diff --git a/gosa-plugins/sudo/admin/sudo/class_sudoOption.inc b/gosa-plugins/sudo/admin/sudo/class_sudoOption.inc
index a798d2ea94e5674f2154e31f1e4742b1fb07e3c6..bbac63d1be563ac04d330d76906d8af72eafdc7f 100644 (file)
class sudoOption extends plugin
{
/* Group attributes */
- var $sudoOption = array();
- var $attributes = array("sudoOption");
- var $is_account = TRUE;
- var $options = array();
+ protected $sudoOption = array();
+ public $attributes = array("sudoOption");
+ private $options = array();
+ public $ignore_account = TRUE;
/*! \brief Initializes this class
@param Object $config The GOsa configuration object.
Create a list of known options
****/
$options = array();
- $option['long_otp_prompt']= array('NAME' =>'long_otp_prompt' , 'TYPE' => 'BOOLEAN' , 'DEFAULT' => '');
- $option['ignore_dot']= array('NAME' =>'ignore_dot' , 'TYPE' => 'BOOLEAN' , 'DEFAULT' => '');
- $option['mail_always']= array('NAME' =>'mail_always' , 'TYPE' => 'BOOLEAN' , 'DEFAULT' => '');
- $option['mail_badpass']= array('NAME' =>'mail_badpass' , 'TYPE' => 'BOOLEAN' , 'DEFAULT' => '');
- $option['mail_no_user']= array('NAME' =>'mail_no_user' , 'TYPE' => 'BOOLEAN' , 'DEFAULT' => '');
- $option['mail_no_host']= array('NAME' =>'mail_no_host' , 'TYPE' => 'BOOLEAN' , 'DEFAULT' => '');
- $option['mail_no_perms']= array('NAME' =>'mail_no_perms' , 'TYPE' => 'BOOLEAN' , 'DEFAULT' => '');
- $option['tty_tickets']= array('NAME' =>'tty_tickets' , 'TYPE' => 'BOOLEAN' , 'DEFAULT' => '');
- $option['authenticate']= array('NAME' =>'authenticate' , 'TYPE' => 'BOOLEAN' , 'DEFAULT' => '');
- $option['root_sudo']= array('NAME' =>'root_sudo' , 'TYPE' => 'BOOLEAN' , 'DEFAULT' => '');
- $option['log_host']= array('NAME' =>'log_host' , 'TYPE' => 'BOOLEAN' , 'DEFAULT' => '');
- $option['log_year']= array('NAME' =>'log_year' , 'TYPE' => 'BOOLEAN' , 'DEFAULT' => '');
- $option['shell_noargs']= array('NAME' =>'shell_noargs' , 'TYPE' => 'BOOLEAN' , 'DEFAULT' => '');
- $option['set_home']= array('NAME' =>'set_home' , 'TYPE' => 'BOOLEAN' , 'DEFAULT' => '');
- $option['always_set_home']= array('NAME' =>'always_set_home' , 'TYPE' => 'BOOLEAN' , 'DEFAULT' => '');
- $option['path_info']= array('NAME' =>'path_info' , 'TYPE' => 'BOOLEAN' , 'DEFAULT' => '');
- $option['preserve_groups']= array('NAME' =>'preserve_groups' , 'TYPE' => 'BOOLEAN' , 'DEFAULT' => '');
- $option['fqdn']= array('NAME' =>'fqdn' , 'TYPE' => 'BOOLEAN' , 'DEFAULT' => '');
- $option['insults']= array('NAME' =>'insults' , 'TYPE' => 'BOOLEAN' , 'DEFAULT' => '');
- $option['requiretty']= array('NAME' =>'requiretty' , 'TYPE' => 'BOOLEAN' , 'DEFAULT' => '');
- $option['env_editor']= array('NAME' =>'env_editor' , 'TYPE' => 'BOOLEAN' , 'DEFAULT' => '');
- $option['rootpw']= array('NAME' =>'rootpw' , 'TYPE' => 'BOOLEAN' , 'DEFAULT' => '');
- $option['runaspw']= array('NAME' =>'runaspw' , 'TYPE' => 'BOOLEAN' , 'DEFAULT' => '');
- $option['targetpw']= array('NAME' =>'targetpw' , 'TYPE' => 'BOOLEAN' , 'DEFAULT' => '');
- $option['set_logname']= array('NAME' =>'set_logname' , 'TYPE' => 'BOOLEAN' , 'DEFAULT' => '');
- $option['stay_setuid']= array('NAME' =>'stay_setuid' , 'TYPE' => 'BOOLEAN' , 'DEFAULT' => '');
- $option['env_reset']= array('NAME' =>'env_reset' , 'TYPE' => 'BOOLEAN' , 'DEFAULT' => '');
- $option['use_loginclass']= array('NAME' =>'use_loginclass' , 'TYPE' => 'BOOLEAN' , 'DEFAULT' => '');
- $option['noexec']= array('NAME' =>'noexec' , 'TYPE' => 'BOOLEAN' , 'DEFAULT' => '');
- $option['ignore_local_sudoers']= array('NAME' =>'ignore_local_sudoers' , 'TYPE' => 'BOOLEAN' , 'DEFAULT' => '');
- $option['passwd_tries']= array('NAME' =>'passwd_tries' , 'TYPE' => 'INTEGER' , 'DEFAULT' => '');
- $option['loglinelen']= array('NAME' =>'loglinelen' , 'TYPE' => 'BOOL_INTEGER' , 'DEFAULT' => '');
- $option['timestamp_timeout']= array('NAME' =>'timestamp_timeout' , 'TYPE' => 'BOOL_INTEGER' , 'DEFAULT' => '');
- $option['passwd_timeout']= array('NAME' =>'passwd_timeout' , 'TYPE' => 'BOOL_INTEGER' , 'DEFAULT' => '');
- $option['umask']= array('NAME' =>'umask' , 'TYPE' => 'BOOL_INTEGER' , 'DEFAULT' => '');
- $option['mailsub']= array('NAME' =>'mailsub' , 'TYPE' => 'STRING' , 'DEFAULT' => '');
- $option['badpass_message']= array('NAME' =>'badpass_message' , 'TYPE' => 'STRING' , 'DEFAULT' => '');
- $option['timestampdir']= array('NAME' =>'timestampdir' , 'TYPE' => 'STRING' , 'DEFAULT' => '');
- $option['timestampowner']= array('NAME' =>'timestampowner' , 'TYPE' => 'STRING' , 'DEFAULT' => '');
- $option['passprompt']= array('NAME' =>'passprompt' , 'TYPE' => 'STRING' , 'DEFAULT' => '');
- $option['runas_default']= array('NAME' =>'runas_default' , 'TYPE' => 'STRING' , 'DEFAULT' => '');
- $option['syslog_goodpri']= array('NAME' =>'syslog_goodpri' , 'TYPE' => 'STRING' , 'DEFAULT' => '');
- $option['syslog_badpri']= array('NAME' =>'syslog_badpri' , 'TYPE' => 'STRING' , 'DEFAULT' => '');
- $option['editor']= array('NAME' =>'editor' , 'TYPE' => 'STRING' , 'DEFAULT' => '');
- $option['noexec_file']= array('NAME' =>'noexec_file' , 'TYPE' => 'STRING' , 'DEFAULT' => '');
- $option['lecture']= array('NAME' =>'lecture' , 'TYPE' => 'STRING_BOOL' , 'DEFAULT' => '');
+ $option['long_otp_prompt']= array('NAME' =>'long_otp_prompt' , 'TYPE' => 'BOOLEAN' , 'DEFAULT' => 'FALSE');
+ $option['ignore_dot']= array('NAME' =>'ignore_dot' , 'TYPE' => 'BOOLEAN' , 'DEFAULT' => 'TRUE');
+ $option['mail_always']= array('NAME' =>'mail_always' , 'TYPE' => 'BOOLEAN' , 'DEFAULT' => 'FALSE');
+ $option['mail_badpass']= array('NAME' =>'mail_badpass' , 'TYPE' => 'BOOLEAN' , 'DEFAULT' => 'FALSE');
+ $option['mail_no_user']= array('NAME' =>'mail_no_user' , 'TYPE' => 'BOOLEAN' , 'DEFAULT' => 'TRUE');
+ $option['mail_no_host']= array('NAME' =>'mail_no_host' , 'TYPE' => 'BOOLEAN' , 'DEFAULT' => 'FALSE');
+ $option['mail_no_perms']= array('NAME' =>'mail_no_perms' , 'TYPE' => 'BOOLEAN' , 'DEFAULT' => 'FALSE');
+ $option['tty_tickets']= array('NAME' =>'tty_tickets' , 'TYPE' => 'BOOLEAN' , 'DEFAULT' => 'TRUE');
+ $option['authenticate']= array('NAME' =>'authenticate' , 'TYPE' => 'BOOLEAN' , 'DEFAULT' => 'TRUE');
+ $option['root_sudo']= array('NAME' =>'root_sudo' , 'TYPE' => 'BOOLEAN' , 'DEFAULT' => 'TRUE');
+ $option['log_host']= array('NAME' =>'log_host' , 'TYPE' => 'BOOLEAN' , 'DEFAULT' => 'FALSE');
+ $option['log_year']= array('NAME' =>'log_year' , 'TYPE' => 'BOOLEAN' , 'DEFAULT' => 'FALSE');
+ $option['shell_noargs']= array('NAME' =>'shell_noargs' , 'TYPE' => 'BOOLEAN' , 'DEFAULT' => 'FALSE');
+ $option['set_home']= array('NAME' =>'set_home' , 'TYPE' => 'BOOLEAN' , 'DEFAULT' => 'FALSE');
+ $option['always_set_home']= array('NAME' =>'always_set_home' , 'TYPE' => 'BOOLEAN' , 'DEFAULT' => 'FALSE');
+ $option['path_info']= array('NAME' =>'path_info' , 'TYPE' => 'BOOLEAN' , 'DEFAULT' => 'FALSE');
+ $option['preserve_groups']= array('NAME' =>'preserve_groups' , 'TYPE' => 'BOOLEAN' , 'DEFAULT' => 'FALSE');
+ $option['fqdn']= array('NAME' =>'fqdn' , 'TYPE' => 'BOOLEAN' , 'DEFAULT' => 'FALSE');
+ $option['insults']= array('NAME' =>'insults' , 'TYPE' => 'BOOLEAN' , 'DEFAULT' => 'FALSE');
+ $option['requiretty']= array('NAME' =>'requiretty' , 'TYPE' => 'BOOLEAN' , 'DEFAULT' => 'FALSE');
+ $option['env_editor']= array('NAME' =>'env_editor' , 'TYPE' => 'BOOLEAN' , 'DEFAULT' => 'TRUE');
+ $option['rootpw']= array('NAME' =>'rootpw' , 'TYPE' => 'BOOLEAN' , 'DEFAULT' => 'FALSE');
+ $option['runaspw']= array('NAME' =>'runaspw' , 'TYPE' => 'BOOLEAN' , 'DEFAULT' => 'FALSE');
+ $option['targetpw']= array('NAME' =>'targetpw' , 'TYPE' => 'BOOLEAN' , 'DEFAULT' => 'FALSE');
+ $option['set_logname']= array('NAME' =>'set_logname' , 'TYPE' => 'BOOLEAN' , 'DEFAULT' => 'TRUE');
+ $option['stay_setuid']= array('NAME' =>'stay_setuid' , 'TYPE' => 'BOOLEAN' , 'DEFAULT' => 'TRUE');
+ $option['env_reset']= array('NAME' =>'env_reset' , 'TYPE' => 'BOOLEAN' , 'DEFAULT' => 'TRUE');
+ $option['use_loginclass']= array('NAME' =>'use_loginclass' , 'TYPE' => 'BOOLEAN' , 'DEFAULT' => 'FALSE');
+ $option['noexec']= array('NAME' =>'noexec' , 'TYPE' => 'BOOLEAN' , 'DEFAULT' => 'FALSE');
+ $option['ignore_local_sudoers']= array('NAME' =>'ignore_local_sudoers' , 'TYPE' => 'BOOLEAN' , 'DEFAULT' => 'FALSE');
+ $option['passwd_tries']= array('NAME' =>'passwd_tries' , 'TYPE' => 'INTEGER' , 'DEFAULT' => 3);
+ $option['loglinelen']= array('NAME' =>'loglinelen' , 'TYPE' => 'BOOL_INTEGER' , 'DEFAULT' => 80);
+ $option['timestamp_timeout']= array('NAME' =>'timestamp_timeout' , 'TYPE' => 'BOOL_INTEGER' , 'DEFAULT' => 0);
+ $option['passwd_timeout']= array('NAME' =>'passwd_timeout' , 'TYPE' => 'BOOL_INTEGER' , 'DEFAULT' => 15);
+ $option['umask']= array('NAME' =>'umask' , 'TYPE' => 'BOOL_INTEGER' , 'DEFAULT' => "0022");
+ $option['mailsub']= array('NAME' =>'mailsub' , 'TYPE' => 'STRING' , 'DEFAULT' => '*** SECURITY information for %h ***');
+ $option['badpass_message']= array('NAME' =>'badpass_message' , 'TYPE' => 'STRING' , 'DEFAULT' => 'Sorry, try again');
+ $option['timestampdir']= array('NAME' =>'timestampdir' , 'TYPE' => 'STRING' , 'DEFAULT' => '/var/run/sudo');
+ $option['timestampowner']= array('NAME' =>'timestampowner' , 'TYPE' => 'STRING' , 'DEFAULT' => 'root');
+ $option['passprompt']= array('NAME' =>'passprompt' , 'TYPE' => 'STRING' , 'DEFAULT' => '[sudo] password for %p: ');
+ $option['runas_default']= array('NAME' =>'runas_default' , 'TYPE' => 'STRING' , 'DEFAULT' => 'root');
+ $option['syslog_goodpri']= array('NAME' =>'syslog_goodpri' , 'TYPE' => 'STRING' , 'DEFAULT' => 'notice');
+ $option['syslog_badpri']= array('NAME' =>'syslog_badpri' , 'TYPE' => 'STRING' , 'DEFAULT' => 'alert');
+ $option['editor']= array('NAME' =>'editor' , 'TYPE' => 'STRING' , 'DEFAULT' => '/usr/bin/vi');
+ $option['noexec_file']= array('NAME' =>'noexec_file' , 'TYPE' => 'STRING' , 'DEFAULT' => '/usr/lib/sudo/sudo_noexec.so');
+ $option['lecture']= array('NAME' =>'lecture' , 'TYPE' => 'STRING_BOOL' , 'DEFAULT' => 'once');
$option['lecture_file']= array('NAME' =>'lecture_file' , 'TYPE' => 'STRING_BOOL' , 'DEFAULT' => '');
- $option['logfile']= array('NAME' =>'logfile' , 'TYPE' => 'STRING_BOOL' , 'DEFAULT' => '');
- $option['syslog']= array('NAME' =>'syslog' , 'TYPE' => 'STRING_BOOL' , 'DEFAULT' => '');
+ $option['logfile']= array('NAME' =>'logfile' , 'TYPE' => 'STRING_BOOL' , 'DEFAULT' => 'syslog');
+ $option['syslog']= array('NAME' =>'syslog' , 'TYPE' => 'STRING_BOOL' , 'DEFAULT' => 'authpriv');
$option['mailerpath']= array('NAME' =>'mailerpath' , 'TYPE' => 'STRING_BOOL' , 'DEFAULT' => '');
- $option['mailerflags']= array('NAME' =>'mailerflags' , 'TYPE' => 'STRING_BOOL' , 'DEFAULT' => '');
- $option['mailto']= array('NAME' =>'mailto' , 'TYPE' => 'STRING_BOOL' , 'DEFAULT' => '');
- $option['exempt_group']= array('NAME' =>'exempt_group' , 'TYPE' => 'STRING_BOOL' , 'DEFAULT' => '');
- $option['verifypw']= array('NAME' =>'verifypw' , 'TYPE' => 'STRING_BOOL' , 'DEFAULT' => '');
- $option['listpw']= array('NAME' =>'listpw' , 'TYPE' => 'STRING_BOOL' , 'DEFAULT' => '');
+ $option['mailerflags']= array('NAME' =>'mailerflags' , 'TYPE' => 'STRING_BOOL' , 'DEFAULT' => '-t');
+ $option['mailto']= array('NAME' =>'mailto' , 'TYPE' => 'STRING_BOOL' , 'DEFAULT' => 'root');
+ $option['exempt_group']= array('NAME' =>'exempt_group' , 'TYPE' => 'STRING_BOOL' , 'DEFAULT' => 'root');
+ $option['verifypw']= array('NAME' =>'verifypw' , 'TYPE' => 'STRING_BOOL' , 'DEFAULT' => 'all');
+ $option['listpw']= array('NAME' =>'listpw' , 'TYPE' => 'STRING_BOOL' , 'DEFAULT' => 'any');
$option['env_check']= array('NAME' =>'env_check' , 'TYPE' => 'LISTS' , 'DEFAULT' => '');
$option['env_delete']= array('NAME' =>'env_delete' , 'TYPE' => 'LISTS' , 'DEFAULT' => '');
$option['env_keep']= array('NAME' =>'env_keep' , 'TYPE' => 'LISTS' , 'DEFAULT' => '');
ksort($option);
$this->options = $option;
+ $this->load_options();
+ }
+
+
+ private function load_options()
+ {
+
/****
Parse given sudoOption attributes
****/
$opt = preg_replace("/=.*$/","",$opt);
}
+ /* Special chars are escaped, remove escape char now.
+ \\ => \
+ \: => :
+ \, => ,
+ \= => =
+ */
+ $value = $this->unescape_command($value);
+
/* Check if the given value is part of our options list.
If it is not, add it as type STRING and display a warning.
*/
}
+
/*! \brief Create HTML output for this plugin
@return String HTML output for this plugin.
*/
$smarty->assign("map", array("STRING" => _("string"), "BOOLEAN" => _("bool"),
"INTEGER" => _("integer") , "BOOL_INTEGER" => _("integer")."-"._("bool") ,
"STRING_BOOL" => _("string")."-"._("bool"),"LISTS" => _("list")));
- $smarty->assign("sudoOption",$this->sudoOption);
+ $smarty->assign("sudoOption",$this->prepare_for_html($this->sudoOption));
$smarty->assign("options",$this->options);
return($smarty->fetch(get_template_path('options.tpl', TRUE)));
}
+ /*! \brief Prepare options array to be used in HTML.
+ @param Array The options array ($this->sudoOption)
+ @return Array HTML ready sudoOption. Can now be used in smarty templates
+ */
+ function prepare_for_html($a_options)
+ {
+ foreach($a_options as $name => $options){
+ foreach($options as $key => $option){
+ $a_options[$name][$key]['VALUE'] = htmlentities($option['VALUE']);
+ }
+ }
+ return($a_options);
+ }
+
+
/*! \brief Removes this plugin
*/
function remove_from_parent()
$value = $opt['VALUE'];
$option = "";
+ /* Escape special chars */
+ $value = $this->escape_command($value);
+
/****
Save LISTS
****/
$ldap->modify($this->attrs);;
}
-
+
/*! \brief Checks input validity
*/
function check()
{
$message = plugin::check();
+
+ foreach($this->sudoOption as $name => $options){
+ foreach($options as $id => $option){
+ switch($this->options[$name]['TYPE']){
+
+ /* Check for a valid integer value */
+ case 'INTEGER' :
+ {
+ if(!preg_match("/^[0-9]*$/",$option['VALUE'])){
+ $message[] = msgPool::invalid($name,$option['VALUE'],"/[0-9]/");
+ }
+ } break;
+ }
+ }
+ }
return ($message);
}
+
+
+ /*! \brief This function will be called if an object gets copied.
+ This function adapts attributes from the source object.
+ @param Array The source object.
+ */
+ function PrepareForCopyPaste($source)
+ {
+ plugin::PrepareForCopyPaste($source);
+ if(isset($source['sudoOption'])){
+ $this->attrs['sudoOption'] = $source['sudoOption'];
+ $this->load_options();
+ }
+ }
+
+
+ /*! \brief Escape special chars in function parameters.
+ @param String the string to that must be escaped.
+ */
+ private function escape_command($str)
+ {
+ /* Check if given value is a command (/[a-z]/ ..)
+ */
+ if(preg_match("/^\//",$str)){
+ $cmd = preg_replace("/^([^ ]*).*$/","\\1",$str);
+ $val = preg_replace("/^[^ ]*(.*)$/","\\1",$str);
+ $str = $cmd.addcslashes($val,":.,\\");
+ }
+ return($str);
+ }
+
+
+ /*! \brief Unescape special chars in function parameters.
+ @param String the string to that must be unescaped.
+ */
+ private function unescape_command($str)
+ {
+ /* Check if given value is a command (/[a-z]/ ..)
+ */
+ if(preg_match("/^\//",$str)){
+ $cmd = preg_replace("/^([^ ]*).*$/","\\1",$str);
+ $val = preg_replace("/^[^ ]*(.*)$/","\\1",$str);
+ $val = preg_replace(array("/\\\\\\\\/","/\\\\,/","/\\\\:/","/\\\\=/"),
+ array("\\",",",":","="),$val);
+ $str = $cmd.$val;
+ }
+ return($str);
+ }
}
// vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
?>