1 <?php
2 /*
3 * This code is part of GOsa (http://www.gosa-project.org)
4 * Copyright (C) 2003-2008 GONICUS GmbH
5 *
6 * ID: $$Id: class_sudoManagement.inc 10099 2008-04-01 12:52:01Z hickert $$
7 *
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
21 */
23 /*! \brief This is the sudo management class. \
24 This class allows to add/remove/edit sudo roles with GOsa. \
25 All roles will be listed by this plugin, the displayed objects \
26 can also be filtered.
27 */
28 class sudoManagement extends plugin
29 {
30 /* Definitions */
31 public $plHeadline = "Sudo roles";
32 public $plDescription = "Manage sudo roles";
34 private $DivListSudo = NULL;
35 private $sudotabs = NULL;
36 private $base = "";
40 public function __construct(&$config, &$ui)
41 {
42 /* Save configuration for internal use */
43 $this->config = &$config;
44 $this->ui = &$ui;
45 $this->base = sudo::get_sudoers_ou($this->config);
47 /* Create dialog object */
48 $this->DivListSudo = new divListSudo($this->config,$this);
49 }
52 public function execute()
53 {
54 /* Call parent execute */
55 plugin::execute();
57 /********************
58 Handle Posts
59 ********************/
61 /* Store these posts if the current object is locked (used by somebody else)*/
62 session::set('LOCK_VARS_TO_USE',array(
63 "/^act$/","/^id$/","/^sudo_edit_/",
64 "/^sudo_del_/","/^item_selected/","/menu_action/"));
67 /* Get html posts */
68 $s_action = "";
69 $s_entry = "";
70 foreach($_POST as $name => $value){
71 if(preg_match("/^sudo_edit_/",$name)){
72 $s_action = "edit_role";
73 $s_entry = preg_replace("/^sudo_edit_([0-9]*).*$/","\\1",$name);
74 }
75 if(preg_match("/^sudo_del_/",$name)){
76 $s_action = "del_role";
77 $s_entry = preg_replace("/^sudo_del_([0-9]*).*$/","\\1",$name);
78 }
79 }
81 if(isset($_GET['act']) && isset($_GET['id']) && $_GET['act'] == "edit_entry"){
82 $id = trim($_GET['id']);
83 if(isset($this->list[$id])){
84 $s_action = "edit_role";
85 $s_entry = $id;
86 }
87 }
89 if(isset($_POST['menu_action']) && in_array($_POST['menu_action'],array("new_role","del_role"))){
90 $s_action = $_POST['menu_action'];
91 }
93 $smarty= get_smarty();
96 /********************
97 Create a new sudo ...
98 ********************/
100 /* New sudo? */
101 if ($s_action=="new_role"){
103 /* Check create permissions */
104 $acl = $this->ui->get_permissions($this->base,"sudo/sudo");
105 if(preg_match("/c/",$acl)){
107 /* By default we set 'dn' to 'new', all relevant plugins will
108 react on this. */
109 $this->dn= "new";
111 /* Create new sudotabs object */
112 $this->sudotabs= new sudotabs($this->config, $this->config->data['TABS']['SUDOTABS'], $this->dn);
114 /* Set up the sudo ACL's for this 'dn' */
115 $this->sudotabs->set_acl_base($this->base);
116 }
117 }
120 /********************
121 Save Sudo Tab/Object Changes
122 ********************/
124 /* Save changes */
125 if ((isset($_POST['edit_finish']) || isset($_POST['edit_apply'])) && is_object($this->sudotabs)){
127 /* Check tabs, will feed message array
128 Save, or display error message? */
129 $message= $this->sudotabs->check();
130 if (count($message) == 0){
132 /* Save user data to ldap */
133 $this->sudotabs->save();
135 if (!isset($_POST['edit_apply'])){
137 /* Sudo has been saved successfully, remove lock from LDAP. */
138 if ($this->dn != "new"){
139 del_lock ($this->dn);
140 }
142 unset ($this->sudotabs);
143 $this->sudotabs= NULL;
144 session::un_set('objectinfo');
145 }else{
146 $this->dn = $this->sudotabs->dn;
147 $this->sudotabs= new sudotabs($this->config, $this->config->data['TABS']['SUDOTABS'], $this->dn);
148 session::set('objectinfo',$this->dn);
149 }
150 } else {
151 /* Ok. There seem to be errors regarding to the tab data,
152 show message and continue as usual. */
153 msg_dialog::displayChecks($message);
154 }
155 }
158 /********************
159 Edit existing role
160 ********************/
162 /* User wants to edit data? */
163 if (($s_action=="edit_role") && !is_object($this->sudotabs)){
165 /* Get 'dn' from posted 'uid', must be unique */
166 $this->dn= $this->list[trim($s_entry)]['dn'];
168 /* Check locking & lock entry if required */
169 $user = get_lock($this->dn);
170 if ($user != ""){
171 return(gen_locked_message ($user, $this->dn));
172 }
173 add_lock ($this->dn, $this->ui->dn);
175 /* Register sudotabs to trigger edit dialog */
176 $this->sudotabs= new sudotabs($this->config,$this->config->data['TABS']['SUDOTABS'], $this->dn);
177 $this->sudotabs->set_acl_base($this->base);
178 session::set('objectinfo',$this->dn);
179 }
182 /********************
183 Delete entries requested, display confirm dialog
184 ********************/
186 if ($s_action=="del_role"){
188 $ids = $this->list_get_selected_items();
190 if(!count($ids) && $s_entry!=""){
191 $ids = array($s_entry);
192 }
194 if(count($ids)){
195 $this->dns = array();
196 foreach($ids as $id){
197 $dn = $this->list[$id]['dn'];
198 if (($user= get_lock($dn)) != ""){
199 return(gen_locked_message ($user, $dn));
200 }
201 $this->dns[$id] = $dn;
202 }
204 $dns_names = array();
205 foreach($this->dns as $dn){
206 add_lock ($dn, $this->ui->dn);
207 $dns_names[] =@LDAP::fix($dn);
208 }
210 /* Lock the current entry, so nobody will edit it during deletion */
211 $smarty->assign("info", msgPool::deleteInfo($dns_names,_("Sudo role")));
212 return($smarty->fetch(get_template_path('remove.tpl', TRUE)));
213 }
214 }
217 /********************
218 Delete entries confirmed
219 ********************/
221 /* Confirmation for deletion has been passed. Sudo should be deleted. */
222 if (isset($_POST['delete_sudos_confirmed'])){
224 /* Remove user by user and check acls before removeing them */
225 foreach($this->dns as $key => $dn){
227 /* Load permissions for selected 'dn' and check if
228 we're allowed to remove this 'dn' */
229 $acl = $this->ui->get_permissions($dn,"sudo/sudo");
230 if(preg_match("/d/",$acl)){
232 /* Delete request is permitted, perform LDAP action */
233 $this->sudotabs= new sudotabs($this->config,$this->config->data['TABS']['SUDOTABS'], $dn);
234 $this->sudotabs->set_acl_base($dn);
235 $this->sudotabs->delete ();
236 unset ($this->sudotabs);
237 $this->sudotabs= NULL;
239 } else {
241 /* Normally this shouldn't be reached, send some extra
242 logs to notify the administrator */
243 msg_dialog::display(_("Permission error"), msgPool::permDelete(), ERROR_DIALOG);
244 new log("security","sudo/".get_class($this),$dn,array(),"Tried to trick deletion.");
245 }
246 /* Remove lock file after successfull deletion */
247 del_lock ($dn);
248 unset($this->dns[$key]);
249 }
250 }
253 /********************
254 Delete entries Canceled
255 ********************/
257 /* Remove lock */
258 if(isset($_POST['delete_sudo_cancel'])){
259 foreach($this->dns as $key => $dn){
260 del_lock ($dn);
261 unset($this->dns[$key]);
262 }
263 }
265 /********************
266 A dialog was canceled
267 ********************/
269 /* Cancel dialogs */
270 if (isset($_POST['edit_cancel'])){
271 if(isset($this->sudotabs->dn)){
272 del_lock ($this->sudotabs->dn);
273 }
274 unset ($this->sudotabs);
275 $this->sudotabs= NULL;
276 session::un_set('objectinfo');
277 }
280 /********************
281 If there is currently a dialog open, display it
282 ********************/
284 /* Show tab dialog if object is present */
285 if (isset($this->sudotabs->config)){
286 $display= $this->sudotabs->execute();
288 /* Don't show buttons if tab dialog requests this */
289 if(isset($this->sudotabs->by_object)){
290 if (!$this->sudotabs->by_object[$this->sudotabs->current]->dialog){
291 $display.= "<p style=\"text-align:right\">\n";
292 $display.= "<input type=submit name=\"edit_finish\" style=\"width:80px\" value=\"".msgPool::okButton()."\">\n";
293 $display.= " \n";
294 if ($this->dn != "new"){
295 $display.= "<input type=submit name=\"edit_apply\" value=\"".msgPool::applyButton()."\">\n";
296 $display.= " \n";
297 }
298 $display.= "<input type=submit name=\"edit_cancel\" value=\"".msgPool::cancelButton()."\">\n";
299 $display.= "</p>";
300 }
301 }
302 return ($display);
303 }
305 /* Display dialog with sudo list */
306 $this->DivListSudo->parent = &$this;
307 $this->DivListSudo->execute();
308 $this->reload ();
309 $this->DivListSudo->setEntries($this->list);
310 return($this->DivListSudo->Draw());
311 }
314 private function list_get_selected_items()
315 {
316 $ids = array();
317 foreach($_POST as $name => $value){
318 if(preg_match("/^item_selected_[0-9]*$/",$name)){
319 $id = preg_replace("/^item_selected_/","",$name);
320 $ids[$id] = $id;
321 }
322 }
323 return($ids);
324 }
327 private function reload($CreatePosixsList=false)
328 {
329 $this->list = array();
330 $base = $this->base;
332 $Regex = trim($this->DivListSudo->Regex);
333 $UserRegex = trim($this->DivListSudo->UserRegex);
334 $SubSearch = $this->DivListSudo->SubSearch;
336 /********************
337 Create filter depending on selected checkboxes
338 ********************/
339 $values = array("cn","description","sudoUser","sudoCommand","sudoOption");
340 if($UserRegex == "*"){
341 $ff = "(&(|(cn=".$Regex.")(description=".$Regex."))(objectClass=sudoRole))";
342 }else{
343 $ff = "(&(|(cn=".$Regex.")(description=".$Regex."))(sudoUser=".$UserRegex.")(objectClass=sudoRole))";
344 }
345 $res = get_list($ff, "sudo",$base,$values, GL_SIZELIMIT);
346 $tmp = array();
347 foreach($res as $attrs){
348 $tmp[$attrs['cn'][0]] = $attrs;
349 }
350 uksort($tmp, 'strnatcasecmp');
351 $this->list = array_values($tmp);
352 }
355 /* Save data to object */
356 public function save_object()
357 {
358 $this->DivListSudo->save_object();
359 }
361 public function remove_from_parent()
362 {
363 /* Optionally execute a command after we're done */
364 $this->postremove();
365 }
368 /* Save to LDAP */
369 public function save()
370 {
371 /* Optionally execute a command after we're done */
372 $this->postcreate();
373 }
374 }
375 // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
376 ?>