1 <?php
2 /*
3 * This code is part of GOsa (http://www.gosa-project.org)
4 * Copyright (C) 2003-2008 GONICUS GmbH
5 *
6 * ID: $$Id: class_sudoManagement.inc 10099 2008-04-01 12:52:01Z hickert $$
7 *
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
21 */
23 class sudoManagement extends plugin
24 {
25 /* Definitions */
26 var $plHeadline = "Sudo";
27 var $plDescription = "Manage sudo roles";
29 var $DivListSudo = NULL;
30 var $base = "";
32 var $sudotabs = NULL;
34 function sudoManagement (&$config, &$ui)
35 {
36 /* Save configuration for internal use */
37 $this->config = &$config;
38 $this->ui = &$ui;
39 $this->base = sudo::get_sudoers_ou($this->config);
41 /* Create dialog object */
42 $this->DivListSudo = new divListSudo($this->config,$this);
43 }
46 function execute()
47 {
48 /* Call parent execute */
49 plugin::execute();
51 /********************
52 Handle Posts
53 ********************/
55 /* Store these posts if the current object is locked (used by somebody else)*/
56 session::set('LOCK_VARS_TO_USE',array(
57 "/^act$/","/^id$/","/^sudo_edit_/",
58 "/^sudo_del_/","/^item_selected/","/menu_action/"));
61 /* Get html posts */
62 $s_action = "";
63 $s_entry = "";
64 foreach($_POST as $name => $value){
65 if(preg_match("/^sudo_edit_/",$name)){
66 $s_action = "edit_role";
67 $s_entry = preg_replace("/^sudo_edit_([0-9]*).*$/","\\1",$name);
68 }
69 if(preg_match("/^sudo_del_/",$name)){
70 $s_action = "del_role";
71 $s_entry = preg_replace("/^sudo_del_([0-9]*).*$/","\\1",$name);
72 }
73 }
75 if(isset($_GET['act']) && isset($_GET['id']) && $_GET['act'] == "edit_entry"){
76 $id = trim($_GET['id']);
77 if(isset($this->list[$id])){
78 $s_action = "edit_role";
79 $s_entry = $id;
80 }
81 }
83 if(isset($_POST['menu_action']) && in_array($_POST['menu_action'],array("new_role","del_role"))){
84 $s_action = $_POST['menu_action'];
85 }
87 $smarty= get_smarty();
90 /********************
91 Create a new sudo ...
92 ********************/
94 /* New sudo? */
95 if ($s_action=="new_role"){
97 /* Check create permissions */
98 $acl = $this->ui->get_permissions($this->base,"sudo/sudo");
99 if(preg_match("/c/",$acl)){
101 /* By default we set 'dn' to 'new', all relevant plugins will
102 react on this. */
103 $this->dn= "new";
105 /* Create new sudotabs object */
106 $this->sudotabs= new sudotabs($this->config, $this->config->data['TABS']['SUDOTABS'], $this->dn);
108 /* Set up the sudo ACL's for this 'dn' */
109 $this->sudotabs->set_acl_base($this->base);
110 }
111 }
114 /********************
115 Save Sudo Tab/Object Changes
116 ********************/
118 /* Save changes */
119 if ((isset($_POST['edit_finish']) || isset($_POST['edit_apply'])) && is_object($this->sudotabs)){
121 /* Check tabs, will feed message array
122 Save, or display error message? */
123 $message= $this->sudotabs->check();
124 if (count($message) == 0){
126 /* Save user data to ldap */
127 $this->sudotabs->save();
129 if (!isset($_POST['edit_apply'])){
131 /* Sudo has been saved successfully, remove lock from LDAP. */
132 if ($this->dn != "new"){
133 del_lock ($this->dn);
134 }
136 unset ($this->sudotabs);
137 $this->sudotabs= NULL;
138 session::un_set('objectinfo');
139 }
140 } else {
141 /* Ok. There seem to be errors regarding to the tab data,
142 show message and continue as usual. */
143 msg_dialog::displayChecks($message);
144 }
145 }
148 /********************
149 Edit existing role
150 ********************/
152 /* User wants to edit data? */
153 if (($s_action=="edit_role") && !is_object($this->sudotabs)){
155 /* Get 'dn' from posted 'uid', must be unique */
156 $this->dn= $this->list[trim($s_entry)]['dn'];
158 /* Check locking & lock entry if required */
159 $user = get_lock($this->dn);
160 if ($user != ""){
161 return(gen_locked_message ($user, $this->dn));
162 }
163 add_lock ($this->dn, $this->ui->dn);
165 /* Register sudotabs to trigger edit dialog */
166 $this->sudotabs= new sudotabs($this->config,$this->config->data['TABS']['SUDOTABS'], $this->dn);
167 $this->sudotabs->set_acl_base($this->base);
168 session::set('objectinfo',$this->dn);
169 }
172 /********************
173 Delete entries requested, display confirm dialog
174 ********************/
176 if ($s_action=="del_role"){
178 $ids = $this->list_get_selected_items();
180 if(!count($ids) && $s_entry!=""){
181 $ids = array($s_entry);
182 }
184 if(count($ids)){
185 $this->dns = array();
186 foreach($ids as $id){
187 $dn = $this->list[$id]['dn'];
188 if (($user= get_lock($dn)) != ""){
189 return(gen_locked_message ($user, $dn));
190 }
191 $this->dns[$id] = $dn;
192 }
194 $dns_names = array();
195 foreach($this->dns as $dn){
196 add_lock ($dn, $this->ui->dn);
197 $dns_names[] =@LDAP::fix($dn);
198 }
200 /* Lock the current entry, so nobody will edit it during deletion */
201 $smarty->assign("info", msgPool::deleteInfo($dns_names,_("sudo role")));
202 return($smarty->fetch(get_template_path('remove.tpl', TRUE)));
203 }
204 }
207 /********************
208 Delete entries confirmed
209 ********************/
211 /* Confirmation for deletion has been passed. Sudo should be deleted. */
212 if (isset($_POST['delete_sudos_confirmed'])){
214 /* Remove user by user and check acls before removeing them */
215 foreach($this->dns as $key => $dn){
217 /* Load permissions for selected 'dn' and check if
218 we're allowed to remove this 'dn' */
219 $acl = $this->ui->get_permissions($dn,"sudo/sudo");
220 if(preg_match("/d/",$acl)){
222 /* Delete request is permitted, perform LDAP action */
223 $this->sudotabs= new sudotabs($this->config,$this->config->data['TABS']['SUDOTABS'], $dn);
224 $this->sudotabs->set_acl_base($dn);
225 $this->sudotabs->delete ();
226 unset ($this->sudotabs);
227 $this->sudotabs= NULL;
229 } else {
231 /* Normally this shouldn't be reached, send some extra
232 logs to notify the administrator */
233 msg_dialog::display(_("Permission error"), msgPool::permDelete(), ERROR_DIALOG);
234 new log("security","sudo/".get_class($this),$dn,array(),"Tried to trick deletion.");
235 }
236 /* Remove lock file after successfull deletion */
237 del_lock ($dn);
238 unset($this->dns[$key]);
239 }
240 }
243 /********************
244 Delete entries Canceled
245 ********************/
247 /* Remove lock */
248 if(isset($_POST['delete_sudo_cancel'])){
249 foreach($this->dns as $key => $dn){
250 del_lock ($dn);
251 unset($this->dns[$key]);
252 }
253 }
255 /********************
256 A dialog was canceled
257 ********************/
259 /* Cancel dialogs */
260 if (isset($_POST['edit_cancel'])){
261 if(isset($this->sudotabs->dn)){
262 del_lock ($this->sudotabs->dn);
263 }
264 unset ($this->sudotabs);
265 $this->sudotabs= NULL;
266 session::un_set('objectinfo');
267 }
270 /********************
271 If there is currently a dialog open, display it
272 ********************/
274 /* Show tab dialog if object is present */
275 if (isset($this->sudotabs->config)){
276 $display= $this->sudotabs->execute();
278 /* Don't show buttons if tab dialog requests this */
279 if(isset($this->sudotabs->by_object)){
280 if (!$this->sudotabs->by_object[$this->sudotabs->current]->dialog){
281 $display.= "<p style=\"text-align:right\">\n";
282 $display.= "<input type=submit name=\"edit_finish\" style=\"width:80px\" value=\"".msgPool::okButton()."\">\n";
283 $display.= " \n";
284 if ($this->dn != "new"){
285 $display.= "<input type=submit name=\"edit_apply\" value=\"".msgPool::applyButton()."\">\n";
286 $display.= " \n";
287 }
288 $display.= "<input type=submit name=\"edit_cancel\" value=\"".msgPool::cancelButton()."\">\n";
289 $display.= "</p>";
290 }
291 }
292 return ($display);
293 }
295 /* Display dialog with sudo list */
296 $this->DivListSudo->parent = &$this;
297 $this->DivListSudo->execute();
298 $this->reload ();
299 $this->DivListSudo->setEntries($this->list);
300 return($this->DivListSudo->Draw());
301 }
304 function list_get_selected_items()
305 {
306 $ids = array();
307 foreach($_POST as $name => $value){
308 if(preg_match("/^item_selected_[0-9]*$/",$name)){
309 $id = preg_replace("/^item_selected_/","",$name);
310 $ids[$id] = $id;
311 }
312 }
313 return($ids);
314 }
317 function reload($CreatePosixsList=false)
318 {
319 $this->list = array();
320 $base = $this->base;
322 $Regex = trim($this->DivListSudo->Regex);
323 $UserRegex = trim($this->DivListSudo->UserRegex);
324 $SubSearch = $this->DivListSudo->SubSearch;
326 /********************
327 Create filter depending on selected checkboxes
328 ********************/
329 $values = array("cn","description","sudoUser","sudoCommand","sudoOption");
330 if($UserRegex == "*"){
331 $ff = "(&(|(cn=".$Regex.")(description=".$Regex."))(objectClass=sudoRole))";
332 }else{
333 $ff = "(&(|(cn=".$Regex.")(description=".$Regex."))(sudoUser=".$UserRegex.")(objectClass=sudoRole))";
334 }
335 $res = get_list($ff, "sudo",$base,$values, GL_SIZELIMIT);
336 $tmp = array();
337 foreach($res as $attrs){
338 $tmp[$attrs['cn'][0]] = $attrs;
339 }
340 uksort($tmp, 'strnatcasecmp');
341 $this->list = array_values($tmp);
342 }
345 /* Save data to object */
346 function save_object()
347 {
348 $this->DivListSudo->save_object();
349 }
352 function remove_lock()
353 {
354 if (isset($this->sudotabs->dn)){
355 del_lock ($this->sudotabs->dn);
356 }
357 }
360 function remove_from_parent()
361 {
362 /* Optionally execute a command after we're done */
363 $this->postremove();
364 }
367 /* Save to LDAP */
368 function save()
369 {
370 /* Optionally execute a command after we're done */
371 $this->postcreate();
372 }
374 /* Unused functions */
375 function check() { }
376 function adapt_from_template($dn, $skip= array()) { }
377 function password_change_needed() { }
378 }
379 // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
380 ?>