Code

Added sudo classes.
authorhickert <hickert@594d385d-05f5-0310-b6e9-bd551577e9d8>
Wed, 2 Apr 2008 09:05:07 +0000 (09:05 +0000)
committerhickert <hickert@594d385d-05f5-0310-b6e9-bd551577e9d8>
Wed, 2 Apr 2008 09:05:07 +0000 (09:05 +0000)
-Currently not working !

git-svn-id: https://oss.gonicus.de/repositories/gosa/trunk@10105 594d385d-05f5-0310-b6e9-bd551577e9d8

gosa-core/plugins/admin/sudo/class_divListSudo.inc [new file with mode: 0644]
gosa-core/plugins/admin/sudo/class_sudoGeneric.inc [new file with mode: 0644]
gosa-core/plugins/admin/sudo/class_sudoManagement.inc [new file with mode: 0644]
gosa-core/plugins/admin/sudo/generic.tpl [new file with mode: 0644]
gosa-core/plugins/admin/sudo/main.inc [new file with mode: 0644]
gosa-core/plugins/admin/sudo/remove.tpl [new file with mode: 0644]
gosa-core/plugins/admin/sudo/tabs_sudo.inc [new file with mode: 0644]

diff --git a/gosa-core/plugins/admin/sudo/class_divListSudo.inc b/gosa-core/plugins/admin/sudo/class_divListSudo.inc
new file mode 100644 (file)
index 0000000..a52c22f
--- /dev/null
@@ -0,0 +1,218 @@
+<?php
+/*
+ * This code is part of GOsa (http://www.gosa-project.org)
+ * Copyright (C) 2003-2008 GONICUS GmbH
+ *
+ * ID: $$Id: class_divListSudSudo.inc 9934 2008-03-18 20:26:47Z cajus $$
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+class divListSudo extends MultiSelectWindow
+{
+
+  /* Current base */
+  var $selectedBase       = "";
+  var $departments        = array();
+
+  /* Regex */
+  var $Regex              = "*";
+  var $UserRegex          = "*";
+
+  /* Subsearch checkbox */
+  var $SubSearch          = FALSE;
+
+  var $parent             ;
+  var $ui                 ;
+
+  function divListSudo (&$config, &$parent)
+  {
+    MultiSelectWindow::MultiSelectWindow($config, "sudo", "sudo");
+    
+    $this->parent       = &$parent;
+    $this->ui           = get_userinfo();
+
+    /* Set list strings */
+    $this->SetTitle(_("List of sudo roles"));
+    $this->SetSummary(_("List of sudo roles"));
+    $this->EnableAplhabet(true);
+
+    /* Result page will look like a headpage */
+    $this->SetHeadpageMode();
+  
+    /* Disable buttonsm */
+    $this->EnableCloseButton(false);
+    $this->EnableSaveButton (false);
+
+    /* Dynamic action col, depending on snapshot icons */
+    $action_col_size = 80;
+    if($this->parent->snapshotEnabled()){
+      $action_col_size += 38;
+    }
+
+    /* Toggle all selected / deselected */
+    $chk = "<input type='checkbox' id='select_all' name='select_all'
+               onClick='toggle_all_(\"^item_selected_[0-9]*$\",\"select_all\");' >";
+
+    /* set Page header */
+    $this->AddHeader(array("string"=> $chk,          "attach"=>"style='width:20px;'"));
+    $this->AddHeader(array("string"=>"&nbsp;","attach"=>"style='width:20px;'"));
+    $this->AddHeader(array("string"=>_("Name")."&nbsp;/&nbsp;"._("Department")));
+    $this->AddHeader(array("string"=>_("Properties"),"attach"=>"style='width:136px;'"));
+    $this->AddHeader(array("string"=>_("Actions"),"attach"=>"style='width:".$action_col_size."px;border-right:0px;'"));
+
+    /* Add SubSearch checkbox */    
+    $this->AddCheckBox("SubSearch",  msgPool::selectToView("","subsearch"),msgPool::selectToView("","subsearch_small"), false);
+    $this->AddRegex   ("Regex"    , _("Regular expression for matching role names")       , 
+      "*" , true);
+    $this->AddRegex   ("UserRegex", _("Regular expression for matching role member names"),
+       "*" , FALSE,"images/search_user.png");
+  }
+
+
+  function GenHeader()
+  {
+    /* Prepare departments,
+       which are shown in the listbox on top of the listbox
+     */
+    $base  = $this->parent->base;
+   
+    $acl   = $this->ui->get_category_permissions($base,"sudo"); 
+    /* Add default header */
+    $listhead = MultiSelectWindow::get_default_header();
+    
+    /* Create Layers menu */
+    $s  = ".|"._("Actions")."|\n";
+    $s .= "..|<img src='images/list_new.png' alt='' border='0' class='center'>".
+      "&nbsp;"._("Create")."|\n";
+
+
+    /* Append create options */
+    if(preg_match("/c/",$acl)) {
+      $s.= "...|<input class='center' type='image' src='images/list_new_sudo.png' alt=''>&nbsp;"._("Role")."|new_role|\n";
+    }
+
+#   /* Add multiple copy & cut icons */
+#   if(is_object($this->parent->CopyPasteHandler) && preg_match("/(c.*w|w.*c)/",$acl_all)){
+#     $s.= "..|---|\n";
+#     $s.= "..|<img src='images/editcopy.png' alt='' border='0' class='center'>".
+#       "&nbsp;"._("Copy")."|"."multiple_copy_systems|\n";
+#     $s.= "..|<img src='images/editcut.png' alt='' border='0' class='center'>".
+#       "&nbsp;"._("Cut")."|"."multiple_cut_systems|\n";
+#
+#     if($this->parent->CopyPasteHandler->entries_queued()){
+#       $img = "<img border='0' class='center' src='images/editpaste.png' alt=''>";
+#       $s.="..|".$img."&nbsp;"._("Paste")."|editPaste|\n";
+#     }else{
+#       $img = "<img border='0' class='center' src='images/cant_editpaste.png' alt=''>";
+#       $s.="..|".$img."&nbsp;"._("Paste")."\n";
+#     }
+#   }
+#
+#   /* Add snapshot icons */
+#   if(preg_match("/(c.*w|w.*c)/",$acl_all)){
+#     $s .= "..|---|\n";
+#     $s .= $this->get_snapshot_header(TRUE);
+#   }
+
+    $this->SetDropDownHeaderMenu($s);
+
+    $this->SetListHeader($listhead);
+  }
+
+  function execute()
+  {
+    $this->ClearElementsList();
+    $this->GenHeader();
+  }
+
+  function setEntries($list)
+  {
+    /* Prepare links */
+    $editlink = "<a href='?plug=".$_GET['plug']."&amp;id=%s&amp;act=edit_entry'>%s</a>";
+    $userimg  = "<img class='center' src='images/select_sudo.png' alt='Sudo' title='%s'>";
+    $ui       = get_userinfo();
+
+    $action_col_size = 80;
+
+    // Test Every Entry and generate divlist Array
+    foreach($list as $key => $val){
+    
+      /* Create action icons - copy & paste icons */
+      $acl    = $ui->get_permissions($val['dn'],"sudo/sudo");
+
+      /* Add edit icon */
+      $actions = "";
+      $actions.= "<input class='center' type='image'
+        src='images/edit.png' alt='"._("edit")."' name='sudo_edit_%KEY%' title='"._("Edit this entry")."'>";
+
+      if(preg_match("/d/",$acl)){
+        $actions.= "<input class='center' type='image'
+          src='images/edittrash.png' alt='"._("delete")."' name='sudo_del_%KEY%' title='"._("Delete this entry")."'>";
+      }
+
+      $title = "title='".preg_replace('/ /', '&nbsp;', @LDAP::fix($val['dn']))."'";
+
+      if(!isset($val['description'][0])){
+        $desc = "";
+      }else{
+        $desc = " - [ ".$val['description'][0]." ]";
+      }
+
+      $display = $val['cn'][0].$desc;
+
+      $field0 = array("string" => "<input type='checkbox' id='item_selected_".$key."' name='item_selected_".$key."'>" ,
+          "attach" => "style='width:20px;'");
+      $field1 = array("string" => sprintf($userimg,$val['dn']), "attach" => "style='text-align:center;width:20px;'");
+      $field2 = array("string" => sprintf($editlink,$key,$display), "attach" => "style='' ".$title);
+      $field3 = array("string" => preg_replace("/%KEY%/", $key, $posix."&nbsp;".$enviro."&nbsp;".$mail."&nbsp;".$samba."&nbsp;".$appl."&nbsp;".$phone),     "attach" => "style='width:136px;'");
+      $field4 = array("string" => preg_replace("/%KEY%/", $key, $actions), "attach" => "style='width:".$action_col_size."px;border-right:0px;text-align:right;'");
+
+      $this->AddElement(array($field0,$field1,$field2,$field3,$field4));
+    }
+
+    /* Create summary string for list footer */
+    $num_deps=0;
+    if(!$this->SubSearch){
+      $num_deps = count($this->Added_Departments);
+    }
+    $num_grps = count($groups);
+
+    $num_grp_str = _("Number of listed groups");
+    $num_dep_str = _("Number of listed departments");
+
+    $str = "<img class='center' src='images/select_groups.png'
+              title='".$num_grp_str."' alt='".$num_grp_str."'>&nbsp;".$num_grps."&nbsp;&nbsp;&nbsp;&nbsp;";
+    $str.= "<img class='center' src='images/folder.png'
+              title='".$num_dep_str."' alt='".$num_dep_str."'>&nbsp;".$num_deps."&nbsp;&nbsp;&nbsp;&nbsp;";
+
+    $this->set_List_Bottom_Info($str);
+
+  }
+
+  function Save()
+  {
+    MultiSelectWindow :: Save();  
+  }
+
+  function save_object()
+  {
+    /* Save automatic created POSTs like regex, checkboxes */
+    MultiSelectWindow::save_object();   
+  }
+}
+// vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
+?>
diff --git a/gosa-core/plugins/admin/sudo/class_sudoGeneric.inc b/gosa-core/plugins/admin/sudo/class_sudoGeneric.inc
new file mode 100644 (file)
index 0000000..1e52d96
--- /dev/null
@@ -0,0 +1,107 @@
+<?php
+/*
+ * This code is part of GOsa (http://www.gosa-project.org)
+ * Copyright (C) 2003-2008 GONICUS GmbH
+ *
+ * ID: $$Id: class_sudo.inc 9975 2008-03-25 14:09:30Z hickert $$
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+class sudo extends plugin
+{
+  /* Group attributes */
+  var $cn= "";
+  var $description= "";
+
+  var $CopyPasteVars  = array("force_gid","fon_group","smbgroup","groupType","sambaSID","sambaDomainName","SID","nagios_group","sambaGroupType");
+
+  var $multiple_support = TRUE;
+
+
+  function sudo(&$config, $dn= NULL)
+  {
+    plugin::plugin ($config, $dn);
+  }
+
+  function execute()
+  {
+    /* Call parent execute */
+    plugin::execute();
+    $smarty = get_smarty();
+    return($smarty->fetch(get_template_path('generic.tpl', TRUE)));
+  }
+
+  function remove_from_parent()
+  {
+    plugin::remove_from_parent();
+
+    /* Send signal to the world that we've done */
+    $this->handle_post_events("remove");
+  }
+
+  /* Save data to object */
+  function save_object()
+  {
+    plugin::save_object();
+  }
+
+  /* Save to LDAP */
+  function save()
+  {
+    plugin::save(); 
+  }
+
+  function check()
+  {
+    $message = plugin::check();
+    return ($message);
+  }
+
+  function getCopyDialog()
+  {
+    echo "NIY";
+  }
+
+  function saveCopyDialog()
+  {
+    echo "NIY";
+  }
+  
+  /* Return plugin informations for acl handling  */ 
+  static function plInfo()
+  {
+    return (array(  
+          "plShortName" => _("Sudo"),
+          "plDescription" => _("Sudo role"),
+          "plSelfModify"  => FALSE,
+          "plDepends"     => array(),
+          "plPriority"    => 0,
+          "plSection"     => array("admin"),
+          "plCategory"    => array("sudo" => array("objectClass" => "sudoRole", "description" => _("Sudo role"))),
+
+          "plProvidedAcls"    => array(
+            "cn"                => _("Name"),
+            "description"       => _("Description"),
+            "sudoUser"          => _("Users"),
+            "sudoHost"          => _("Host"),
+            "sudoCommand"       => _("Command"),
+            "sudoRunas"         => _("Run as user"),
+            "sudoOption"        => _("Flags"))
+        ));
+  }
+}
+// vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
+?>
diff --git a/gosa-core/plugins/admin/sudo/class_sudoManagement.inc b/gosa-core/plugins/admin/sudo/class_sudoManagement.inc
new file mode 100644 (file)
index 0000000..ece30b2
--- /dev/null
@@ -0,0 +1,469 @@
+<?php
+/*
+ * This code is part of GOsa (http://www.gosa-project.org)
+ * Copyright (C) 2003-2008 GONICUS GmbH
+ *
+ * ID: $$Id: class_sudoManagement.inc 10099 2008-04-01 12:52:01Z hickert $$
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+class sudoManagement extends plugin
+{
+  /* Definitions */
+  var $plHeadline     = "Sudo";
+  var $plDescription  = "Manage sudo roles";
+
+  var $DivListSudo    = NULL;
+  var $base           = "";
+
+  function sudoManagement (&$config, &$ui)
+  {
+    /* Save configuration for internal use */
+    $this->config = &$config;
+    $this->ui     = &$ui;
+    $this->base = get_ou("sudoou");
+
+    echo "base checks, maybe it is not set, or it do not exists";;
+
+    /* Copy & Paste enabled ?*/
+    if((isset($this->config->data['MAIN']['ENABLECOPYPASTE']))&&
+      (preg_match("/true/i",$this->config->data['MAIN']['ENABLECOPYPASTE']))){
+      $this->CopyPasteHandler = new CopyPasteHandler($this->config);
+    }
+    
+    /* Create dialog object */
+    $this->DivListSudo = new divListSudo($this->config,$this);
+  }
+
+
+  function execute()
+  {
+       /* Call parent execute */
+       plugin::execute();
+
+    /* Store these posts if the current object is locked (used by somebody else)*/
+    session::set('LOCK_VARS_TO_USE',array("/^act$/","/^id$/","/^group_edit_/","/^group_del_/","/^item_selected/","/^remove_multiple_sudos/","/^multiple_edit/","/menu_action/"));
+
+    /* Save data */
+    $s_action   = "";
+    $s_entry    = "";
+
+    $s_entry  = preg_replace("/_.$/","",$s_entry); 
+
+    /* handle C&P from layers menu */
+    if(isset($_POST['menu_action']) && preg_match("/^multiple_copy_systems/",$_POST['menu_action'])){
+      $s_action = "copy_multiple";
+    }
+
+    $smarty= get_smarty();
+
+    /********************
+      Create notification event
+     ********************/
+
+    /********************
+      Create a new group  ...
+     ********************/
+
+    /* New group? */
+    if ($s_action=="new"){
+
+      /* Check create permissions */
+      $acl = $this->ui->get_permissions($this->DivListSudo->selectedBase,"sudos/group");
+      if(preg_match("/c/",$acl)){
+
+        /* By default we set 'dn' to 'new', all relevant plugins will
+           react on this. */
+        $this->dn= "new";
+
+        /* Create new grouptab object */
+        $this->grouptab= new grouptabs($this->config, $this->config->data['TABS']['GROUPTABS'], $this->dn);
+
+        /* Set up the group ACL's for this 'dn' */
+        $this->grouptab->set_acl_base($this->DivListSudo->selectedBase);
+      }
+    }
+
+
+    /********************
+      Save Group Tab/Object Changes
+     ********************/
+
+    /* Finish group edit is triggered by the tabulator dialog, so
+       the user wants to save edited data. Check and save at this
+       point. */
+    if ((isset($_POST['edit_finish']) || isset($_POST['edit_apply'])) && (isset($this->grouptab->config)) ){
+
+      /* Check tabs, will feed message array 
+         Save, or display error message? */
+      $message= $this->grouptab->check();
+      if (count($message) == 0){
+
+        /* Save user data to ldap */
+        $this->grouptab->save();
+
+        if (!isset($_POST['edit_apply'])){
+          /* Group has been saved successfully, remove lock from LDAP. */
+          if ($this->dn != "new"){
+            del_lock ($this->dn);
+          }
+
+          /* There's no page reload so we have to read new sudos at this point. */
+          //$this->reload ();
+          unset ($this->grouptab);
+          $this->grouptab= NULL;
+          session::un_set('objectinfo');
+        }
+      } else {
+        /* Ok. There seem to be errors regarding to the tab data,
+           show message and continue as usual. */
+        msg_dialog::displayChecks($message);
+      }
+    }
+
+
+    /********************
+      Edit multiple entries
+     ********************/
+
+    /* User wants to edit data? */
+    if ($s_action == "multiple_edit" && !isset($this->grouptab->config)){
+
+      $this->dn = array();
+      foreach($this->list_get_selected_items() as $id){
+        $this->dn[] = $this->list[$id]['dn'];;
+      }
+      $tmp = new multi_plug($this->config,"grouptabs",$this->config->data['TABS']['GROUPTABS'],
+            $this->dn,$this->DivListSudo->selectedBase,"groups");
+      if ($tmp->entries_locked()){
+        return($tmp->display_lock_message());
+      }
+      $tmp->lock_entries($this->ui->dn);
+      if($tmp->multiple_available()){
+        $this->grouptab = $tmp;
+        session::set('objectinfo',$this->grouptab->get_object_info());
+      }
+    }
+
+
+    /********************
+      Edit existing group 
+     ********************/
+
+    /* User wants to edit data? */
+    if (($s_action=="edit") && (!isset($this->grouptab-> config))){
+
+      /* Get 'dn' from posted 'uid', must be unique */
+      $this->dn= $this->list[trim($s_entry)]['dn'];
+
+      /* Check locking & lock entry if required */
+      $user = get_lock($this->dn);
+      if ($user != ""){
+        return(gen_locked_message ($user, $this->dn));
+      }
+      add_lock ($this->dn, $this->ui->dn);
+
+      /* Register grouptab to trigger edit dialog */
+      $this->grouptab= new grouptabs($this->config,$this->config->data['TABS']['GROUPTABS'], $this->dn);
+      $this->grouptab->set_acl_base($this->dn);
+      session::set('objectinfo',$this->dn);
+    }
+
+
+    /********************
+      Delete MULTIPLE entries requested, display confirm dialog
+     ********************/
+
+    if ($s_action=="del_multiple"){
+      $ids = $this->list_get_selected_items();
+
+      if(count($ids)){
+
+        foreach($ids as $id){
+          $dn = $this->list[$id]['dn'];
+          if (($user= get_lock($dn)) != ""){
+            return(gen_locked_message ($user, $dn));
+          }
+          $this->dns[$id] = $dn;
+        }
+
+        $dns_names = array();
+        foreach($this->dns as $dn){
+          add_lock ($dn, $this->ui->dn);
+          $dns_names[] =@LDAP::fix($dn);
+        }
+
+        /* Lock the current entry, so nobody will edit it during deletion */
+        $smarty->assign("info", msgPool::deleteInfo($dns_names,_("group")));
+        $smarty->assign("multiple", true);
+        return($smarty->fetch(get_template_path('remove.tpl', TRUE)));
+      }
+    }
+
+
+    /********************
+      Delete MULTIPLE entries confirmed
+     ********************/
+
+      /* Confirmation for deletion has been passed. Groups should be deleted. */
+      if (isset($_POST['delete_multiple_groups_confirm'])){
+
+        /* Remove user by user and check acls before removeing them */
+        foreach($this->dns as $key => $dn){
+
+          /* Load permissions for selected 'dn' and check if
+             we're allowed to remove this 'dn' */
+          $acl = $this->ui->get_permissions($dn,"groups/group");
+          if(preg_match("/d/",$acl)){
+
+            /* Delete request is permitted, perform LDAP action */
+            $this->grouptab= new grouptabs($this->config,$this->config->data['TABS']['GROUPTABS'], $dn);
+            $this->grouptab->set_acl_base($dn);
+            $this->grouptab->delete ();
+            unset ($this->grouptab);
+            $this->grouptab= NULL;
+
+          } else {
+
+            /* Normally this shouldn't be reached, send some extra
+               logs to notify the administrator */
+            msg_dialog::display(_("Permission error"), msgPool::permDelete(), ERROR_DIALOG);
+            new log("security","groups/".get_class($this),$dn,array(),"Tried to trick deletion.");
+          }
+          /* Remove lock file after successfull deletion */
+          del_lock ($dn);
+          unset($this->dns[$key]);
+        }
+      }
+
+
+      /********************
+        Delete MULTIPLE entries Canceled
+       ********************/
+
+      /* Remove lock */
+    if(isset($_POST['delete_multiple_user_cancel'])){
+      foreach($this->dns as $key => $dn){
+        del_lock ($dn);
+        unset($this->dns[$key]);
+      }
+    }
+
+
+    /********************
+      Delete group 
+     ********************/
+
+    /* Remove group was requested */
+    if ($s_action=="del"){
+
+      /* Get 'dn' from posted 'uid' */
+      $this->dn= $this->list[trim($s_entry)]['dn'];
+
+      /* Load permissions for selected 'dn' and check if
+         we're allowed to remove this 'dn' */
+      $acl = $this->ui->get_permissions($this->dn,"groups/group");
+      if(preg_match("/d/",$acl)){
+
+        /* Check locking, save current plugin in 'back_plugin', so
+           the dialog knows where to return. */
+        if (($user= get_lock($this->dn)) != ""){
+          return(gen_locked_message ($user, $this->dn));
+        }
+
+        /* Lock the current entry, so nobody will edit it during deletion */
+        add_lock ($this->dn, $this->ui->dn);
+        $smarty->assign("info", msgPool::deleteInfo(@LDAP::fix($this->dn),_("group")));
+        $smarty->assign("multiple", false);
+        return($smarty->fetch(get_template_path('remove.tpl', TRUE)));
+
+      } else {
+        
+        /* Obviously the user isn't allowed to delete. Show message and clean session. */
+        msg_dialog::display(_("Permission error"), msgPool::permDelete());
+      }
+    }
+
+
+    /********************
+      Delete group confirmed  
+     ********************/
+
+    /* Confirmation for deletion has been passed. Group should be deleted. */
+    if (isset($_POST['delete_group_confirm'])){
+
+      /* Some nice guy may send this as POST, so we've to check
+         for the permissions again. */
+      $acl = $this->ui->get_permissions($this->dn,"groups/group");
+      if(preg_match("/d/",$acl)){
+
+        /* Delete request is permitted, perform LDAP action */
+        $this->grouptab= new grouptabs($this->config,$this->config->data['TABS']['GROUPTABS'], $this->dn);
+        $this->grouptab->set_acl_base($this->dn);
+        $this->grouptab->delete ();
+        unset ($this->grouptab);
+        $this->grouptab= NULL;
+
+        /* Group list has changed, reload it. */
+        //$this->reload ();
+
+      } else {
+
+        /* Normally this shouldn't be reached, send some extra
+           logs to notify the administrator */
+        msg_dialog::display(_("Permission error"), msgPool::permDelete(), ERROR_DIALOG);
+        new log("security","groups/".get_class($this),$dn,array(),"Tried to trick deletion.");
+      }
+
+      /* Remove lock file after successfull deletion */
+      del_lock ($this->dn);
+      session::un_set('objectinfo');
+    }
+
+
+    /********************
+      Delete group canceled  
+     ********************/
+
+    /* Delete group canceled? */
+    if (isset($_POST['delete_cancel'])){
+      del_lock ($this->dn);
+      session::un_set('objectinfo');
+    }
+    
+
+    /********************
+      A dialog was canceled  
+     ********************/
+
+    /* Cancel dialogs */
+    if (isset($_POST['edit_cancel']) || isset($_POST['password_cancel'])){
+      if(isset($this->grouptab->dn)){
+        del_lock ($this->grouptab->dn);
+      }
+      unset ($this->grouptab);
+      $this->grouptab= NULL;
+      session::un_set('objectinfo');
+    }
+
+
+    /********************
+      If there is currently a dialog open, display it
+     ********************/
+
+    /* Show tab dialog if object is present */
+    if (isset($this->grouptab->config)){
+      $display= $this->grouptab->execute();
+
+      /* Don't show buttons if tab dialog requests this */
+      if(isset($this->grouptab->by_object)){
+        if (!$this->grouptab->by_object[$this->grouptab->current]->dialog){
+          $display.= "<p style=\"text-align:right\">\n";
+          $display.= "<input type=submit name=\"edit_finish\" style=\"width:80px\" value=\"".msgPool::okButton()."\">\n";
+          $display.= "&nbsp;\n";
+          if ($this->dn != "new"){
+            $display.= "<input type=submit name=\"edit_apply\" value=\"".msgPool::applyButton()."\">\n";
+            $display.= "&nbsp;\n";
+          }
+          $display.= "<input type=submit name=\"edit_cancel\" value=\"".msgPool::cancelButton()."\">\n";
+          $display.= "</p>";
+        }
+      }
+      return ($display);
+    }
+
+    /* Display dialog with group list */
+    $this->DivListSudo->parent = &$this;
+    $this->DivListSudo->execute();
+    $this->reload ();
+    $this->DivListSudo->setEntries($this->list);
+    return($this->DivListSudo->Draw());
+  }
+
+
+  function list_get_selected_items()
+  {
+    $ids = array();
+    foreach($_POST as $name => $value){
+      if(preg_match("/^item_selected_[0-9]*$/",$name)){
+        $id   = preg_replace("/^item_selected_/","",$name);
+        $ids[$id] = $id;
+      }
+    }
+    return($ids);
+  }
+
+
+  function reload($CreatePosixsList=false)
+  {
+    $this->list             = array();
+    $base                   = $this->base;
+
+    $Regex                  = $this->DivListSudo->Regex;
+    $UserRegex              = $this->DivListSudo->UserRegex;
+    $SubSearch              = $this->DivListSudo->SubSearch;
+
+    /********************
+      Create filter depending on selected checkboxes 
+     ********************/
+    $values = array("cn","description","sudoUser","sudoCommand","sudoOption");
+    $ff     = "(&(|(cn=".$Regex.")(description=".$Regex.")(sudoUser=".$UserRegex.")(objectClass=sudoRole)))";
+    $res = get_list($ff, "sudo",$base,$values, GL_SUBSEARCH);
+    $tmp = array();
+    foreach($res as $attrs){
+      $tmp[$attrs['cn'][0]] = $attrs;
+    }
+    uksort($tmp, 'strnatcasecmp');  
+    $this->list = $tmp;
+  }
+
+
+  /* Save data to object */
+  function save_object()
+  {
+    $this->DivListSudo->save_object();
+  }
+
+
+  function remove_lock()
+  {
+    if (isset($this->grouptab->dn)){
+      del_lock ($this->grouptab->dn);
+    }
+  }
+
+
+  function remove_from_parent()
+  {
+    /* Optionally execute a command after we're done */
+    $this->postremove();
+  }
+
+
+  /* Save to LDAP */
+  function save()
+  {
+    /* Optionally execute a command after we're done */
+    $this->postcreate();
+  }
+
+  /* Unused functions  */
+  function check()  { }
+  function adapt_from_template($dn, $skip= array()) { }
+  function password_change_needed()  { }
+}
+// vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
+?>
diff --git a/gosa-core/plugins/admin/sudo/generic.tpl b/gosa-core/plugins/admin/sudo/generic.tpl
new file mode 100644 (file)
index 0000000..2c965ef
--- /dev/null
@@ -0,0 +1,246 @@
+{if $multiple_support}
+<input type="hidden" value="1" name="group_mulitple_edit">
+{/if }
+
+
+<table summary="" style="width:100%;">
+ <tr>
+  <td style="width:50%; vertical-align:top;">
+   <table summary="" style="width:100%">
+    <tr>
+     <td><LABEL for="cn">{t}Group name{/t}</LABEL>{$must}</td>
+     <td>
+{if $multiple_support}
+       <input id="dummy1" name="dummy1" size=25 maxlength=60 value="{t}Multiple edit{/t}" disabled>
+{else}
+{render acl=$cnACL}
+       <input id="cn" name="cn" size=25 maxlength=60 value="{$cn}" title="{t}Posix name of the group{/t}">
+{/render}
+{/if}
+     </td>
+    </tr>
+    <tr>
+     <td>
+      <LABEL for="description">{t}Description{/t}</LABEL>
+     </td>
+     <td>
+{render acl=$descriptionACL checkbox=$multiple_support checked=$use_description}
+      <input id="description" name="description" size=40 maxlength=80 value="{$description}" title="{t}Descriptive text for this group{/t}">
+{/render}
+     </td>
+    </tr>
+    <tr>
+     <td colspan=2> 
+      <div style="height:15px;"></div> 
+     </td>
+    </tr>
+    <tr>
+     <td>
+      <LABEL for="base">{t}Base{/t}</LABEL>{$must}
+     </td>
+     <td>
+{render acl=$baseACL checkbox=$multiple_support checked=$use_base}
+      <select id="base" size="1" name="base" title="{t}Choose subtree to place group in{/t}">
+       {html_options options=$bases selected=$base_select}
+      </select>
+{/render}
+
+{render acl=$baseACL disable_picture='images/folder_gray.png'}
+       <input type="image" name="chooseBase" src="images/folder.png" class="center" title="{t}Select a base{/t}">
+{/render}
+     </td>
+    </tr>
+    <tr>
+      <td colspan=2> <div style="height:15px; width:100%; border-bottom:1px solid #909090;"></div> </td>
+    </tr>
+    <tr>
+      <td colspan=2> <div style="height:15px; width:100%;"></div> </td>
+    </tr>
+{if $multiple_support}
+
+{else}
+    <tr>
+     <td colspan=2>
+{render acl=$gidNumberACL}
+      <input type=checkbox name="force_gid" value="1" title="{t}Normally IDs are autogenerated, select to specify manually{/t}" 
+       {$force_gid} onclick="changeState('gidNumber')">
+{/render}
+       <LABEL for="gidNumber">{t}Force GID{/t}</LABEL>
+      &nbsp;
+{render acl=$gidNumberACL}
+      <input name="gidNumber" size=9 maxlength=9 id="gidNumber" {$forceMode} value="{$gidNumber}" title="{t}Forced ID number{/t}">
+{/render}
+     </td>
+    </tr>
+{/if}
+
+{if $samba3 ne ""}
+
+{if $multiple_support}
+    <tr>
+    <td colspan=2>
+               {render acl=$sambaGroupTypeACL checkbox=$multiple_support checked=$use_smbgroup}
+                       <input class="center" type=checkbox name="smbgroup" value="1" {$smbgroup}>{t}Select to create a samba conform group{/t}
+               {/render}
+       </td>
+       </tr>
+       <tr>
+       <td colspan=2>
+               {render acl=$sambaGroupTypeACL checkbox=$multiple_support checked=$use_groupType}
+                       <select size="1" name="groupType">
+                               {html_options options=$groupTypes selected=$groupType}
+                       </select>
+               {/render}
+      &nbsp;
+      <LABEL for="">{t}in domain{/t}</LABEL>
+      &nbsp;
+
+               {render acl=$sambaDomainNameACL checkbox=$multiple_support checked=$use_sambaDomainName}
+                       <select id="sambaDomainName" size="1" name="sambaDomainName">
+                               {html_options values=$sambaDomains output=$sambaDomains selected=$sambaDomainName}
+                       </select>
+               {/render}
+       </td>
+       </tr>
+
+{else}
+    <tr>
+     <td colspan=2>
+{render acl=$sambaGroupTypeACL}
+      <input type=checkbox name="smbgroup" value="1" {$smbgroup}  title="{t}Select to create a samba conform group{/t}">
+{/render}
+{render acl=$sambaGroupTypeACL}
+      <select size="1" name="groupType">
+       {html_options options=$groupTypes selected=$groupType}
+      </select>
+{/render}
+      &nbsp;
+      <LABEL for="">{t}in domain{/t}</LABEL>
+      &nbsp;
+{render acl=$sambaDomainNameACL}
+      <select id="sambaDomainName" size="1" name="sambaDomainName">
+       {html_options values=$sambaDomains output=$sambaDomains selected=$sambaDomainName}
+      </select>
+{/render}
+     </td>
+    </tr>
+    {/if}
+{/if}
+
+       {if $pickupGroup == "true"}
+    <tr>
+      <td colspan=2> <div style="height:15px; width:100%; border-bottom:1px solid #909090;"></div> </td>
+    </tr>
+    <tr>
+      <td colspan=2> <div style="height:15px; width:100%;"></div> </td>
+    </tr>
+    <tr>
+     <td colspan=2>
+{render acl=$fonGroupACL checkbox=$multiple_support checked=$use_fon_group}
+      <input class="center" type=checkbox name="fon_group" value="1" {$fon_group}>{t}Members are in a phone pickup group{/t}
+{/render}
+     </td>
+    </tr>
+       {/if}
+       {if $nagios == "true"}
+    <tr>
+      <td colspan=2> <div style="height:15px; width:100%; border-bottom:1px solid #909090;"></div> </td>
+    </tr>
+    <tr>
+      <td colspan=2> <div style="height:15px; width:100%;"></div> </td>
+    </tr>
+    <tr>
+     <td colspan=2>
+{render acl=$nagiosGroupACL}
+      <input type=checkbox name="nagios_group" value="1" {$nagios_group}>{t}Members are in a nagios group{/t}
+{/render}
+     </td>
+    </tr>
+       {/if}
+    <tr>
+      <td colspan=2> <div style="height:15px; width:100%; border-bottom:1px solid #909090;"></div> </td>
+    </tr>
+    <tr>
+      <td colspan=2> <div style="height:15px; width:100%;"></div> </td>
+    </tr>
+       <tr>
+        <td colspan="2">
+                   {t}Trust mode{/t}&nbsp;
+    {render acl=$trustmodeACL}
+        <select name="trustmode" id="trustmode" size=1
+            onChange="changeSelectState('trustmode', 'wslist');
+                      changeSelectState('trustmode', 'add_ws');
+                      changeSelectState('trustmode', 'del_ws');">
+          {html_options options=$trustmodes selected=$trustmode}
+        </select>
+    {/render}
+    {render acl=$trustmodeACL}
+       <select style="width:100%" id="wslist" name="workstation_list[]" size=8 multiple {$trusthide}>
+        {html_options values=$workstations output=$workstations}
+        {if $emptyArrAccess}
+            <option disabled>&nbsp;</option>
+        {/if}
+       </select>
+    {/render}
+       <br>
+    {render acl=$trustmodeACL}
+       <input type="submit" id="add_ws" value="{msgPool type=addButton}" name="add_ws" {$trusthide}>&nbsp;
+    {/render}
+    {render acl=$trustmodeACL}
+       <input type="submit" id="del_ws" value="{msgPool type=delButton}" name="delete_ws" {$trusthide}>
+    {/render}
+
+        </td>
+       </tr>
+   </table>
+
+  </td>
+  <td style="border-left:1px solid #A0A0A0">
+   &nbsp;
+  </td>
+
+  <td style="vertical-align:top;">
+
+   <table summary="" style="width:100%">
+    <tr>
+     <td style="vertical-align:top; width:50%">
+      <b><LABEL for="members">{t}Group members{/t}</LABEL></b>
+      <br>
+{render acl=$memberUidACL}
+
+       {if $multiple_support}
+         <select style="width:100%; height:380px;" id="members" name="members[]" size=15 multiple>
+               {foreach from=$memberUid_All item=name key=key}
+                       <option value="{$key}">{$name}&nbsp;({t}In all groups{/t})</option>
+               {/foreach}
+               {foreach from=$memberUid_Some item=name key=key}
+        <option value="{$key}" style='color: #888888; background: #DDDDDD;background-color: #DDDDDD;'>{$name}&nbsp;({t}Not in all groups{/t})</option>
+               {/foreach}
+         </select>
+       {else}
+      <select style="width:100%; height:380px;" id="members" name="members[]" size=15 multiple>
+       {html_options options=$members}
+               <option disabled>&nbsp;</option>
+      </select>
+       {/if}
+{/render}
+      <br>
+      <input type=submit name="edit_membership" value="{msgPool type=addButton}">
+      &nbsp;
+      <input type=submit name="del_users" value="{msgPool type=delButton}">
+     </td>
+    </tr> 
+   </table>
+  </td>
+
+ </tr>
+</table>
+
+<input type="hidden" name="groupedit" value="1">
+
+<!-- Place cursor -->
+<script language="JavaScript" type="text/javascript">
+  <!-- // First input field on page
+       focus_field('cn');
+  -->
+</script>
diff --git a/gosa-core/plugins/admin/sudo/main.inc b/gosa-core/plugins/admin/sudo/main.inc
new file mode 100644 (file)
index 0000000..baf3785
--- /dev/null
@@ -0,0 +1,62 @@
+<?php
+/*
+ * This code is part of GOsa (http://www.gosa-project.org)
+ * Copyright (C) 2003-2008 GONICUS GmbH
+ *
+ * ID: $$Id: main.inc 9275 2008-03-04 07:29:22Z cajus $$
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+if ($remove_lock){
+  if(session::is_set('sudoManagement')){
+    $sudoManagement = session::get('sudoManagement');
+    $sudoManagement->remove_lock();
+    del_lock ($ui->dn);
+    session::un_set ('sudoManagement');
+  }
+} else {
+  /* Create sudoManagement object on demand */
+  if (!session::is_set('sudoManagement') || (isset($_GET['reset']) && $_GET['reset'] == 1)){
+    session::set('sudoManagement',new sudoManagement ($config, $ui));
+  }
+  $sudoManagement = session::get('sudoManagement');
+  $sudoManagement->save_object();
+  $output= $sudoManagement->execute();
+
+  /* Page header*/
+  if (session::is_set('objectinfo')){
+    $display= print_header(get_template_path('images/group.png'),
+                           _("Group administration"), "<img alt=\"\" align=\"middle\" src=\"".
+                            get_template_path('images/closedlock.png')."\"> ".
+                            @LDAP::fix(session::get('objectinfo')));
+  } else {
+    $display= print_header(get_template_path('images/group.png'), _("Group administration"));
+  }
+
+  $display.= $output;
+
+  /* Reset requested? */
+  if (isset($_GET['reset']) && $_GET['reset'] == 1){
+    del_lock ($ui->dn);
+    session::un_set ('sudoManagement');
+  }
+
+  /* Show and save dialog */
+  session::set('sudoManagement',$sudoManagement);
+}
+
+// vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
+?>
diff --git a/gosa-core/plugins/admin/sudo/remove.tpl b/gosa-core/plugins/admin/sudo/remove.tpl
new file mode 100644 (file)
index 0000000..c4405a1
--- /dev/null
@@ -0,0 +1,27 @@
+<div style="font-size:18px;">
+  <img alt="" src="images/button_cancel.png" align=top>&nbsp;{t}Warning{/t}
+</div>
+<p>
+  {$info}
+  {t}This may be a primary user group. Please double check if you really want to do this since there is no way for GOsa to get your data back.{/t}
+</p>
+
+<p>
+  {t}So - if you're sure - press 'Delete' to continue or 'Cancel' to abort.{/t}
+</p>
+
+<p class="plugbottom">
+
+  {if $multiple}
+  <input type=submit name="delete_multiple_groups_confirm" value="{msgPool type=delButton}">
+  &nbsp;
+  <input type=submit name="delete_multiple_group_cancel" value="{msgPool type=cancelButton}">
+  {else}
+  <input type=submit name="delete_group_confirm" value="{msgPool type=delButton}">
+  &nbsp;
+  <input type=submit name="delete_cancel" value="{msgPool type=cancelButton}">
+  {/if}
+
+
+</p>
+
diff --git a/gosa-core/plugins/admin/sudo/tabs_sudo.inc b/gosa-core/plugins/admin/sudo/tabs_sudo.inc
new file mode 100644 (file)
index 0000000..f4f51ed
--- /dev/null
@@ -0,0 +1,66 @@
+<?php
+/*
+ * This code is part of GOsa (http://www.gosa-project.org)
+ * Copyright (C) 2003-2008 GONICUS GmbH
+ *
+ * ID: $$Id: tabs_group.inc 9275 2008-03-04 07:29:22Z cajus $$
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+class sudotabs extends tabs
+{
+  function sudotabs($config, $data, $dn)
+  {
+    tabs::tabs($config, $data, $dn,"sudo");
+    $this->addSpecialTabs();
+  }
+
+  function save_object($save_current= FALSE)
+  {
+    tabs::save_object($save_current);
+  }
+
+  function save($ignore_account= FALSE)
+  {
+    echo "nope";
+    $baseobject= $this->by_object['group'];
+
+    /* Check for new 'dn', in order to propagate the
+       'dn' to all plugins */
+    $new_dn= 'cn='.$baseobject->cn.','.get_groups_ou().$baseobject->base;
+
+
+    /* Move group? */
+    if ($this->dn != $new_dn){
+
+      /* Write entry on new 'dn' */
+      if ($this->dn != "new"){
+        $baseobject->update_acls($this->dn,$new_dn);
+        $baseobject->move($this->dn, $new_dn);
+        $this->by_object['group']= $baseobject;
+      }
+
+      /* Happen to use the new one */
+      $this->dn= $new_dn;
+    }
+
+    $ret= tabs::save();
+
+    return $ret;
+  }
+}
+// vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
+?>