![[tokkee]](http://tokkee.org/images/avatar.png){kind=avatar}
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 4527f7c)
raw | patch | inline | side by side (parent: 4527f7c)
| author | hickert <hickert@594d385d-05f5-0310-b6e9-bd551577e9d8> | |
| Mon, 7 Apr 2008 12:07:22 +0000 (12:07 +0000) | ||
| committer | hickert <hickert@594d385d-05f5-0310-b6e9-bd551577e9d8> | |
| Mon, 7 Apr 2008 12:07:22 +0000 (12:07 +0000) |
-Added trust mode
git-svn-id: https://oss.gonicus.de/repositories/gosa/trunk@10232 594d385d-05f5-0310-b6e9-bd551577e9d8
git-svn-id: https://oss.gonicus.de/repositories/gosa/trunk@10232 594d385d-05f5-0310-b6e9-bd551577e9d8
| gosa-plugins/sudo/admin/sudo/class_sudoGeneric.inc | patch | blob | history | |
| gosa-plugins/sudo/admin/sudo/generic.tpl | patch | blob | history |
diff --git a/gosa-plugins/sudo/admin/sudo/class_sudoGeneric.inc b/gosa-plugins/sudo/admin/sudo/class_sudoGeneric.inc
index f5bd1f2a12e985dc165b45b256cee07765117ae5..a2ba757bfa4b0cf03d8945e7b80733783445dccd 100644 (file)
var $sudoHost = array("ALL");
var $sudoRunas = array("ALL");
+ var $accessTo = array();
+ var $trustModel = "";
+ var $show_ws_dialog = FALSE;
+
var $objectclasses = array("top","sudoRole");
- var $attributes = array("cn","description","sudoUser","sudoCommand","sudoHost","sudoRunas");
+ var $attributes = array("cn","description","sudoUser","sudoCommand","sudoHost","sudoRunas","accessTo","trustModel");
var $is_account = TRUE;
$this->$attr = $tmp;
}
}
+
+ /* Is this account a trustAccount? */
+ if ($this->is_account && isset($this->attrs['trustModel'])){
+ $this->trustModel= $this->attrs['trustModel'][0];
+ $this->was_trust_account= TRUE;
+ } else {
+ $this->was_trust_account= FALSE;
+ $this->trustModel= "";
+ }
+
+ $this->accessTo = array();
+ if ($this->is_account && isset($this->attrs['accessTo'])){
+ for ($i= 0; $i<$this->attrs['accessTo']['count']; $i++){
+ $tmp= $this->attrs['accessTo'][$i];
+ $this->accessTo[$tmp]= $tmp;
+ }
+ }
+
}
}
/* Call parent execute */
plugin::execute();
+ /*********************
+ Access control list
+ *********************/
+
+ /* Add user workstation? */
+ if (isset($_POST["add_ws"])){
+ $this->show_ws_dialog= TRUE;
+ $this->dialog= TRUE;
+ }
+
+ /* Add user workstation? */
+ if (isset($_POST["add_ws_finish"]) && isset($_POST['wslist'])){
+ foreach($_POST['wslist'] as $ws){
+ $this->accessTo[$ws]= $ws;
+ }
+ ksort($this->accessTo);
+ $this->is_modified= TRUE;
+ }
+
+ /* Remove user workstations? */
+ if (isset($_POST["delete_ws"]) && isset($_POST['workstation_list'])){
+ foreach($_POST['workstation_list'] as $name){
+ unset ($this->accessTo[$name]);
+ }
+ $this->is_modified= TRUE;
+ }
+
+ /* Add user workstation finished? */
+ if (isset($_POST["add_ws_finish"]) || isset($_POST["add_ws_cancel"])){
+ $this->show_ws_dialog= FALSE;
+ $this->dialog= FALSE;
+ }
+
+ /* Show ws dialog */
+ if ($this->show_ws_dialog){
+
+ $smarty = get_smarty();
+
+
+ /* Save data */
+ $sysfilter= session::get("sysfilter");
+ foreach( array("depselect", "regex") as $type){
+ if (isset($_POST[$type])){
+ $sysfilter[$type]= $_POST[$type];
+ }
+ }
+ if (isset($_GET['search'])){
+ $s= mb_substr($_GET['search'], 0, 1, "UTF8")."*";
+ if ($s == "**"){
+ $s= "*";
+ }
+ $sysfilter['regex']= $s;
+ }
+ session::set("sysfilter", $sysfilter);
+
+ /* Get workstation list */
+ $exclude= "";
+ foreach($this->accessTo as $ws){
+ $exclude.= "(cn=$ws)";
+ }
+ if ($exclude != ""){
+ $exclude= "(!(|$exclude))";
+ }
+ $regex= $sysfilter['regex'];
+ $filter= "(&(|(objectClass=goServer)(objectClass=gotoWorkstation)(objectClass=gotoTerminal))$exclude(cn=*)(cn=$regex))";
+
+ $deps_a = array(get_ou("serverou"),
+ get_ou("terminalou"),
+ get_ou("workstationou"));
+
+ $res= get_sub_list($filter, array("terminal","server","workstation"), $deps_a, get_ou("systemsou").$sysfilter['depselect'], array("cn"), GL_SUBSEARCH | GL_SIZELIMIT);
+ $wslist= array();
+ foreach ($res as $attrs){
+ $wslist[]= preg_replace('/\$/', '', $attrs['cn'][0]);
+ }
+ asort($wslist);
+ $smarty->assign("search_image", get_template_path('images/search.png'));
+ $smarty->assign("launchimage", get_template_path('images/small_filter.png'));
+ $smarty->assign("tree_image", get_template_path('images/tree.png'));
+ $smarty->assign("deplist", $this->config->idepartments);
+ $smarty->assign("alphabet", generate_alphabet());
+ foreach( array("depselect", "regex") as $type){
+ $smarty->assign("$type", $sysfilter[$type]);
+ }
+ $smarty->assign("hint", print_sizelimit_warning());
+ $smarty->assign("wslist", $wslist);
+ $smarty->assign("apply", apply_filter());
+ $display= $smarty->fetch (get_template_path('trust_machines.tpl', TRUE, dirname(__FILE__)));
+ return ($display);
+ }
+
+
/*********************
Add users
*********************/
$smarty->assign($attr,$this->$attr);
}
+
+/* Work on trust modes */
+ $smarty->assign("trusthide", " disabled ");
+ $smarty->assign("trustmodeACL", $this->getacl("trustModel"));
+ if ($this->trustModel == "fullaccess"){
+ $trustmode= 1;
+ // pervent double disable tag in html code, this will disturb our clean w3c html
+ $smarty->assign("trustmode", $this->getacl("trustModel"));
+
+ } elseif ($this->trustModel == "byhost"){
+ $trustmode= 2;
+ $smarty->assign("trusthide", "");
+ } else {
+ // pervent double disable tag in html code, this will disturb our clean w3c html
+ $smarty->assign("trustmode", $this->getacl("trustModel"));
+ $trustmode= 0;
+ }
+ $smarty->assign("trustmode", $trustmode);
+ $smarty->assign("trustmodes", array( 0 => _("disabled"), 1 => _("full access"),
+ 2 => _("allow access to these hosts")));
+
+ if((count($this->accessTo))==0)
+ $smarty->assign("emptyArrAccess",true);
+ else
+ $smarty->assign("emptyArrAccess",false);
+
+
+ $smarty->assign("workstations", $this->accessTo);
+
+
+
$divlist_sudoUser = new divSelectBox("divlist_sudoUser");
$divlist_sudoUser->SetHeight("90");
$divlist_sudoHost = new divSelectBox("divlist_sudoHost");
if(is_object($this->dialog)){
$this->dialog->save_object();
}
+
+ /* Trust mode - special handling */
+ if($this->acl_is_writeable("trustModel")){
+ if (isset($_POST['trustmode'])){
+ $saved= $this->trustModel;
+ if ($_POST['trustmode'] == "1"){
+ $this->trustModel= "fullaccess";
+ } elseif ($_POST['trustmode'] == "2"){
+ $this->trustModel= "byhost";
+ } else {
+ $this->trustModel= "";
+ }
+ if ($this->trustModel != $saved){
+ $this->is_modified= TRUE;
+ }
+ }
+ }
+
+
}
function save()
{
plugin::save();
+ /* Trust accounts */
+ $objectclasses= array();
+ foreach ($this->attrs['objectClass'] as $key => $class){
+ if (preg_match('/trustAccount/i', $class)){
+ continue;
+ }
+ $objectclasses[]= $this->attrs['objectClass'][$key];
+ }
+
+ $this->attrs['objectClass']= $objectclasses;
+ if ($this->trustModel != ""){
+ $this->attrs['objectClass'][]= "trustAccount";
+ $this->attrs['trustModel']= $this->trustModel;
+ $this->attrs['accessTo']= array();
+ if ($this->trustModel == "byhost"){
+ foreach ($this->accessTo as $host){
+ $this->attrs['accessTo'][]= $host;
+ }
+ }
+ } else {
+ if ($this->was_trust_account){
+ $this->attrs['accessTo']= array();
+ $this->attrs['trustModel']= array();
+ }
+ }
+
/* Ensure a correct array index
*/
index be45c1709dcd613dad0c3a374bc80132c0bd6978..3a4e21adc7fb92d73d684e6d0e7fe61ac94f6c8c 100644 (file)
-<h2>Sudo generic</h2>
<table style="width: 90%;">
<tr>
- <td style="width:50%"><b>Generic</b>
+ <td style="vertical-align:top;width:50%">
+ <h2>Sudo generic</h2>
<table>
<tr>
<td>
</td>
</tr>
</table>
+ </td>
+ <td>
+ <h2><img alt="" class="center" align="middle" src="images/closedlock.png" /> {t}System trust{/t}</h2>
+ {t}Trust mode{/t}
+ {render acl=$trustmodeACL}
+ <select name="trustmode" id="trustmode" size=1
+ onChange="changeSelectState('trustmode', 'wslist');
+ changeSelectState('trustmode', 'add_ws');
+ changeSelectState('trustmode', 'del_ws');">
+ {html_options options=$trustmodes selected=$trustmode}
+ </select>
+ {/render}
+ {render acl=$trustmodeACL}
+ <select style="width:100%" id="wslist" name="workstation_list[]" size=5 multiple {$trusthide}>
+ {html_options values=$workstations output=$workstations}
+ {if $emptyArrAccess}
+ <option disabled> </option>
+ {/if}
+ </select>
+ {/render}
+ <br>
+ {render acl=$trustmodeACL}
+ <input type="submit" id="add_ws" value="{msgPool type=addButton}" name="add_ws" {$trusthide}>
+ {/render}
+ {render acl=$trustmodeACL}
+ <input type="submit" id="del_ws" value="{msgPool type=delButton}" name="delete_ws" {$trusthide}>
+ {/render}
+
</td>
</tr>
+ <tr><td style="width:100%;"colspan="2"><p class="seperator"> </p></td></tr>
<tr>
<td style="width:50%"><b>User / Groups</b>
{$divlist_sudoUser}
<input type='text' value='' name='new_sudoUser'><input type='submit' name='add_sudoUser' value='{msgPool type=addButton}'>
<input type='submit' name='list_sudoUser' value='{t}Add from list{/t}'>
</td>
- <td style="border-left: solid 1px #AAAAAA;"><b>Commands</b>
- {$divlist_sudoCommand}
- <input type='text' value='' name='new_sudoCommand'><input type='submit' name='add_sudoCommand' value='{msgPool type=addButton}'>
- </td>
- </tr>
- <tr><td style="width:100%;"colspan="2"><p class="seperator"> </p></td></tr>
- <tr>
<td><b>Hosts</b>
{$divlist_sudoHost}
<input type='text' value='' name='new_sudoHost'><input type='submit' name='add_sudoHost' value='{msgPool type=addButton}'>
<input type='submit' name='list_sudoHost' value='{t}Add from list{/t}'>
</td>
+ </tr>
+ <tr><td style="width:100%;"colspan="2"><p class="seperator"> </p></td></tr>
+ <tr>
+ <td style="border-left: solid 1px #AAAAAA;"><b>Commands</b>
+ {$divlist_sudoCommand}
+ <input type='text' value='' name='new_sudoCommand'><input type='submit' name='add_sudoCommand' value='{msgPool type=addButton}'>
+ </td>
<td style="border-left: solid 1px #AAAAAA;"><b>Run as</b>
{$divlist_sudoRunas}
<input type='text' value='' name='new_sudoRunas'><input type='submit' name='add_sudoRunas' value='{msgPool type=addButton}'>