1 <?php
2 /*!
3 \brief sudo-ldap plugin
4 \author Guido Serra <gserra@guidoserra.it>
5 \version 1.00
6 \date 22.03.2008
8 This class provides the functionality to read and write all attributes
9 relevant for sudo-ldap from/to the LDAP.
10 */
12 class sudoldap extends plugin
13 {
14 /* Definitions */
15 var $plHeadline = "sudo-ldap";
16 var $plDescription = "This does something";
18 /* Plugin specific values */
19 var $attributes = array( "cn",
20 "description",
21 "sudoUser",
22 "sudoHost",
23 "sudoCommand",
24 "sudoRunAs",
25 "sudoOption");
27 var $objectclasses = array("sudoRole");
28 var $Roles = array();
29 var $dialog = NULL;
31 /* constructor, if 'dn' is set, the node loads the given
32 'dn' from LDAP */
33 function sudoldap ($config, $dn= NULL, $parent= NULL){
34 /* Configuration is fine, allways */
35 $this->config= $config;
36 /* Load bases attributes */
37 plugin::plugin($config, $dn, $parent);
38 $ldap= $this->config->get_ldap_link();
39 } // function
41 /* execute generates the html output for this node */
42 function execute($isCopyPaste = false){
43 /* Call parent execute */
44 plugin::execute();
45 $display= "";
46 $smarty= get_smarty();
47 $this->Roles = $this->getRoles();
49 /* Edited or Added zone
50 */
51 if((isset($_POST['SaveRoleChanges'])) && is_object($this->dialog)){
52 $this->dialog->save_object();
54 /* Check for errors
55 */
56 if(count($this->dialog->check())){
57 foreach($this->dialog->check() as $msgs){
58 print_red($msgs);
59 }
60 }else{
61 /* add new/edited zone
62 */
63 $ret = $this->dialog->save();
64 //if(!$this->dialog->isNew){
65 // unset($this->Roles[$this->dialog->OldRoleName]);
66 //}
67 $this->Roles[$ret['cn']] = $ret;
68 $this->dialog = NULL;
69 }
70 }
72 /* Cancel zone edit / new
73 */
74 if(isset($_POST['CancelRoleChanges'])){
75 $this->dialog = NULL;
76 }
78 /* Add empty new zone
79 */
80 //if(isset($_POST['AddRole']) && chkacl($this->acl,"sudoldap") == ""){
81 if(isset($_POST['AddRole'])){
82 $this->dialog = new sudoldapEditRole($this->config);
83 }
85 /* Check for edit role request
86 */
87 $once = false;
88 foreach( $_POST as $name => $value){
90 /* check all post for edit request
91 */
93 //if(preg_match("/^editRole_/",$name)&&!$once
94 // && chkacl($this->acl,"sudoldap") == ""){
95 if(preg_match("/^editRole_/",$name)&&!$once){
96 $once =true;
97 $tmp = preg_replace("/^editRole_/","",$name);
98 $tmp = base64_decode(preg_replace("/_.*$/","",$tmp));
99 $this->dialog= new sudoldapeditRole($this->config,
100 $this->dn,
101 $this->Roles[$tmp]);
102 } // if ()
104 /* check posts for delete zone
105 */
107 //if(preg_match("/^delRole_/",$name)&&!$once
108 // && chkacl($this->acl,"sudoldap") == ""){
109 if(preg_match("/^delRole_/",$name)&&!$once){
110 $once =true;
111 $tmp = preg_replace("/^delRole_/","",$name);
112 $tmp = base64_decode(preg_replace("/_.*$/","",$tmp));
114 /* Initiate deletion
115 */
117 $this->RemoveRole($tmp);
118 } // if ()
120 } // foreach()
122 /* Show dialog
123 */
124 if($this->dialog!= NULL){
125 $this->dialog->save_object();
126 $this->dialog->parent = $this;
127 return($this->dialog->execute());
128 }
130 $RoleList = new divSelectBox("sudoRoles");
131 $RoleList->SetHeight(300);
132 $editImg = "<input type='image' src='images/edit.png' name='editRole_%s'>
133 <input type='image' src='images/edittrash.png' name='delRole_%s'>";
135 foreach($this->Roles as $role => $values ){
136 $link = "<a href='?plug=".$_GET['plug']."&act=edit&id=%s'>%s</a>";
137 $RoleList->AddEntry(
138 array(
139 array("string" => sprintf($link,base64_encode($role),$role)),
140 array("string" => str_replace("%s",base64_encode($role),$editImg))
141 )
142 );
143 } // foreach()
145 $smarty->assign("sudoldapACL",chkacl($this->acl,"sudoldap"));
146 $smarty->assign("RoleList",$RoleList->DrawList());
148 $display.= $smarty->fetch(get_template_path('sudoldap.tpl', TRUE));
150 return($display);
151 } // function
153 function getRoles(){
154 $ret = array();
155 $ldap = $this->config->get_ldap_link();
156 $ldap->cd($this->config->current['BASE']);
157 $ldap->search("(objectClass=sudoRole)",$this->attributes);
158 while ($attrs= $ldap->fetch()){
159 $cn= $attrs['cn'][0];
160 foreach($this->attributes as $value){
161 if(isset($attrs[$value])){
162 $ret[$cn][$value] = $attrs[$value][0];
163 } // if()
164 } // foreach()
165 } // while()
166 return($ret);
167 }
169 function RemoveRole($cn){
170 if($cn!=""){
171 $ldap= $this->config->get_ldap_link();
172 $dn = "cn=".$cn.",ou=SUDOers,".$this->config->current['BASE'];
173 $ldap->cd($dn);
174 $ldap->rmdir_recursive($dn);
175 show_ldap_error($ldap->get_error(), _("Removing DNS entries failed"));
176 unset($this->Roles[$cn]);
177 } // if()
178 } // function
180 }
182 // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
183 ?>