1 <?php
2 /*
3 * This code is part of GOsa (http://www.gosa-project.org)
4 * Copyright (C) 2003-2008 GONICUS GmbH
5 *
6 * ID: $$Id: class_sudoManagement.inc 10099 2008-04-01 12:52:01Z hickert $$
7 *
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
21 */
23 /*! \brief This is the sudo management class. \
24 This class allows to add/remove/edit sudo roles with GOsa. \
25 All roles will be listed by this plugin, the displayed objects \
26 can also be filtered.
27 */
28 class sudoManagement extends plugin
29 {
30 /* Definitions */
31 public $plHeadline = "Sudo roles";
32 public $plDescription = "Manage sudo roles";
34 private $DivListSudo = NULL;
35 private $sudotabs = NULL;
36 private $base = "";
38 /*! \brief */
39 public function __construct(&$config, &$ui)
40 {
41 /* Save configuration for internal use */
42 $this->config = &$config;
43 $this->ui = &$ui;
44 $this->base = sudo::get_sudoers_ou($this->config);
46 /* Create dialog object */
47 $this->DivListSudo = new divListSudo($this->config,$this);
48 }
51 public function execute()
52 {
53 /* Call parent execute */
54 plugin::execute();
56 /********************
57 Handle Posts
58 ********************/
60 /* Store these posts if the current object is locked (used by somebody else)*/
61 session::set('LOCK_VARS_TO_USE',array(
62 "/^act$/","/^id$/","/^sudo_edit_/",
63 "/^sudo_del_/","/^item_selected/","/menu_action/"));
66 /* Get html posts */
67 $s_action = "";
68 $s_entry = "";
69 foreach($_POST as $name => $value){
70 if(preg_match("/^sudo_edit_/",$name)){
71 $s_action = "edit_role";
72 $s_entry = preg_replace("/^sudo_edit_([0-9]*).*$/","\\1",$name);
73 }
74 if(preg_match("/^sudo_del_/",$name)){
75 $s_action = "del_role";
76 $s_entry = preg_replace("/^sudo_del_([0-9]*).*$/","\\1",$name);
77 }
78 }
80 if(isset($_GET['act']) && isset($_GET['id']) && $_GET['act'] == "edit_entry"){
81 $id = trim($_GET['id']);
82 if(isset($this->list[$id])){
83 $s_action = "edit_role";
84 $s_entry = $id;
85 }
86 }
88 if(isset($_POST['menu_action']) && in_array($_POST['menu_action'],array("new_role","del_role"))){
89 $s_action = $_POST['menu_action'];
90 }
92 $smarty= get_smarty();
95 /********************
96 Create a new sudo ...
97 ********************/
99 /* New sudo? */
100 if ($s_action=="new_role"){
102 /* Check create permissions */
103 $acl = $this->ui->get_permissions($this->base,"sudo/sudo");
104 if(preg_match("/c/",$acl)){
106 /* By default we set 'dn' to 'new', all relevant plugins will
107 react on this. */
108 $this->dn= "new";
110 /* Create new sudotabs object */
111 $this->sudotabs= new sudotabs($this->config, $this->config->data['TABS']['SUDOTABS'], $this->dn);
113 /* Set up the sudo ACL's for this 'dn' */
114 $this->sudotabs->set_acl_base($this->base);
115 }
116 }
119 /********************
120 Save Sudo Tab/Object Changes
121 ********************/
123 /* Save changes */
124 if ((isset($_POST['edit_finish']) || isset($_POST['edit_apply'])) && is_object($this->sudotabs)){
126 /* Check tabs, will feed message array
127 Save, or display error message? */
128 $message= $this->sudotabs->check();
129 if (count($message) == 0){
131 /* Save user data to ldap */
132 $this->sudotabs->save();
134 if (!isset($_POST['edit_apply'])){
136 /* Sudo has been saved successfully, remove lock from LDAP. */
137 if ($this->dn != "new"){
138 del_lock ($this->dn);
139 }
141 unset ($this->sudotabs);
142 $this->sudotabs= NULL;
143 session::un_set('objectinfo');
144 }else{
145 $this->dn = $this->sudotabs->dn;
146 $this->sudotabs= new sudotabs($this->config, $this->config->data['TABS']['SUDOTABS'], $this->dn);
147 session::set('objectinfo',$this->dn);
148 }
149 } else {
150 /* Ok. There seem to be errors regarding to the tab data,
151 show message and continue as usual. */
152 msg_dialog::displayChecks($message);
153 }
154 }
157 /********************
158 Edit existing role
159 ********************/
161 /* User wants to edit data? */
162 if (($s_action=="edit_role") && !is_object($this->sudotabs)){
164 /* Get 'dn' from posted 'uid', must be unique */
165 $this->dn= $this->list[trim($s_entry)]['dn'];
167 /* Check locking & lock entry if required */
168 $user = get_lock($this->dn);
169 if ($user != ""){
170 return(gen_locked_message ($user, $this->dn));
171 }
172 add_lock ($this->dn, $this->ui->dn);
174 /* Register sudotabs to trigger edit dialog */
175 $this->sudotabs= new sudotabs($this->config,$this->config->data['TABS']['SUDOTABS'], $this->dn);
176 $this->sudotabs->set_acl_base($this->base);
177 session::set('objectinfo',$this->dn);
178 }
181 /********************
182 Delete entries requested, display confirm dialog
183 ********************/
185 if ($s_action=="del_role"){
187 $ids = $this->list_get_selected_items();
189 if(!count($ids) && $s_entry!=""){
190 $ids = array($s_entry);
191 }
193 if(count($ids)){
194 $this->dns = array();
195 foreach($ids as $id){
196 $dn = $this->list[$id]['dn'];
197 if (($user= get_lock($dn)) != ""){
198 return(gen_locked_message ($user, $dn));
199 }
200 $this->dns[$id] = $dn;
201 }
203 $dns_names = array();
204 foreach($this->dns as $dn){
205 add_lock ($dn, $this->ui->dn);
206 $dns_names[] =@LDAP::fix($dn);
207 }
209 /* Lock the current entry, so nobody will edit it during deletion */
210 $smarty->assign("info", msgPool::deleteInfo($dns_names,_("Sudo role")));
211 return($smarty->fetch(get_template_path('remove.tpl', TRUE)));
212 }
213 }
216 /********************
217 Delete entries confirmed
218 ********************/
220 /* Confirmation for deletion has been passed. Sudo should be deleted. */
221 if (isset($_POST['delete_sudos_confirmed'])){
223 /* Remove user by user and check acls before removeing them */
224 foreach($this->dns as $key => $dn){
226 /* Load permissions for selected 'dn' and check if
227 we're allowed to remove this 'dn' */
228 $acl = $this->ui->get_permissions($dn,"sudo/sudo");
229 if(preg_match("/d/",$acl)){
231 /* Delete request is permitted, perform LDAP action */
232 $this->sudotabs= new sudotabs($this->config,$this->config->data['TABS']['SUDOTABS'], $dn);
233 $this->sudotabs->set_acl_base($dn);
234 $this->sudotabs->delete ();
235 unset ($this->sudotabs);
236 $this->sudotabs= NULL;
238 } else {
240 /* Normally this shouldn't be reached, send some extra
241 logs to notify the administrator */
242 msg_dialog::display(_("Permission error"), msgPool::permDelete(), ERROR_DIALOG);
243 new log("security","sudo/".get_class($this),$dn,array(),"Tried to trick deletion.");
244 }
245 /* Remove lock file after successfull deletion */
246 del_lock ($dn);
247 unset($this->dns[$key]);
248 }
249 }
252 /********************
253 Delete entries Canceled
254 ********************/
256 /* Remove lock */
257 if(isset($_POST['delete_sudo_cancel'])){
258 foreach($this->dns as $key => $dn){
259 del_lock ($dn);
260 unset($this->dns[$key]);
261 }
262 }
264 /********************
265 A dialog was canceled
266 ********************/
268 /* Cancel dialogs */
269 if (isset($_POST['edit_cancel'])){
270 if(isset($this->sudotabs->dn)){
271 del_lock ($this->sudotabs->dn);
272 }
273 unset ($this->sudotabs);
274 $this->sudotabs= NULL;
275 session::un_set('objectinfo');
276 }
279 /********************
280 If there is currently a dialog open, display it
281 ********************/
283 /* Show tab dialog if object is present */
284 if (isset($this->sudotabs->config)){
285 $display= $this->sudotabs->execute();
287 /* Don't show buttons if tab dialog requests this */
288 if(isset($this->sudotabs->by_object)){
289 if (!$this->sudotabs->by_object[$this->sudotabs->current]->dialog){
290 $display.= "<p style=\"text-align:right\">\n";
291 $display.= "<input type=submit name=\"edit_finish\" style=\"width:80px\" value=\"".msgPool::okButton()."\">\n";
292 $display.= " \n";
293 if ($this->dn != "new"){
294 $display.= "<input type=submit name=\"edit_apply\" value=\"".msgPool::applyButton()."\">\n";
295 $display.= " \n";
296 }
297 $display.= "<input type=submit name=\"edit_cancel\" value=\"".msgPool::cancelButton()."\">\n";
298 $display.= "</p>";
299 }
300 }
301 return ($display);
302 }
304 /* Display dialog with sudo list */
305 $this->DivListSudo->parent = &$this;
306 $this->DivListSudo->execute();
307 $this->reload ();
308 $this->DivListSudo->setEntries($this->list);
309 return($this->DivListSudo->Draw());
310 }
313 private function list_get_selected_items()
314 {
315 $ids = array();
316 foreach($_POST as $name => $value){
317 if(preg_match("/^item_selected_[0-9]*$/",$name)){
318 $id = preg_replace("/^item_selected_/","",$name);
319 $ids[$id] = $id;
320 }
321 }
322 return($ids);
323 }
326 private function reload($CreatePosixsList=false)
327 {
328 $this->list = array();
329 $base = $this->base;
331 $Regex = trim($this->DivListSudo->Regex);
332 $UserRegex = trim($this->DivListSudo->UserRegex);
333 $SubSearch = $this->DivListSudo->SubSearch;
335 /********************
336 Create filter depending on selected checkboxes
337 ********************/
338 $values = array("cn","description","sudoUser","sudoCommand","sudoOption");
339 if($UserRegex == "*"){
340 $ff = "(&(|(cn=".$Regex.")(description=".$Regex."))(objectClass=sudoRole))";
341 }else{
342 $ff = "(&(|(cn=".$Regex.")(description=".$Regex."))(sudoUser=".$UserRegex.")(objectClass=sudoRole))";
343 }
344 $res = get_list($ff, "sudo",$base,$values, GL_SIZELIMIT);
345 $tmp = array();
346 foreach($res as $attrs){
347 $tmp[$attrs['cn'][0]] = $attrs;
348 }
349 uksort($tmp, 'strnatcasecmp');
350 $this->list = array_values($tmp);
351 }
354 /* Save data to object */
355 public function save_object()
356 {
357 $this->DivListSudo->save_object();
358 }
360 public function remove_from_parent()
361 {
362 /* Optionally execute a command after we're done */
363 $this->postremove();
364 }
367 /* Save to LDAP */
368 public function save()
369 {
370 /* Optionally execute a command after we're done */
371 $this->postcreate();
372 }
374 public function remove_lock()
375 {
376 if (isset($this->sudotabs->dn)){
377 del_lock ($this->sudotabs->dn);
378 }
379 }
380 }
381 // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
382 ?>