1 <?php
2 /*
3 * This code is part of GOsa (http://www.gosa-project.org)
4 * Copyright (C) 2003-2008 GONICUS GmbH
5 *
6 * ID: $$Id: class_sudoManagement.inc 10099 2008-04-01 12:52:01Z hickert $$
7 *
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
21 */
23 /*! \brief This is the sudo management class. \
24 This class allows to add/remove/edit sudo roles with GOsa. \
25 All roles will be listed by this plugin, the displayed objects \
26 can also be filtered.
27 */
28 class sudoManagement extends plugin
29 {
30 /* Definitions */
31 public $plHeadline = "Sudo roles";
32 public $plDescription = "Manage sudo roles";
33 public $plIcon ="plugins/sudo/images/sudo.png";
35 private $DivListSudo = NULL;
36 private $sudotabs = NULL;
37 private $base = "";
39 private $start_pasting_copied_objects = FALSE;
41 public $acl_module = array("sudo");
43 /*! \brief */
44 public function __construct(&$config, &$ui)
45 {
46 /* Save configuration for internal use */
47 $this->config = &$config;
48 $this->ui = &$ui;
49 $this->base = sudo::get_sudoers_ou($this->config);
51 /* Copy & Paste enabled ?*/
52 if ($this->config->get_cfg_value("enablecopypaste") == "true"){
53 $this->CopyPasteHandler = new CopyPasteHandler($this->config);
54 }
56 /* Create dialog object */
57 $this->DivListSudo = new divListSudo($this->config,$this);
58 }
61 /*! \brief Generate && Display HTML content
62 */
63 public function execute()
64 {
65 /* Call parent execute */
66 plugin::execute();
68 /********************
69 Handle Posts
70 ********************/
72 /* Store these posts if the current object is locked (used by somebody else)*/
73 session::set('LOCK_VARS_TO_USE',array(
74 "/^act$/","/^id$/","/^sudo_edit_/","/^cut_/","/^copy_/",
75 "/^sudo_del_/","/^item_selected/","/menu_action/"));
78 /* Get html posts */
79 $s_action = "";
80 $s_entry = "";
81 foreach($_POST as $name => $value){
82 if(preg_match("/^sudo_edit_/",$name)){
83 $s_action = "edit_role";
84 $s_entry = preg_replace("/^sudo_edit_([0-9]*).*$/","\\1",$name);
85 }
86 if(preg_match("/^sudo_del_/",$name)){
87 $s_action = "del_role";
88 $s_entry = preg_replace("/^sudo_del_([0-9]*).*$/","\\1",$name);
89 }elseif(preg_match("/^editPaste.*/i",$name)){
90 $s_action="editPaste";
91 }elseif(preg_match("/^copy_.*/",$name)){
92 $s_action="copy";
93 $s_entry = preg_replace("/^copy_([0-9]*).*$/i","\\1",$name);
94 # }elseif(preg_match("/^cut_.*/",$name)){
95 # $s_action="cut";
96 # $s_entry = preg_replace("/^cut_([0-9]*).*$/i","\\1",$name);
97 }
98 }
100 if(isset($_GET['act']) && isset($_GET['id']) && $_GET['act'] == "edit_entry"){
101 $id = trim($_GET['id']);
102 if(isset($this->list[$id])){
103 $s_action = "edit_role";
104 $s_entry = $id;
105 }
106 }
108 if(isset($_POST['menu_action']) && in_array($_POST['menu_action'],array("new_role","del_role","new_default","editPaste"))){
109 $s_action = $_POST['menu_action'];
110 }
112 /* handle C&P from layers menu */
113 if(isset($_POST['menu_action']) && preg_match("/^multiple_copy_systems/",$_POST['menu_action'])){
114 $s_action = "copy_multiple";
115 }
117 $smarty= get_smarty();
119 /********************
120 Copy & Paste Handling ...
121 ********************/
123 /* Display the copy & paste dialog, if it is currently open */
124 $ret = $this->copyPasteHandling_from_queue($s_action,$s_entry);
125 if($ret){
126 return($ret);
127 }
130 /********************
131 Create a new sudo ...
132 ********************/
134 /* New sudo? */
135 if ($s_action=="new_role" || $s_action == "new_default"){
137 /* Check create permissions */
138 $acl = $this->ui->get_permissions($this->base,"sudo/sudo");
139 if(preg_match("/c/",$acl)){
141 /* By default we set 'dn' to 'new', all relevant plugins will
142 react on this. */
143 $this->dn= "new";
145 /* Create new sudotabs object */
146 $this->sudotabs= new sudotabs($this->config, $this->config->data['TABS']['SUDOTABS'], $this->dn);
148 /* Set up the sudo ACL's for this 'dn' */
149 $this->sudotabs->set_acl_base($this->base);
151 /* This entry will become the default entry */
152 if($s_action == "new_default"){
153 $this->sudotabs->set_default(TRUE);
154 }
155 }
156 }
159 /********************
160 Save Sudo Tab/Object Changes
161 ********************/
163 /* Save changes */
164 if ((isset($_POST['edit_finish']) || isset($_POST['edit_apply'])) && is_object($this->sudotabs)){
166 /* Check tabs, will feed message array
167 Save, or display error message? */
168 $message= $this->sudotabs->check();
169 if (count($message) == 0){
171 /* Save user data to ldap */
172 $this->sudotabs->save();
174 if (!isset($_POST['edit_apply'])){
176 /* Sudo has been saved successfully, remove lock from LDAP. */
177 if ($this->dn != "new"){
178 $this->remove_lock();
179 }
180 unset ($this->sudotabs);
181 $this->sudotabs= NULL;
182 session::un_set('objectinfo');
183 }else{
185 /* Reinitialize tab */
186 if($this->sudotabs instanceof tabs){
187 $this->sudotabs->re_init();
188 }
189 }
190 } else {
191 /* Ok. There seem to be errors regarding to the tab data,
192 show message and continue as usual. */
193 msg_dialog::displayChecks($message);
194 }
195 }
198 /********************
199 Edit existing role
200 ********************/
202 /* User wants to edit data? */
203 if (($s_action=="edit_role") && !is_object($this->sudotabs)){
205 /* Get 'dn' from posted 'uid', must be unique */
206 $this->dn= $this->list[trim($s_entry)]['dn'];
208 /* Check locking & lock entry if required */
209 $user = get_lock($this->dn);
210 if ($user != ""){
211 return(gen_locked_message ($user, $this->dn));
212 }
213 add_lock ($this->dn, $this->ui->dn);
215 /* Register sudotabs to trigger edit dialog */
216 $this->sudotabs= new sudotabs($this->config,$this->config->data['TABS']['SUDOTABS'], $this->dn);
217 $this->sudotabs->set_acl_base($this->base);
218 session::set('objectinfo',$this->dn);
219 }
222 /********************
223 Delete entries requested, display confirm dialog
224 ********************/
226 if ($s_action=="del_role"){
227 $ids = $this->list_get_selected_items();
228 if(!count($ids) && $s_entry!=""){
229 $ids = array($s_entry);
230 }
232 $this->dns = array();
233 if(count($ids)){
234 $disallowed = array();
235 foreach($ids as $id){
236 $dn = $this->list[$id]['dn'];
237 $acl = $this->ui->get_permissions($dn, "sudo/sudo");
238 if(preg_match("/d/",$acl)){
239 $this->dns[$id] = $dn;
240 }else{
241 $disallowed[] = $dn;
242 }
243 }
245 if(count($disallowed)){
246 msg_dialog::display(_("Permission"),msgPool::permDelete($disallowed),INFO_DIALOG);
247 }
249 if(count($this->dns)){
251 /* Check locking of entries */
252 $users = get_multiple_locks($this->dns);
253 if(count($users)){
254 return(gen_locked_message($users,$this->dns));
255 }
257 /* Add locks */
258 add_lock($this->dns,$this->ui->dn);
260 /* Lock the current entry, so nobody will edit it during deletion */
261 $smarty->assign("info", msgPool::deleteInfo($this->dns,_("Sudo role")));
262 return($smarty->fetch(get_template_path('remove.tpl', TRUE)));
263 }
264 }
265 }
268 /********************
269 Delete entries confirmed
270 ********************/
272 /* Confirmation for deletion has been passed. Sudo should be deleted. */
273 if (isset($_POST['delete_sudos_confirmed'])){
275 /* Remove user by user and check acls before removeing them */
276 foreach($this->dns as $key => $dn){
278 /* Load permissions for selected 'dn' and check if
279 we're allowed to remove this 'dn' */
280 $acl = $this->ui->get_permissions($dn,"sudo/sudo");
281 if(preg_match("/d/",$acl)){
283 /* Delete request is permitted, perform LDAP action */
284 $this->sudotabs= new sudotabs($this->config,$this->config->data['TABS']['SUDOTABS'], $dn);
285 $this->sudotabs->set_acl_base($dn);
286 $this->sudotabs->delete ();
287 unset ($this->sudotabs);
288 $this->sudotabs= NULL;
290 } else {
292 /* Normally this shouldn't be reached, send some extra
293 logs to notify the administrator */
294 msg_dialog::display(_("Permission error"), msgPool::permDelete(), ERROR_DIALOG);
295 new log("security","sudo/".get_class($this),$dn,array(),"Tried to trick deletion.");
296 }
297 }
299 /* Remove lock file after successfull deletion */
300 $this->remove_lock();
301 $this->dns = array();
302 }
305 /********************
306 Delete entries Canceled
307 ********************/
309 /* Remove lock */
310 if(isset($_POST['delete_sudo_cancel'])){
311 $this->remove_lock();
312 $this->dns = array();
313 }
315 /********************
316 A dialog was canceled
317 ********************/
319 /* Cancel dialogs */
320 if (isset($_POST['edit_cancel']) && is_object($this->sudotabs)){
321 $this->remove_lock();
322 $this->sudotabs= NULL;
323 session::un_set('objectinfo');
324 }
327 /********************
328 If there is currently a dialog open, display it
329 ********************/
331 /* Show tab dialog if object is present */
332 if (is_object($this->sudotabs)){
333 $display= $this->sudotabs->execute();
335 /* Don't show buttons if tab dialog requests this */
336 if(isset($this->sudotabs->by_object)){
337 if (!$this->sudotabs->by_object[$this->sudotabs->current]->dialog){
338 $display.= "<p style=\"text-align:right\">\n";
339 $display.= "<input type=submit name=\"edit_finish\" style=\"width:80px\" value=\"".msgPool::okButton()."\">\n";
340 $display.= " \n";
341 if ($this->dn != "new"){
342 $display.= "<input type=submit name=\"edit_apply\" value=\"".msgPool::applyButton()."\">\n";
343 $display.= " \n";
344 }
345 $display.= "<input type=submit name=\"edit_cancel\" value=\"".msgPool::cancelButton()."\">\n";
346 $display.= "</p>";
347 }
348 }
349 return ($display);
350 }
352 /* Check if there is a snapshot dialog open */
353 if($str = $this->showSnapshotDialog(sudo::get_sudoers_ou($this->config),$this->get_used_snapshot_bases(),$this)){
354 return($str);
355 }
357 /* Display dialog with sudo list */
358 $this->DivListSudo->execute();
359 $this->reload ();
360 $this->DivListSudo->setEntries($this->list);
361 return($this->DivListSudo->Draw());
362 }
365 /*! \brief Return all selected elements from HTML list
366 @return Array List of all selected list elements
367 */
368 private function list_get_selected_items()
369 {
370 $ids = array();
371 foreach($_POST as $name => $value){
372 if(preg_match("/^item_selected_[0-9]*$/",$name)){
373 $id = preg_replace("/^item_selected_/","",$name);
374 $ids[$id] = $id;
375 }
376 }
377 return($ids);
378 }
381 /*! \brief Reload the list of sudo roles.
382 */
383 private function reload($CreatePosixsList=false)
384 {
385 $this->list = array();
386 $base = $this->base;
388 $Regex = trim($this->DivListSudo->Regex);
389 $UserRegex = trim($this->DivListSudo->UserRegex);
390 $SubSearch = $this->DivListSudo->SubSearch;
392 /********************
393 Create filter depending on selected checkboxes
394 ********************/
395 $values = array("cn","description","sudoUser","sudoCommand","sudoOption");
396 if($UserRegex == "*"){
397 $ff = "(&(|(cn=".$Regex.")(description=".$Regex."))(objectClass=sudoRole))";
398 }else{
399 $ff = "(&(|(cn=".$Regex.")(description=".$Regex."))(sudoUser=".$UserRegex.")(objectClass=sudoRole))";
400 }
401 $res = get_list($ff, "sudo",$base,$values, GL_SIZELIMIT);
402 $tmp = array();
403 foreach($res as $attrs){
404 $tmp[$attrs['cn'][0]] = $attrs;
405 }
406 uksort($tmp, 'strnatcasecmp');
407 $this->list = array_values($tmp);
408 }
411 /*! \brief Save HTML post data to object
412 */
413 public function save_object()
414 {
415 $this->DivListSudo->save_object();
416 if(is_object($this->CopyPasteHandler)){
417 $this->CopyPasteHandler->save_object();
418 }
419 }
422 /*! \brief Remove this account
423 */
424 public function remove_from_parent()
425 {
426 /* Optionally execute a command after we're done */
427 $this->postremove();
428 }
431 /*! \brief Save to LDAP
432 */
433 public function save()
434 {
435 /* Optionally execute a command after we're done */
436 $this->postcreate();
437 }
440 /*! \brief Remove lock from entry
441 */
442 public function remove_lock()
443 {
444 if (is_object($this->sudotabs) && $this->sudotabs->dn != "new"){
445 del_lock ($this->sudotabs->dn);
446 }
447 if(isset($this->dns) && is_array($this->dns) && count($this->dns)){
448 del_lock($this->dns);
449 }
450 }
452 function get_used_snapshot_bases()
453 {
454 return(array(sudo::get_sudoers_ou($this->config)));
455 }
458 function copyPasteHandling_from_queue($s_action,$s_entry)
459 {
460 /* Check if Copy & Paste is disabled */
461 if(!is_object($this->CopyPasteHandler)){
462 return("");
463 }
465 $ui = get_userinfo();
467 /* Add a single entry to queue */
468 if($s_action == "cut" || $s_action == "copy"){
470 /* Cleanup object queue */
471 $this->CopyPasteHandler->cleanup_queue();
472 $dn = $this->list[$s_entry]['dn'];
474 if($s_action == "copy" && $ui->is_copyable($dn,"sudo","sudo")){
475 $this->CopyPasteHandler->add_to_queue($dn,$s_action,"sudotabs","SUDOTABS","sudo");
476 }
477 # if($s_action == "cut" && $ui->is_cutable($dn,"sudo","sudo")){
478 # $this->CopyPasteHandler->add_to_queue($dn,$s_action,"sudotabs","SUDOTABS","sudo");
479 # }
480 }
482 /* Add entries to queue */
483 if($s_action == "copy_multiple" || $s_action == "cut_multiple"){
485 /* Cleanup object queue */
486 $this->CopyPasteHandler->cleanup_queue();
488 /* Add new entries to CP queue */
489 foreach($this->list_get_selected_items() as $id){
490 $dn = $this->list[$id]['dn'];
492 if($s_action == "copy_multiple" && $ui->is_copyable($dn,"sudo","sudo")){
493 $this->CopyPasteHandler->add_to_queue($dn,"copy","sudotabs","SUDOTABS","sudo");
494 }
495 # if($s_action == "cut_multiple" && $ui->is_cutable($dn,"sudo","sudo")){
496 # $this->CopyPasteHandler->add_to_queue($dn,"cut","sudotabs","SUDOTABS","sudo");
497 # }
498 }
499 }
501 /* Start pasting entries */
502 if($s_action == "editPaste"){
503 $this->start_pasting_copied_objects = TRUE;
504 }
506 /* Return C&P dialog */
507 if($this->start_pasting_copied_objects && $this->CopyPasteHandler->entries_queued()){
509 /* Get dialog */
510 $this->CopyPasteHandler->SetVar("base",$this->DivListSudo->selectedBase);
511 $data = $this->CopyPasteHandler->execute();
513 /* Return dialog data */
514 if(!empty($data)){
515 return($data);
516 }
517 }
519 /* Automatically disable status for pasting */
520 if(!$this->CopyPasteHandler->entries_queued()){
521 $this->start_pasting_copied_objects = FALSE;
522 }
523 return("");
524 }
525 }
526 // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
527 ?>