![[tokkee]](http://tokkee.org/images/avatar.png){kind=avatar}
1 <?php
2 /*
3 * This code is part of GOsa (http://www.gosa-project.org)
4 * Copyright (C) 2003-2008 GONICUS GmbH
5 *
6 * ID: $$Id: class_sudoManagement.inc 10099 2008-04-01 12:52:01Z hickert $$
7 *
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
21 */
23 /*! \brief This is the sudo management class. \
24 This class allows to add/remove/edit sudo roles with GOsa. \
25 All roles will be listed by this plugin, the displayed objects \
26 can also be filtered.
27 */
28 class sudoManagement extends plugin
29 {
30 /* Definitions */
31 public $plHeadline = "Sudo roles";
32 public $plDescription = "Manage sudo roles";
34 private $DivListSudo = NULL;
35 private $sudotabs = NULL;
36 private $base = "";
38 private $start_pasting_copied_objects = FALSE;
40 /*! \brief */
41 public function __construct(&$config, &$ui)
42 {
43 /* Save configuration for internal use */
44 $this->config = &$config;
45 $this->ui = &$ui;
46 $this->base = sudo::get_sudoers_ou($this->config);
48 /* Copy & Paste enabled ?*/
49 if((isset($this->config->data['MAIN']['ENABLECOPYPASTE']))&&(preg_match("/true/i",$this->config->data['MAIN']['ENABLECOPYPASTE']))){
50 $this->CopyPasteHandler = new CopyPasteHandler($this->config);
51 }
53 /* Create dialog object */
54 $this->DivListSudo = new divListSudo($this->config,$this);
55 }
58 /*! \brief Generate && Display HTML content
59 */
60 public function execute()
61 {
62 /* Call parent execute */
63 plugin::execute();
65 /********************
66 Handle Posts
67 ********************/
69 /* Store these posts if the current object is locked (used by somebody else)*/
70 session::set('LOCK_VARS_TO_USE',array(
71 "/^act$/","/^id$/","/^sudo_edit_/","/^cut_/","/^copy_/",
72 "/^sudo_del_/","/^item_selected/","/menu_action/"));
75 /* Get html posts */
76 $s_action = "";
77 $s_entry = "";
78 foreach($_POST as $name => $value){
79 if(preg_match("/^sudo_edit_/",$name)){
80 $s_action = "edit_role";
81 $s_entry = preg_replace("/^sudo_edit_([0-9]*).*$/","\\1",$name);
82 }
83 if(preg_match("/^sudo_del_/",$name)){
84 $s_action = "del_role";
85 $s_entry = preg_replace("/^sudo_del_([0-9]*).*$/","\\1",$name);
86 }elseif(preg_match("/^editPaste.*/i",$name)){
87 $s_action="editPaste";
88 }elseif(preg_match("/^copy_.*/",$name)){
89 $s_action="copy";
90 $s_entry = preg_replace("/^copy_([0-9]*).*$/i","\\1",$name);
91 # }elseif(preg_match("/^cut_.*/",$name)){
92 # $s_action="cut";
93 # $s_entry = preg_replace("/^cut_([0-9]*).*$/i","\\1",$name);
94 }
95 }
97 if(isset($_GET['act']) && isset($_GET['id']) && $_GET['act'] == "edit_entry"){
98 $id = trim($_GET['id']);
99 if(isset($this->list[$id])){
100 $s_action = "edit_role";
101 $s_entry = $id;
102 }
103 }
105 if(isset($_POST['menu_action']) && in_array($_POST['menu_action'],array("new_role","del_role","new_default","editPaste"))){
106 $s_action = $_POST['menu_action'];
107 }
111 $smarty= get_smarty();
114 /********************
115 Copy & Paste Handling ...
116 ********************/
118 /* Display the copy & paste dialog, if it is currently open */
119 $ret = $this->copyPasteHandling_from_queue($s_action,$s_entry);
120 if($ret){
121 return($ret);
122 }
125 /********************
126 Create a new sudo ...
127 ********************/
129 /* New sudo? */
130 if ($s_action=="new_role" || $s_action == "new_default"){
132 /* Check create permissions */
133 $acl = $this->ui->get_permissions($this->base,"sudo/sudo");
134 if(preg_match("/c/",$acl)){
136 /* By default we set 'dn' to 'new', all relevant plugins will
137 react on this. */
138 $this->dn= "new";
140 /* Create new sudotabs object */
141 $this->sudotabs= new sudotabs($this->config, $this->config->data['TABS']['SUDOTABS'], $this->dn);
143 /* Set up the sudo ACL's for this 'dn' */
144 $this->sudotabs->set_acl_base($this->base);
146 /* This entry will become the default entry */
147 if($s_action == "new_default"){
148 $this->sudotabs->set_default(TRUE);
149 }
150 }
151 }
154 /********************
155 Save Sudo Tab/Object Changes
156 ********************/
158 /* Save changes */
159 if ((isset($_POST['edit_finish']) || isset($_POST['edit_apply'])) && is_object($this->sudotabs)){
161 /* Check tabs, will feed message array
162 Save, or display error message? */
163 $message= $this->sudotabs->check();
164 if (count($message) == 0){
166 /* Save user data to ldap */
167 $this->sudotabs->save();
169 if (!isset($_POST['edit_apply'])){
171 /* Sudo has been saved successfully, remove lock from LDAP. */
172 if ($this->dn != "new"){
173 del_lock ($this->dn);
174 }
175 unset ($this->sudotabs);
176 $this->sudotabs= NULL;
177 session::un_set('objectinfo');
178 }else{
179 $this->dn = $this->sudotabs->dn;
180 $this->sudotabs= new sudotabs($this->config, $this->config->data['TABS']['SUDOTABS'], $this->dn);
181 session::set('objectinfo',$this->dn);
182 }
183 } else {
184 /* Ok. There seem to be errors regarding to the tab data,
185 show message and continue as usual. */
186 msg_dialog::displayChecks($message);
187 }
188 }
191 /********************
192 Edit existing role
193 ********************/
195 /* User wants to edit data? */
196 if (($s_action=="edit_role") && !is_object($this->sudotabs)){
198 /* Get 'dn' from posted 'uid', must be unique */
199 $this->dn= $this->list[trim($s_entry)]['dn'];
201 /* Check locking & lock entry if required */
202 $user = get_lock($this->dn);
203 if ($user != ""){
204 return(gen_locked_message ($user, $this->dn));
205 }
206 add_lock ($this->dn, $this->ui->dn);
208 /* Register sudotabs to trigger edit dialog */
209 $this->sudotabs= new sudotabs($this->config,$this->config->data['TABS']['SUDOTABS'], $this->dn);
210 $this->sudotabs->set_acl_base($this->base);
211 session::set('objectinfo',$this->dn);
212 }
215 /********************
216 Delete entries requested, display confirm dialog
217 ********************/
219 if ($s_action=="del_role"){
220 $ids = $this->list_get_selected_items();
221 if(!count($ids) && $s_entry!=""){
222 $ids = array($s_entry);
223 }
225 if(count($ids)){
227 /* Create list of entries to delete */
228 $this->dns = array();
229 $dns_names = array();
230 foreach($ids as $id){
231 $dn = $this->list[$id]['dn'];
232 $this->dns[$id] = $dn;
233 $dns_names[] =@LDAP::fix($dn);
234 }
236 /* Check locking of entries */
237 $users = get_multiple_locks($this->dns);
238 if(count($users)){
239 return(gen_locked_message($users,$this->dns));
240 }
242 /* Add locks */
243 add_lock($this->dns,$this->ui->dn);
245 /* Lock the current entry, so nobody will edit it during deletion */
246 $smarty->assign("info", msgPool::deleteInfo($dns_names,_("Sudo role")));
247 return($smarty->fetch(get_template_path('remove.tpl', TRUE)));
248 }
249 }
252 /********************
253 Delete entries confirmed
254 ********************/
256 /* Confirmation for deletion has been passed. Sudo should be deleted. */
257 if (isset($_POST['delete_sudos_confirmed'])){
259 /* Remove user by user and check acls before removeing them */
260 foreach($this->dns as $key => $dn){
262 /* Load permissions for selected 'dn' and check if
263 we're allowed to remove this 'dn' */
264 $acl = $this->ui->get_permissions($dn,"sudo/sudo");
265 if(preg_match("/d/",$acl)){
267 /* Delete request is permitted, perform LDAP action */
268 $this->sudotabs= new sudotabs($this->config,$this->config->data['TABS']['SUDOTABS'], $dn);
269 $this->sudotabs->set_acl_base($dn);
270 $this->sudotabs->delete ();
271 unset ($this->sudotabs);
272 $this->sudotabs= NULL;
274 } else {
276 /* Normally this shouldn't be reached, send some extra
277 logs to notify the administrator */
278 msg_dialog::display(_("Permission error"), msgPool::permDelete(), ERROR_DIALOG);
279 new log("security","sudo/".get_class($this),$dn,array(),"Tried to trick deletion.");
280 }
281 /* Remove lock file after successfull deletion */
282 del_lock ($dn);
283 unset($this->dns[$key]);
284 }
285 }
288 /********************
289 Delete entries Canceled
290 ********************/
292 /* Remove lock */
293 if(isset($_POST['delete_sudo_cancel'])){
294 del_lock ($this->dns);
295 unset($this->dns);
296 }
298 /********************
299 A dialog was canceled
300 ********************/
302 /* Cancel dialogs */
303 if (isset($_POST['edit_cancel']) && is_object($this->sudotabs)){
304 if(isset($this->sudotabs->dn)){
305 del_lock ($this->sudotabs->dn);
306 }
307 unset ($this->sudotabs);
308 $this->sudotabs= NULL;
309 session::un_set('objectinfo');
310 }
313 /********************
314 If there is currently a dialog open, display it
315 ********************/
317 /* Show tab dialog if object is present */
318 if (is_object($this->sudotabs)){
319 $display= $this->sudotabs->execute();
321 /* Don't show buttons if tab dialog requests this */
322 if(isset($this->sudotabs->by_object)){
323 if (!$this->sudotabs->by_object[$this->sudotabs->current]->dialog){
324 $display.= "<p style=\"text-align:right\">\n";
325 $display.= "<input type=submit name=\"edit_finish\" style=\"width:80px\" value=\"".msgPool::okButton()."\">\n";
326 $display.= " \n";
327 if ($this->dn != "new"){
328 $display.= "<input type=submit name=\"edit_apply\" value=\"".msgPool::applyButton()."\">\n";
329 $display.= " \n";
330 }
331 $display.= "<input type=submit name=\"edit_cancel\" value=\"".msgPool::cancelButton()."\">\n";
332 $display.= "</p>";
333 }
334 }
335 return ($display);
336 }
338 /* Check if there is a snapshot dialog open */
339 if($str = $this->showSnapshotDialog(sudo::get_sudoers_ou($this->config),$this->get_used_snapshot_bases())){
340 return($str);
341 }
343 /* Display dialog with sudo list */
344 $this->DivListSudo->execute();
345 $this->reload ();
346 $this->DivListSudo->setEntries($this->list);
347 return($this->DivListSudo->Draw());
348 }
351 /*! \brief Return all selected elements from HTML list
352 @return Array List of all selected list elements
353 */
354 private function list_get_selected_items()
355 {
356 $ids = array();
357 foreach($_POST as $name => $value){
358 if(preg_match("/^item_selected_[0-9]*$/",$name)){
359 $id = preg_replace("/^item_selected_/","",$name);
360 $ids[$id] = $id;
361 }
362 }
363 return($ids);
364 }
367 /*! \brief Reload the list of sudo roles.
368 */
369 private function reload($CreatePosixsList=false)
370 {
371 $this->list = array();
372 $base = $this->base;
374 $Regex = trim($this->DivListSudo->Regex);
375 $UserRegex = trim($this->DivListSudo->UserRegex);
376 $SubSearch = $this->DivListSudo->SubSearch;
378 /********************
379 Create filter depending on selected checkboxes
380 ********************/
381 $values = array("cn","description","sudoUser","sudoCommand","sudoOption");
382 if($UserRegex == "*"){
383 $ff = "(&(|(cn=".$Regex.")(description=".$Regex."))(objectClass=sudoRole))";
384 }else{
385 $ff = "(&(|(cn=".$Regex.")(description=".$Regex."))(sudoUser=".$UserRegex.")(objectClass=sudoRole))";
386 }
387 $res = get_list($ff, "sudo",$base,$values, GL_SIZELIMIT);
388 $tmp = array();
389 foreach($res as $attrs){
390 $tmp[$attrs['cn'][0]] = $attrs;
391 }
392 uksort($tmp, 'strnatcasecmp');
393 $this->list = array_values($tmp);
394 }
397 /*! \brief Save HTML post data to object
398 */
399 public function save_object()
400 {
401 $this->DivListSudo->save_object();
402 if(is_object($this->CopyPasteHandler)){
403 $this->CopyPasteHandler->save_object();
404 }
405 }
408 /*! \brief Remove this account
409 */
410 public function remove_from_parent()
411 {
412 /* Optionally execute a command after we're done */
413 $this->postremove();
414 }
417 /*! \brief Save to LDAP
418 */
419 public function save()
420 {
421 /* Optionally execute a command after we're done */
422 $this->postcreate();
423 }
426 /*! \brief Remove lock from entry
427 */
428 public function remove_lock()
429 {
430 if (is_object($this->sudotabs) && $this->sudotabs->dn != "new"){
431 del_lock ($this->sudotabs->dn);
432 }
433 if(isset($this->dns) && is_array($this->dns) && count($this->dns)){
434 del_lock($this->dns);
435 }
436 }
438 function get_used_snapshot_bases()
439 {
440 return(array(sudo::get_sudoers_ou($this->config)));
441 }
444 function copyPasteHandling_from_queue($s_action,$s_entry)
445 {
446 /* Check if Copy & Paste is disabled */
447 if(!is_object($this->CopyPasteHandler)){
448 return("");
449 }
451 /* Add a single entry to queue */
452 if($s_action == "cut" || $s_action == "copy"){
454 /* Cleanup object queue */
455 $this->CopyPasteHandler->cleanup_queue();
456 $dn = $this->list[$s_entry]['dn'];
457 $this->CopyPasteHandler->add_to_queue($dn,$s_action,"sudotabs","SUDOTABS","sudo");
458 }
460 /* Add entries to queue */
461 if($s_action == "copy_multiple" || $s_action == "cut_multiple"){
463 /* Cleanup object queue */
464 $this->CopyPasteHandler->cleanup_queue();
466 /* Add new entries to CP queue */
467 foreach($this->list_get_selected_items() as $id){
468 $dn = $this->list[$id]['dn'];
470 if($s_action == "copy_multiple"){
471 $this->CopyPasteHandler->add_to_queue($dn,"copy","sudotabs","SUDOTABS","sudo");
472 }
473 if($s_action == "cut_multiple"){
474 $this->CopyPasteHandler->add_to_queue($dn,"cut","sudotabs","SUDOTABS","sudo");
475 }
476 }
477 }
479 /* Start pasting entries */
480 if($s_action == "editPaste"){
481 $this->start_pasting_copied_objects = TRUE;
482 }
484 /* Return C&P dialog */
485 if($this->start_pasting_copied_objects && $this->CopyPasteHandler->entries_queued()){
487 /* Get dialog */
488 $data = $this->CopyPasteHandler->execute();
489 $this->CopyPasteHandler->SetVar("base",$this->DivListSudo->selectedBase);
491 /* Return dialog data */
492 if(!empty($data)){
493 return($data);
494 }
495 }
497 /* Automatically disable status for pasting */
498 if(!$this->CopyPasteHandler->entries_queued()){
499 $this->start_pasting_copied_objects = FALSE;
500 }
501 return("");
502 }
503 }
504 // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
505 ?>