =@LDAP::fix($dn);
236 }
238 /* Check locking of entries */
239 $users = get_multiple_locks($this->dns);
240 if(count($users)){
241 return(gen_locked_message($users,$this->dns));
242 }
244 /* Add locks */
245 add_lock($this->dns,$this->ui->dn);
247 /* Lock the current entry, so nobody will edit it during deletion */
248 $smarty->assign("info", msgPool::deleteInfo($dns_names,_("Sudo role")));
249 return($smarty->fetch(get_template_path('remove.tpl', TRUE)));
250 }
251 }
254 /********************
255 Delete entries confirmed
256 ********************/
258 /* Confirmation for deletion has been passed. Sudo should be deleted. */
259 if (isset($_POST['delete_sudos_confirmed'])){
261 /* Remove user by user and check acls before removeing them */
262 foreach($this->dns as $key => $dn){
264 /* Load permissions for selected 'dn' and check if
265 we're allowed to remove this 'dn' */
266 $acl = $this->ui->get_permissions($dn,"sudo/sudo");
267 if(preg_match("/d/",$acl)){
269 /* Delete request is permitted, perform LDAP action */
270 $this->sudotabs= new sudotabs($this->config,$this->config->data['TABS']['SUDOTABS'], $dn);
271 $this->sudotabs->set_acl_base($dn);
272 $this->sudotabs->delete ();
273 unset ($this->sudotabs);
274 $this->sudotabs= NULL;
276 } else {
278 /* Normally this shouldn't be reached, send some extra
279 logs to notify the administrator */
280 msg_dialog::display(_("Permission error"), msgPool::permDelete(), ERROR_DIALOG);
281 new log("security","sudo/".get_class($this),$dn,array(),"Tried to trick deletion.");
282 }
283 /* Remove lock file after successfull deletion */
284 del_lock ($dn);
285 unset($this->dns[$key]);
286 }
287 }
290 /********************
291 Delete entries Canceled
292 ********************/
294 /* Remove lock */
295 if(isset($_POST['delete_sudo_cancel'])){
296 del_lock ($this->dns);
297 unset($this->dns);
298 }
300 /********************
301 A dialog was canceled
302 ********************/
304 /* Cancel dialogs */
305 if (isset($_POST['edit_cancel']) && is_object($this->sudotabs)){
306 if(isset($this->sudotabs->dn)){
307 del_lock ($this->sudotabs->dn);
308 }
309 unset ($this->sudotabs);
310 $this->sudotabs= NULL;
311 session::un_set('objectinfo');
312 }
315 /********************
316 If there is currently a dialog open, display it
317 ********************/
319 /* Show tab dialog if object is present */
320 if (is_object($this->sudotabs)){
321 $display= $this->sudotabs->execute();
323 /* Don't show buttons if tab dialog requests this */
324 if(isset($this->sudotabs->by_object)){
325 if (!$this->sudotabs->by_object[$this->sudotabs->current]->dialog){
326 $display.= "<p style=\"text-align:right\">\n";
327 $display.= "<input type=submit name=\"edit_finish\" style=\"width:80px\" value=\"".msgPool::okButton()."\">\n";
328 $display.= " \n";
329 if ($this->dn != "new"){
330 $display.= "<input type=submit name=\"edit_apply\" value=\"".msgPool::applyButton()."\">\n";
331 $display.= " \n";
332 }
333 $display.= "<input type=submit name=\"edit_cancel\" value=\"".msgPool::cancelButton()."\">\n";
334 $display.= "</p>";
335 }
336 }
337 return ($display);
338 }
340 /* Check if there is a snapshot dialog open */
341 if($str = $this->showSnapshotDialog(sudo::get_sudoers_ou($this->config),$this->get_used_snapshot_bases())){
342 return($str);
343 }
345 /* Display dialog with sudo list */
346 $this->DivListSudo->execute();
347 $this->reload ();
348 $this->DivListSudo->setEntries($this->list);
349 return($this->DivListSudo->Draw());
350 }
353 /*! \brief Return all selected elements from HTML list
354 @return Array List of all selected list elements
355 */
356 private function list_get_selected_items()
357 {
358 $ids = array();
359 foreach($_POST as $name => $value){
360 if(preg_match("/^item_selected_[0-9]*$/",$name)){
361 $id = preg_replace("/^item_selected_/","",$name);
362 $ids[$id] = $id;
363 }
364 }
365 return($ids);
366 }
369 /*! \brief Reload the list of sudo roles.
370 */
371 private function reload($CreatePosixsList=false)
372 {
373 $this->list = array();
374 $base = $this->base;
376 $Regex = trim($this->DivListSudo->Regex);
377 $UserRegex = trim($this->DivListSudo->UserRegex);
378 $SubSearch = $this->DivListSudo->SubSearch;
380 /********************
381 Create filter depending on selected checkboxes
382 ********************/
383 $values = array("cn","description","sudoUser","sudoCommand","sudoOption");
384 if($UserRegex == "*"){
385 $ff = "(&(|(cn=".$Regex.")(description=".$Regex."))(objectClass=sudoRole))";
386 }else{
387 $ff = "(&(|(cn=".$Regex.")(description=".$Regex."))(sudoUser=".$UserRegex.")(objectClass=sudoRole))";
388 }
389 $res = get_list($ff, "sudo",$base,$values, GL_SIZELIMIT);
390 $tmp = array();
391 foreach($res as $attrs){
392 $tmp[$attrs['cn'][0]] = $attrs;
393 }
394 uksort($tmp, 'strnatcasecmp');
395 $this->list = array_values($tmp);
396 }
399 /*! \brief Save HTML post data to object
400 */
401 public function save_object()
402 {
403 $this->DivListSudo->save_object();
404 if(is_object($this->CopyPasteHandler)){
405 $this->CopyPasteHandler->save_object();
406 }
407 }
410 /*! \brief Remove this account
411 */
412 public function remove_from_parent()
413 {
414 /* Optionally execute a command after we're done */
415 $this->postremove();
416 }
419 /*! \brief Save to LDAP
420 */
421 public function save()
422 {
423 /* Optionally execute a command after we're done */
424 $this->postcreate();
425 }
428 /*! \brief Remove lock from entry
429 */
430 public function remove_lock()
431 {
432 if (is_object($this->sudotabs) && $this->sudotabs->dn != "new"){
433 del_lock ($this->sudotabs->dn);
434 }
435 if(isset($this->dns) && is_array($this->dns) && count($this->dns)){
436 del_lock($this->dns);
437 }
438 }
440 function get_used_snapshot_bases()
441 {
442 return(array(sudo::get_sudoers_ou($this->config)));
443 }
446 function copyPasteHandling_from_queue($s_action,$s_entry)
447 {
448 /* Check if Copy & Paste is disabled */
449 if(!is_object($this->CopyPasteHandler)){
450 return("");
451 }
453 /* Add a single entry to queue */
454 if($s_action == "cut" || $s_action == "copy"){
456 /* Cleanup object queue */
457 $this->CopyPasteHandler->cleanup_queue();
458 $dn = $this->list[$s_entry]['dn'];
459 $this->CopyPasteHandler->add_to_queue($dn,$s_action,"sudotabs","SUDOTABS","sudo");
460 }
462 /* Add entries to queue */
463 if($s_action == "copy_multiple" || $s_action == "cut_multiple"){
465 /* Cleanup object queue */
466 $this->CopyPasteHandler->cleanup_queue();
468 /* Add new entries to CP queue */
469 foreach($this->list_get_selected_items() as $id){
470 $dn = $this->list[$id]['dn'];
472 if($s_action == "copy_multiple"){
473 $this->CopyPasteHandler->add_to_queue($dn,"copy","sudotabs","SUDOTABS","sudo");
474 }
475 if($s_action == "cut_multiple"){
476 $this->CopyPasteHandler->add_to_queue($dn,"cut","sudotabs","SUDOTABS","sudo");
477 }
478 }
479 }
481 /* Start pasting entries */
482 if($s_action == "editPaste"){
483 $this->start_pasting_copied_objects = TRUE;
484 }
486 /* Return C&P dialog */
487 if($this->start_pasting_copied_objects && $this->CopyPasteHandler->entries_queued()){
489 /* Get dialog */
490 $data = $this->CopyPasteHandler->execute();
491 $this->CopyPasteHandler->SetVar("base",$this->DivListSudo->selectedBase);
493 /* Return dialog data */
494 if(!empty($data)){
495 return($data);
496 }
497 }
499 /* Automatically disable status for pasting */
500 if(!$this->CopyPasteHandler->entries_queued()){
501 $this->start_pasting_copied_objects = FALSE;
502 }
503 return("");
504 }
505 }
506 // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
507 ?>