1 <?php
2 /*
3 * This code is part of GOsa (http://www.gosa-project.org)
4 * Copyright (C) 2003-2008 GONICUS GmbH
5 *
6 * ID: $$Id: class_sudoManagement.inc 10099 2008-04-01 12:52:01Z hickert $$
7 *
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
21 */
23 /*! \brief This is the sudo management class. \
24 This class allows to add/remove/edit sudo roles with GOsa. \
25 All roles will be listed by this plugin, the displayed objects \
26 can also be filtered.
27 */
28 class sudoManagement extends plugin
29 {
30 /* Definitions */
31 public $plHeadline = "Sudo roles";
32 public $plDescription = "Manage sudo roles";
34 private $DivListSudo = NULL;
35 private $sudotabs = NULL;
36 private $base = "";
38 /*! \brief */
39 public function __construct(&$config, &$ui)
40 {
41 /* Save configuration for internal use */
42 $this->config = &$config;
43 $this->ui = &$ui;
44 $this->base = sudo::get_sudoers_ou($this->config);
46 /* Create dialog object */
47 $this->DivListSudo = new divListSudo($this->config,$this);
48 }
51 /*! \brief Generate && Display HTML content
52 */
53 public function execute()
54 {
55 /* Call parent execute */
56 plugin::execute();
58 /********************
59 Handle Posts
60 ********************/
62 /* Store these posts if the current object is locked (used by somebody else)*/
63 session::set('LOCK_VARS_TO_USE',array(
64 "/^act$/","/^id$/","/^sudo_edit_/",
65 "/^sudo_del_/","/^item_selected/","/menu_action/"));
68 /* Get html posts */
69 $s_action = "";
70 $s_entry = "";
71 foreach($_POST as $name => $value){
72 if(preg_match("/^sudo_edit_/",$name)){
73 $s_action = "edit_role";
74 $s_entry = preg_replace("/^sudo_edit_([0-9]*).*$/","\\1",$name);
75 }
76 if(preg_match("/^sudo_del_/",$name)){
77 $s_action = "del_role";
78 $s_entry = preg_replace("/^sudo_del_([0-9]*).*$/","\\1",$name);
79 }
80 }
82 if(isset($_GET['act']) && isset($_GET['id']) && $_GET['act'] == "edit_entry"){
83 $id = trim($_GET['id']);
84 if(isset($this->list[$id])){
85 $s_action = "edit_role";
86 $s_entry = $id;
87 }
88 }
90 if(isset($_POST['menu_action']) && in_array($_POST['menu_action'],array("new_role","del_role"))){
91 $s_action = $_POST['menu_action'];
92 }
94 $smarty= get_smarty();
97 /********************
98 Create a new sudo ...
99 ********************/
101 /* New sudo? */
102 if ($s_action=="new_role"){
104 /* Check create permissions */
105 $acl = $this->ui->get_permissions($this->base,"sudo/sudo");
106 if(preg_match("/c/",$acl)){
108 /* By default we set 'dn' to 'new', all relevant plugins will
109 react on this. */
110 $this->dn= "new";
112 /* Create new sudotabs object */
113 $this->sudotabs= new sudotabs($this->config, $this->config->data['TABS']['SUDOTABS'], $this->dn);
115 /* Set up the sudo ACL's for this 'dn' */
116 $this->sudotabs->set_acl_base($this->base);
117 }
118 }
121 /********************
122 Save Sudo Tab/Object Changes
123 ********************/
125 /* Save changes */
126 if ((isset($_POST['edit_finish']) || isset($_POST['edit_apply'])) && is_object($this->sudotabs)){
128 /* Check tabs, will feed message array
129 Save, or display error message? */
130 $message= $this->sudotabs->check();
131 if (count($message) == 0){
133 /* Save user data to ldap */
134 $this->sudotabs->save();
136 if (!isset($_POST['edit_apply'])){
138 /* Sudo has been saved successfully, remove lock from LDAP. */
139 if ($this->dn != "new"){
140 del_lock ($this->dn);
141 }
142 unset ($this->sudotabs);
143 $this->sudotabs= NULL;
144 session::un_set('objectinfo');
145 }else{
146 $this->dn = $this->sudotabs->dn;
147 $this->sudotabs= new sudotabs($this->config, $this->config->data['TABS']['SUDOTABS'], $this->dn);
148 session::set('objectinfo',$this->dn);
149 }
150 } else {
151 /* Ok. There seem to be errors regarding to the tab data,
152 show message and continue as usual. */
153 msg_dialog::displayChecks($message);
154 }
155 }
158 /********************
159 Edit existing role
160 ********************/
162 /* User wants to edit data? */
163 if (($s_action=="edit_role") && !is_object($this->sudotabs)){
165 /* Get 'dn' from posted 'uid', must be unique */
166 $this->dn= $this->list[trim($s_entry)]['dn'];
168 /* Check locking & lock entry if required */
169 $user = get_lock($this->dn);
170 if ($user != ""){
171 return(gen_locked_message ($user, $this->dn));
172 }
173 add_lock ($this->dn, $this->ui->dn);
175 /* Register sudotabs to trigger edit dialog */
176 $this->sudotabs= new sudotabs($this->config,$this->config->data['TABS']['SUDOTABS'], $this->dn);
177 $this->sudotabs->set_acl_base($this->base);
178 session::set('objectinfo',$this->dn);
179 }
182 /********************
183 Delete entries requested, display confirm dialog
184 ********************/
186 if ($s_action=="del_role"){
187 $ids = $this->list_get_selected_items();
188 if(!count($ids) && $s_entry!=""){
189 $ids = array($s_entry);
190 }
192 if(count($ids)){
194 /* Create list of entries to delete */
195 $this->dns = array();
196 $dns_names = array();
197 foreach($ids as $id){
198 $dn = $this->list[$id]['dn'];
199 $this->dns[$id] = $dn;
200 $dns_names[] =@LDAP::fix($dn);
201 }
203 /* Check locking of entries */
204 $users = get_multiple_locks($this->dns);
205 if(count($users)){
206 return(gen_locked_message($users,$this->dns));
207 }
209 /* Add locks */
210 add_lock($this->dns,$this->ui->dn);
212 /* Lock the current entry, so nobody will edit it during deletion */
213 $smarty->assign("info", msgPool::deleteInfo($dns_names,_("Sudo role")));
214 return($smarty->fetch(get_template_path('remove.tpl', TRUE)));
215 }
216 }
219 /********************
220 Delete entries confirmed
221 ********************/
223 /* Confirmation for deletion has been passed. Sudo should be deleted. */
224 if (isset($_POST['delete_sudos_confirmed'])){
226 /* Remove user by user and check acls before removeing them */
227 foreach($this->dns as $key => $dn){
229 /* Load permissions for selected 'dn' and check if
230 we're allowed to remove this 'dn' */
231 $acl = $this->ui->get_permissions($dn,"sudo/sudo");
232 if(preg_match("/d/",$acl)){
234 /* Delete request is permitted, perform LDAP action */
235 $this->sudotabs= new sudotabs($this->config,$this->config->data['TABS']['SUDOTABS'], $dn);
236 $this->sudotabs->set_acl_base($dn);
237 $this->sudotabs->delete ();
238 unset ($this->sudotabs);
239 $this->sudotabs= NULL;
241 } else {
243 /* Normally this shouldn't be reached, send some extra
244 logs to notify the administrator */
245 msg_dialog::display(_("Permission error"), msgPool::permDelete(), ERROR_DIALOG);
246 new log("security","sudo/".get_class($this),$dn,array(),"Tried to trick deletion.");
247 }
248 /* Remove lock file after successfull deletion */
249 del_lock ($dn);
250 unset($this->dns[$key]);
251 }
252 }
255 /********************
256 Delete entries Canceled
257 ********************/
259 /* Remove lock */
260 if(isset($_POST['delete_sudo_cancel'])){
261 del_lock ($this->dns);
262 unset($this->dns);
263 }
265 /********************
266 A dialog was canceled
267 ********************/
269 /* Cancel dialogs */
270 if (isset($_POST['edit_cancel']) && is_object($this->sudotabs)){
271 if(isset($this->sudotabs->dn)){
272 del_lock ($this->sudotabs->dn);
273 }
274 unset ($this->sudotabs);
275 $this->sudotabs= NULL;
276 session::un_set('objectinfo');
277 }
280 /********************
281 If there is currently a dialog open, display it
282 ********************/
284 /* Show tab dialog if object is present */
285 if (is_object($this->sudotabs)){
286 $display= $this->sudotabs->execute();
288 /* Don't show buttons if tab dialog requests this */
289 if(isset($this->sudotabs->by_object)){
290 if (!$this->sudotabs->by_object[$this->sudotabs->current]->dialog){
291 $display.= "<p style=\"text-align:right\">\n";
292 $display.= "<input type=submit name=\"edit_finish\" style=\"width:80px\" value=\"".msgPool::okButton()."\">\n";
293 $display.= " \n";
294 if ($this->dn != "new"){
295 $display.= "<input type=submit name=\"edit_apply\" value=\"".msgPool::applyButton()."\">\n";
296 $display.= " \n";
297 }
298 $display.= "<input type=submit name=\"edit_cancel\" value=\"".msgPool::cancelButton()."\">\n";
299 $display.= "</p>";
300 }
301 }
302 return ($display);
303 }
305 /* Display dialog with sudo list */
306 $this->DivListSudo->execute();
307 $this->reload ();
308 $this->DivListSudo->setEntries($this->list);
309 return($this->DivListSudo->Draw());
310 }
313 /*! \brief Return all selected elements from HTML list
314 @return Array List of all selected list elements
315 */
316 private function list_get_selected_items()
317 {
318 $ids = array();
319 foreach($_POST as $name => $value){
320 if(preg_match("/^item_selected_[0-9]*$/",$name)){
321 $id = preg_replace("/^item_selected_/","",$name);
322 $ids[$id] = $id;
323 }
324 }
325 return($ids);
326 }
329 /*! \brief Reload the list of sudo roles.
330 */
331 private function reload($CreatePosixsList=false)
332 {
333 $this->list = array();
334 $base = $this->base;
336 $Regex = trim($this->DivListSudo->Regex);
337 $UserRegex = trim($this->DivListSudo->UserRegex);
338 $SubSearch = $this->DivListSudo->SubSearch;
340 /********************
341 Create filter depending on selected checkboxes
342 ********************/
343 $values = array("cn","description","sudoUser","sudoCommand","sudoOption");
344 if($UserRegex == "*"){
345 $ff = "(&(|(cn=".$Regex.")(description=".$Regex."))(objectClass=sudoRole))";
346 }else{
347 $ff = "(&(|(cn=".$Regex.")(description=".$Regex."))(sudoUser=".$UserRegex.")(objectClass=sudoRole))";
348 }
349 $res = get_list($ff, "sudo",$base,$values, GL_SIZELIMIT);
350 $tmp = array();
351 foreach($res as $attrs){
352 $tmp[$attrs['cn'][0]] = $attrs;
353 }
354 uksort($tmp, 'strnatcasecmp');
355 $this->list = array_values($tmp);
356 }
359 /*! \brief Save HTML post data to object
360 */
361 public function save_object()
362 {
363 $this->DivListSudo->save_object();
364 }
367 /*! \brief Remove this account
368 */
369 public function remove_from_parent()
370 {
371 /* Optionally execute a command after we're done */
372 $this->postremove();
373 }
376 /*! \brief Save to LDAP
377 */
378 public function save()
379 {
380 /* Optionally execute a command after we're done */
381 $this->postcreate();
382 }
385 /*! \brief Remove lock from entry
386 */
387 public function remove_lock()
388 {
389 if (is_object($this->sudotabs) && $this->sudotabs->dn != "new"){
390 del_lock ($this->sudotabs->dn);
391 }
392 if(isset($this->dns) && is_array($this->dns) && count($this->dns)){
393 del_lock($this->dns);
394 }
395 }
396 }
397 // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
398 ?>