config = &$config; $this->ui = &$ui; $this->base = sudo::get_sudoers_ou($this->config); /* Copy & Paste enabled ?*/ if ($this->config->get_cfg_value("copyPaste") == "true"){ $this->CopyPasteHandler = new CopyPasteHandler($this->config); } /* Create dialog object */ $this->DivListSudo = new divListSudo($this->config,$this); } /*! \brief Generate && Display HTML content */ public function execute() { /* Call parent execute */ plugin::execute(); /******************** Handle Posts ********************/ /* Store these posts if the current object is locked (used by somebody else)*/ session::set('LOCK_VARS_TO_USE',array( "/^act$/","/^id$/","/^sudo_edit_/","/^cut_/","/^copy_/", "/^sudo_del_/","/^item_selected/","/menu_action/")); /* Get html posts */ $s_action = ""; $s_entry = ""; foreach($_POST as $name => $value){ if(preg_match("/^sudo_edit_/",$name)){ $s_action = "edit_role"; $s_entry = preg_replace("/^sudo_edit_([0-9]*).*$/","\\1",$name); } if(preg_match("/^sudo_del_/",$name)){ $s_action = "del_role"; $s_entry = preg_replace("/^sudo_del_([0-9]*).*$/","\\1",$name); }elseif(preg_match("/^editPaste.*/i",$name)){ $s_action="editPaste"; }elseif(preg_match("/^copy_.*/",$name)){ $s_action="copy"; $s_entry = preg_replace("/^copy_([0-9]*).*$/i","\\1",$name); # }elseif(preg_match("/^cut_.*/",$name)){ # $s_action="cut"; # $s_entry = preg_replace("/^cut_([0-9]*).*$/i","\\1",$name); } } if(isset($_GET['act']) && isset($_GET['id']) && $_GET['act'] == "edit_entry"){ $id = trim($_GET['id']); if(isset($this->list[$id])){ $s_action = "edit_role"; $s_entry = $id; } } if(isset($_POST['menu_action']) && in_array($_POST['menu_action'],array("new_role","del_role","new_default","editPaste"))){ $s_action = $_POST['menu_action']; } /* handle C&P from layers menu */ if(isset($_POST['menu_action']) && preg_match("/^multiple_copy_systems/",$_POST['menu_action'])){ $s_action = "copy_multiple"; } $smarty= get_smarty(); /******************** Copy & Paste Handling ... ********************/ /* Display the copy & paste dialog, if it is currently open */ $ret = $this->copyPasteHandling_from_queue($s_action,$s_entry); if($ret){ return($ret); } /******************** Create a new sudo ... ********************/ /* New sudo? */ if ($s_action=="new_role" || $s_action == "new_default"){ /* Check create permissions */ $acl = $this->ui->get_permissions($this->base,"sudo/sudo"); if(preg_match("/c/",$acl)){ /* By default we set 'dn' to 'new', all relevant plugins will react on this. */ $this->dn= "new"; /* Create new sudotabs object */ $this->sudotabs= new sudotabs($this->config, $this->config->data['TABS']['SUDOTABS'], $this->dn); /* Set up the sudo ACL's for this 'dn' */ $this->sudotabs->set_acl_base($this->base); /* This entry will become the default entry */ if($s_action == "new_default"){ $this->sudotabs->set_default(TRUE); } } } /******************** Save Sudo Tab/Object Changes ********************/ /* Save changes */ if ((isset($_POST['edit_finish']) || isset($_POST['edit_apply'])) && is_object($this->sudotabs)){ /* Check tabs, will feed message array Save, or display error message? */ $message= $this->sudotabs->check(); if (count($message) == 0){ /* Save user data to ldap */ $this->sudotabs->save(); if (!isset($_POST['edit_apply'])){ /* Sudo has been saved successfully, remove lock from LDAP. */ if ($this->dn != "new"){ $this->remove_lock(); } unset ($this->sudotabs); $this->sudotabs= NULL; set_object_info(); }else{ /* Reinitialize tab */ if($this->sudotabs instanceof tabs){ $this->sudotabs->re_init(); } } } else { /* Ok. There seem to be errors regarding to the tab data, show message and continue as usual. */ msg_dialog::displayChecks($message); } } /******************** Edit existing role ********************/ /* User wants to edit data? */ if (($s_action=="edit_role") && !is_object($this->sudotabs)){ /* Get 'dn' from posted 'uid', must be unique */ $this->dn= $this->list[trim($s_entry)]['dn']; /* Check locking & lock entry if required */ $user = get_lock($this->dn); if ($user != ""){ return(gen_locked_message ($user, $this->dn)); } add_lock ($this->dn, $this->ui->dn); /* Register sudotabs to trigger edit dialog */ $this->sudotabs= new sudotabs($this->config,$this->config->data['TABS']['SUDOTABS'], $this->dn); $this->sudotabs->set_acl_base($this->base); set_object_info($this->dn); } /******************** Delete entries requested, display confirm dialog ********************/ if ($s_action=="del_role"){ $ids = $this->list_get_selected_items(); if(!count($ids) && $s_entry!=""){ $ids = array($s_entry); } $this->dns = array(); if(count($ids)){ $disallowed = array(); foreach($ids as $id){ $dn = $this->list[$id]['dn']; $acl = $this->ui->get_permissions($dn, "sudo/sudo"); if(preg_match("/d/",$acl)){ $this->dns[$id] = $dn; }else{ $disallowed[] = $dn; } } if(count($disallowed)){ msg_dialog::display(_("Permission"),msgPool::permDelete($disallowed),INFO_DIALOG); } if(count($this->dns)){ /* Check locking of entries */ $users = get_multiple_locks($this->dns); if(count($users)){ return(gen_locked_message($users,$this->dns)); } /* Add locks */ add_lock($this->dns,$this->ui->dn); /* Lock the current entry, so nobody will edit it during deletion */ $smarty->assign("info", msgPool::deleteInfo($this->dns,_("Sudo role"))); return($smarty->fetch(get_template_path('remove.tpl', TRUE))); } } } /******************** Delete entries confirmed ********************/ /* Confirmation for deletion has been passed. Sudo should be deleted. */ if (isset($_POST['delete_sudos_confirmed'])){ /* Remove user by user and check acls before removeing them */ foreach($this->dns as $key => $dn){ /* Load permissions for selected 'dn' and check if we're allowed to remove this 'dn' */ $acl = $this->ui->get_permissions($dn,"sudo/sudo"); if(preg_match("/d/",$acl)){ /* Delete request is permitted, perform LDAP action */ $this->sudotabs= new sudotabs($this->config,$this->config->data['TABS']['SUDOTABS'], $dn); $this->sudotabs->set_acl_base($dn); $this->sudotabs->delete (); unset ($this->sudotabs); $this->sudotabs= NULL; } else { /* Normally this shouldn't be reached, send some extra logs to notify the administrator */ msg_dialog::display(_("Permission error"), msgPool::permDelete(), ERROR_DIALOG); new log("security","sudo/".get_class($this),$dn,array(),"Tried to trick deletion."); } } /* Remove lock file after successfull deletion */ $this->remove_lock(); $this->dns = array(); } /******************** Delete entries Canceled ********************/ /* Remove lock */ if(isset($_POST['delete_sudo_cancel'])){ $this->remove_lock(); $this->dns = array(); } /******************** A dialog was canceled ********************/ /* Cancel dialogs */ if (isset($_POST['edit_cancel']) && is_object($this->sudotabs)){ $this->remove_lock(); $this->sudotabs= NULL; set_object_info(); } /******************** If there is currently a dialog open, display it ********************/ /* Show tab dialog if object is present */ if (is_object($this->sudotabs)){ $display= $this->sudotabs->execute(); /* Don't show buttons if tab dialog requests this */ if(isset($this->sudotabs->by_object)){ if (!$this->sudotabs->by_object[$this->sudotabs->current]->dialog){ $display.= "

\n"; $display.= "\n"; $display.= " \n"; if ($this->dn != "new"){ $display.= "\n"; $display.= " \n"; } $display.= "\n"; $display.= "

"; } } return ($display); } /* Check if there is a snapshot dialog open */ if($str = $this->showSnapshotDialog(sudo::get_sudoers_ou($this->config),$this->get_used_snapshot_bases(),$this)){ return($str); } /* Display dialog with sudo list */ $this->DivListSudo->execute(); $this->reload (); $this->DivListSudo->setEntries($this->list); return($this->DivListSudo->Draw()); } /*! \brief Return all selected elements from HTML list @return Array List of all selected list elements */ private function list_get_selected_items() { $ids = array(); foreach($_POST as $name => $value){ if(preg_match("/^item_selected_[0-9]*$/",$name)){ $id = preg_replace("/^item_selected_/","",$name); $ids[$id] = $id; } } return($ids); } /*! \brief Reload the list of sudo roles. */ private function reload($CreatePosixsList=false) { $this->list = array(); $base = $this->base; $Regex = trim($this->DivListSudo->Regex); $UserRegex = trim($this->DivListSudo->UserRegex); $SubSearch = $this->DivListSudo->SubSearch; /******************** Create filter depending on selected checkboxes ********************/ $values = array("cn","description","sudoUser","sudoCommand","sudoOption"); if($UserRegex == "*"){ $ff = "(&(|(cn=".$Regex.")(description=".$Regex."))(objectClass=sudoRole))"; }else{ $ff = "(&(|(cn=".$Regex.")(description=".$Regex."))(sudoUser=".$UserRegex.")(objectClass=sudoRole))"; } $res = get_list($ff, "sudo",$base,$values, GL_SIZELIMIT); $tmp = array(); foreach($res as $attrs){ $tmp[$attrs['cn'][0]] = $attrs; } uksort($tmp, 'strnatcasecmp'); $this->list = array_values($tmp); } /*! \brief Save HTML post data to object */ public function save_object() { $this->DivListSudo->save_object(); if(is_object($this->CopyPasteHandler)){ $this->CopyPasteHandler->save_object(); } } /*! \brief Remove this account */ public function remove_from_parent() { /* Optionally execute a command after we're done */ $this->postremove(); } /*! \brief Save to LDAP */ public function save() { /* Optionally execute a command after we're done */ $this->postcreate(); } /*! \brief Remove lock from entry */ public function remove_lock() { if (is_object($this->sudotabs) && $this->sudotabs->dn != "new"){ del_lock ($this->sudotabs->dn); } if(isset($this->dns) && is_array($this->dns) && count($this->dns)){ del_lock($this->dns); } } function get_used_snapshot_bases() { return(array(sudo::get_sudoers_ou($this->config))); } function copyPasteHandling_from_queue($s_action,$s_entry) { /* Check if Copy & Paste is disabled */ if(!is_object($this->CopyPasteHandler)){ return(""); } $ui = get_userinfo(); /* Add a single entry to queue */ if($s_action == "cut" || $s_action == "copy"){ /* Cleanup object queue */ $this->CopyPasteHandler->cleanup_queue(); $dn = $this->list[$s_entry]['dn']; if($s_action == "copy" && $ui->is_copyable($dn,"sudo","sudo")){ $this->CopyPasteHandler->add_to_queue($dn,$s_action,"sudotabs","SUDOTABS","sudo"); } # if($s_action == "cut" && $ui->is_cutable($dn,"sudo","sudo")){ # $this->CopyPasteHandler->add_to_queue($dn,$s_action,"sudotabs","SUDOTABS","sudo"); # } } /* Add entries to queue */ if($s_action == "copy_multiple" || $s_action == "cut_multiple"){ /* Cleanup object queue */ $this->CopyPasteHandler->cleanup_queue(); /* Add new entries to CP queue */ foreach($this->list_get_selected_items() as $id){ $dn = $this->list[$id]['dn']; if($s_action == "copy_multiple" && $ui->is_copyable($dn,"sudo","sudo")){ $this->CopyPasteHandler->add_to_queue($dn,"copy","sudotabs","SUDOTABS","sudo"); } # if($s_action == "cut_multiple" && $ui->is_cutable($dn,"sudo","sudo")){ # $this->CopyPasteHandler->add_to_queue($dn,"cut","sudotabs","SUDOTABS","sudo"); # } } } /* Start pasting entries */ if($s_action == "editPaste"){ $this->start_pasting_copied_objects = TRUE; } /* Return C&P dialog */ if($this->start_pasting_copied_objects && $this->CopyPasteHandler->entries_queued()){ /* Get dialog */ $this->CopyPasteHandler->SetVar("base",$this->DivListSudo->selectedBase); $data = $this->CopyPasteHandler->execute(); /* Return dialog data */ if(!empty($data)){ return($data); } } /* Automatically disable status for pasting */ if(!$this->CopyPasteHandler->entries_queued()){ $this->start_pasting_copied_objects = FALSE; } return(""); } } // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler: ?>