1 <?php
2 /*
3 * This code is part of GOsa (http://www.gosa-project.org)
4 * Copyright (C) 2003-2008 GONICUS GmbH
5 *
6 * ID: $$Id: class_sudoManagement.inc 10099 2008-04-01 12:52:01Z hickert $$
7 *
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
21 */
23 /*! \brief This is the sudo management class. \
24 This class allows to add/remove/edit sudo roles with GOsa. \
25 All roles will be listed by this plugin, the displayed objects \
26 can also be filtered.
27 */
28 class sudoManagement extends plugin
29 {
30 /* Definitions */
31 public $plHeadline = "Sudo roles";
32 public $plDescription = "Manage sudo roles";
34 private $DivListSudo = NULL;
35 private $sudotabs = NULL;
36 private $base = "";
38 /*! \brief */
39 public function __construct(&$config, &$ui)
40 {
41 /* Save configuration for internal use */
42 $this->config = &$config;
43 $this->ui = &$ui;
44 $this->base = sudo::get_sudoers_ou($this->config);
46 /* Create dialog object */
47 $this->DivListSudo = new divListSudo($this->config,$this);
48 }
51 /*! \brief Generate && Display HTML content
52 */
53 public function execute()
54 {
55 /* Call parent execute */
56 plugin::execute();
58 /********************
59 Handle Posts
60 ********************/
62 /* Store these posts if the current object is locked (used by somebody else)*/
63 session::set('LOCK_VARS_TO_USE',array(
64 "/^act$/","/^id$/","/^sudo_edit_/",
65 "/^sudo_del_/","/^item_selected/","/menu_action/"));
68 /* Get html posts */
69 $s_action = "";
70 $s_entry = "";
71 foreach($_POST as $name => $value){
72 if(preg_match("/^sudo_edit_/",$name)){
73 $s_action = "edit_role";
74 $s_entry = preg_replace("/^sudo_edit_([0-9]*).*$/","\\1",$name);
75 }
76 if(preg_match("/^sudo_del_/",$name)){
77 $s_action = "del_role";
78 $s_entry = preg_replace("/^sudo_del_([0-9]*).*$/","\\1",$name);
79 }
80 }
82 if(isset($_GET['act']) && isset($_GET['id']) && $_GET['act'] == "edit_entry"){
83 $id = trim($_GET['id']);
84 if(isset($this->list[$id])){
85 $s_action = "edit_role";
86 $s_entry = $id;
87 }
88 }
90 if(isset($_POST['menu_action']) && in_array($_POST['menu_action'],array("new_role","del_role"))){
91 $s_action = $_POST['menu_action'];
92 }
94 $smarty= get_smarty();
97 /********************
98 Create a new sudo ...
99 ********************/
101 /* New sudo? */
102 if ($s_action=="new_role"){
104 /* Check create permissions */
105 $acl = $this->ui->get_permissions($this->base,"sudo/sudo");
106 if(preg_match("/c/",$acl)){
108 /* By default we set 'dn' to 'new', all relevant plugins will
109 react on this. */
110 $this->dn= "new";
112 /* Create new sudotabs object */
113 $this->sudotabs= new sudotabs($this->config, $this->config->data['TABS']['SUDOTABS'], $this->dn);
115 /* Set up the sudo ACL's for this 'dn' */
116 $this->sudotabs->set_acl_base($this->base);
117 }
118 }
121 /********************
122 Save Sudo Tab/Object Changes
123 ********************/
125 /* Save changes */
126 if ((isset($_POST['edit_finish']) || isset($_POST['edit_apply'])) && is_object($this->sudotabs)){
128 /* Check tabs, will feed message array
129 Save, or display error message? */
130 $message= $this->sudotabs->check();
131 if (count($message) == 0){
133 /* Save user data to ldap */
134 $this->sudotabs->save();
136 if (!isset($_POST['edit_apply'])){
138 /* Sudo has been saved successfully, remove lock from LDAP. */
139 if ($this->dn != "new"){
140 del_lock ($this->dn);
141 }
143 unset ($this->sudotabs);
144 $this->sudotabs= NULL;
145 session::un_set('objectinfo');
146 }else{
147 $this->dn = $this->sudotabs->dn;
148 $this->sudotabs= new sudotabs($this->config, $this->config->data['TABS']['SUDOTABS'], $this->dn);
149 session::set('objectinfo',$this->dn);
150 }
151 } else {
152 /* Ok. There seem to be errors regarding to the tab data,
153 show message and continue as usual. */
154 msg_dialog::displayChecks($message);
155 }
156 }
159 /********************
160 Edit existing role
161 ********************/
163 /* User wants to edit data? */
164 if (($s_action=="edit_role") && !is_object($this->sudotabs)){
166 /* Get 'dn' from posted 'uid', must be unique */
167 $this->dn= $this->list[trim($s_entry)]['dn'];
169 /* Check locking & lock entry if required */
170 $user = get_lock($this->dn);
171 if ($user != ""){
172 return(gen_locked_message ($user, $this->dn));
173 }
174 add_lock ($this->dn, $this->ui->dn);
176 /* Register sudotabs to trigger edit dialog */
177 $this->sudotabs= new sudotabs($this->config,$this->config->data['TABS']['SUDOTABS'], $this->dn);
178 $this->sudotabs->set_acl_base($this->base);
179 session::set('objectinfo',$this->dn);
180 }
183 /********************
184 Delete entries requested, display confirm dialog
185 ********************/
187 if ($s_action=="del_role"){
189 $ids = $this->list_get_selected_items();
191 if(!count($ids) && $s_entry!=""){
192 $ids = array($s_entry);
193 }
195 if(count($ids)){
196 $this->dns = array();
197 foreach($ids as $id){
198 $dn = $this->list[$id]['dn'];
199 if (($user= get_lock($dn)) != ""){
200 return(gen_locked_message ($user, $dn));
201 }
202 $this->dns[$id] = $dn;
203 }
205 $dns_names = array();
206 foreach($this->dns as $dn){
207 add_lock ($dn, $this->ui->dn);
208 $dns_names[] =@LDAP::fix($dn);
209 }
211 /* Lock the current entry, so nobody will edit it during deletion */
212 $smarty->assign("info", msgPool::deleteInfo($dns_names,_("Sudo role")));
213 return($smarty->fetch(get_template_path('remove.tpl', TRUE)));
214 }
215 }
218 /********************
219 Delete entries confirmed
220 ********************/
222 /* Confirmation for deletion has been passed. Sudo should be deleted. */
223 if (isset($_POST['delete_sudos_confirmed'])){
225 /* Remove user by user and check acls before removeing them */
226 foreach($this->dns as $key => $dn){
228 /* Load permissions for selected 'dn' and check if
229 we're allowed to remove this 'dn' */
230 $acl = $this->ui->get_permissions($dn,"sudo/sudo");
231 if(preg_match("/d/",$acl)){
233 /* Delete request is permitted, perform LDAP action */
234 $this->sudotabs= new sudotabs($this->config,$this->config->data['TABS']['SUDOTABS'], $dn);
235 $this->sudotabs->set_acl_base($dn);
236 $this->sudotabs->delete ();
237 unset ($this->sudotabs);
238 $this->sudotabs= NULL;
240 } else {
242 /* Normally this shouldn't be reached, send some extra
243 logs to notify the administrator */
244 msg_dialog::display(_("Permission error"), msgPool::permDelete(), ERROR_DIALOG);
245 new log("security","sudo/".get_class($this),$dn,array(),"Tried to trick deletion.");
246 }
247 /* Remove lock file after successfull deletion */
248 del_lock ($dn);
249 unset($this->dns[$key]);
250 }
251 }
254 /********************
255 Delete entries Canceled
256 ********************/
258 /* Remove lock */
259 if(isset($_POST['delete_sudo_cancel'])){
260 foreach($this->dns as $key => $dn){
261 del_lock ($dn);
262 unset($this->dns[$key]);
263 }
264 }
266 /********************
267 A dialog was canceled
268 ********************/
270 /* Cancel dialogs */
271 if (isset($_POST['edit_cancel'])){
272 if(isset($this->sudotabs->dn)){
273 del_lock ($this->sudotabs->dn);
274 }
275 unset ($this->sudotabs);
276 $this->sudotabs= NULL;
277 session::un_set('objectinfo');
278 }
281 /********************
282 If there is currently a dialog open, display it
283 ********************/
285 /* Show tab dialog if object is present */
286 if (isset($this->sudotabs->config)){
287 $display= $this->sudotabs->execute();
289 /* Don't show buttons if tab dialog requests this */
290 if(isset($this->sudotabs->by_object)){
291 if (!$this->sudotabs->by_object[$this->sudotabs->current]->dialog){
292 $display.= "<p style=\"text-align:right\">\n";
293 $display.= "<input type=submit name=\"edit_finish\" style=\"width:80px\" value=\"".msgPool::okButton()."\">\n";
294 $display.= " \n";
295 if ($this->dn != "new"){
296 $display.= "<input type=submit name=\"edit_apply\" value=\"".msgPool::applyButton()."\">\n";
297 $display.= " \n";
298 }
299 $display.= "<input type=submit name=\"edit_cancel\" value=\"".msgPool::cancelButton()."\">\n";
300 $display.= "</p>";
301 }
302 }
303 return ($display);
304 }
306 /* Display dialog with sudo list */
307 $this->DivListSudo->parent = &$this;
308 $this->DivListSudo->execute();
309 $this->reload ();
310 $this->DivListSudo->setEntries($this->list);
311 return($this->DivListSudo->Draw());
312 }
315 /*! \brief Return all selected elements from HTML list
316 @return Array List of all selected list elements
317 */
318 private function list_get_selected_items()
319 {
320 $ids = array();
321 foreach($_POST as $name => $value){
322 if(preg_match("/^item_selected_[0-9]*$/",$name)){
323 $id = preg_replace("/^item_selected_/","",$name);
324 $ids[$id] = $id;
325 }
326 }
327 return($ids);
328 }
331 /*! \brief Reload the list of sudo roles.
332 */
333 private function reload($CreatePosixsList=false)
334 {
335 $this->list = array();
336 $base = $this->base;
338 $Regex = trim($this->DivListSudo->Regex);
339 $UserRegex = trim($this->DivListSudo->UserRegex);
340 $SubSearch = $this->DivListSudo->SubSearch;
342 /********************
343 Create filter depending on selected checkboxes
344 ********************/
345 $values = array("cn","description","sudoUser","sudoCommand","sudoOption");
346 if($UserRegex == "*"){
347 $ff = "(&(|(cn=".$Regex.")(description=".$Regex."))(objectClass=sudoRole))";
348 }else{
349 $ff = "(&(|(cn=".$Regex.")(description=".$Regex."))(sudoUser=".$UserRegex.")(objectClass=sudoRole))";
350 }
351 $res = get_list($ff, "sudo",$base,$values, GL_SIZELIMIT);
352 $tmp = array();
353 foreach($res as $attrs){
354 $tmp[$attrs['cn'][0]] = $attrs;
355 }
356 uksort($tmp, 'strnatcasecmp');
357 $this->list = array_values($tmp);
358 }
361 /*! \brief Save HTML post data to object
362 */
363 public function save_object()
364 {
365 $this->DivListSudo->save_object();
366 }
369 /*! \brief Remove this account
370 */
371 public function remove_from_parent()
372 {
373 /* Optionally execute a command after we're done */
374 $this->postremove();
375 }
378 /*! \brief Save to LDAP
379 */
380 public function save()
381 {
382 /* Optionally execute a command after we're done */
383 $this->postcreate();
384 }
387 /*! \brief Remove lock from entry
388 */
389 public function remove_lock()
390 {
391 if (isset($this->sudotabs->dn)){
392 del_lock ($this->sudotabs->dn);
393 }
394 }
395 }
396 // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
397 ?>