From 26ef8bc10ccecaf7231c2237f08fddbb9bc0cb29 Mon Sep 17 00:00:00 2001 From: hickert Date: Fri, 4 Apr 2008 06:02:40 +0000 Subject: [PATCH] Updated Sudo stuff. -Updated sudoers ou. git-svn-id: https://oss.gonicus.de/repositories/gosa/trunk@10179 594d385d-05f5-0310-b6e9-bd551577e9d8 --- .../plugins/admin/sudo/class_divListSudo.inc | 2 +- .../plugins/admin/sudo/class_sudoGeneric.inc | 32 ++- .../admin/sudo/class_sudoManagement.inc | 212 ++++++++---------- gosa-core/plugins/admin/sudo/tabs_sudo.inc | 2 +- 4 files changed, 128 insertions(+), 120 deletions(-) diff --git a/gosa-core/plugins/admin/sudo/class_divListSudo.inc b/gosa-core/plugins/admin/sudo/class_divListSudo.inc index 3174f6ef4..23e0b0fdf 100644 --- a/gosa-core/plugins/admin/sudo/class_divListSudo.inc +++ b/gosa-core/plugins/admin/sudo/class_divListSudo.inc @@ -103,7 +103,7 @@ class divListSudo extends MultiSelectWindow if(preg_match("/d/",$acl)){ $s.= "..|---|\n"; $s.= "..|". - " "._("Remove")."|"."remove_multiple|\n"; + " "._("Remove")."|"."del_role|\n"; } $this->SetDropDownHeaderMenu($s); diff --git a/gosa-core/plugins/admin/sudo/class_sudoGeneric.inc b/gosa-core/plugins/admin/sudo/class_sudoGeneric.inc index 6f62286b5..0d02166e6 100644 --- a/gosa-core/plugins/admin/sudo/class_sudoGeneric.inc +++ b/gosa-core/plugins/admin/sudo/class_sudoGeneric.inc @@ -36,6 +36,29 @@ class sudo extends plugin var $is_account = TRUE; + public static function get_sudoers_ou($config) + { + /*** + GET sudo base + ***/ + $base =""; + if(empty($base)){ + /* Default is ou=sudoers,BASE */ + $base = "ou=sudoers,".$config->current['BASE']; + }else{ + + /* Append base to given sudoers ou if missing */ + if(!preg_match("/".normalizePreg($config->current['BASE'])."$/i",$base)){ + if(!preg_match("/,$/",$base)){ + $base = $base.",".$config->current['BASE']; + }else{ + $base = $base.$config->current['BASE']; + } + } + } + return($base); + } + function sudo(&$config, $dn= NULL) { plugin::plugin ($config, $dn); @@ -201,7 +224,7 @@ class sudo extends plugin plugin::remove_from_parent(); $ldap = $this->config->get_ldap_link(); - $ldap->cd(get_ou("sudoou")) ; + $ldap->cd($this->dn); $ldap->rmdir($this->dn); /* Send signal to the world that we've done */ @@ -222,14 +245,15 @@ class sudo extends plugin $ldap = $this->config->get_ldap_link(); $ldap->cd($this->config->current['BASE']); - $ldap->create_missing_trees(get_ou("sudoou")); - $ldap->cd($this->dn); if($this->is_new){ - $ldap->add($this->attrs);; + $ldap->create_missing_trees(preg_replace('/^[^,]+,/', '', $this->dn)); + $ldap->cd($this->dn); + $ldap->add($this->attrs); /* Send signal to the world that we've done */ $this->handle_post_events("create"); }else{ + $ldap->cd($this->dn); $ldap->modify($this->attrs);; /* Send signal to the world that we've done */ diff --git a/gosa-core/plugins/admin/sudo/class_sudoManagement.inc b/gosa-core/plugins/admin/sudo/class_sudoManagement.inc index febf43b31..0623b9ef2 100644 --- a/gosa-core/plugins/admin/sudo/class_sudoManagement.inc +++ b/gosa-core/plugins/admin/sudo/class_sudoManagement.inc @@ -36,25 +36,7 @@ class sudoManagement extends plugin /* Save configuration for internal use */ $this->config = &$config; $this->ui = &$ui; - $this->base = @get_ou("sudoou"); - - /*** - GET sudo base - ***/ - if(empty($this->base)){ - /* Default is ou=sudoers,BASE */ - $this->base = "ou=sudoers,".$this->config->current['BASE']; - }else{ - - /* Append base to given sudoers ou if missing */ - if(!preg_match("/".normalizePreg($this->config->current['BASE'])."$/i",$this->base)){ - if(!preg_match("/,$/",$this->base)){ - $this->base = $this->base.",".$this->config->current['BASE']; - }else{ - $this->base = $this->base.$this->config->current['BASE']; - } - } - } + $this->base = sudo::get_sudoers_ou($this->config); /* Create dialog object */ $this->DivListSudo = new divListSudo($this->config,$this); @@ -75,10 +57,10 @@ class sudoManagement extends plugin "/^act$/","/^id$/","/^sudo_edit_/", "/^sudo_del_/","/^item_selected/","/menu_action/")); - /* Save data */ + + /* Get html posts */ $s_action = ""; $s_entry = ""; - foreach($_POST as $name => $value){ if(preg_match("/^sudo_edit_/",$name)){ $s_action = "edit_role"; @@ -98,13 +80,13 @@ class sudoManagement extends plugin } } - /* handle C&P from layers menu */ if(isset($_POST['menu_action']) && in_array($_POST['menu_action'],array("new_role","remove_multiple"))){ $s_action = $_POST['menu_action']; } $smarty= get_smarty(); + /******************** Create a new sudo ... ********************/ @@ -113,7 +95,7 @@ class sudoManagement extends plugin if ($s_action=="new_role"){ /* Check create permissions */ - $acl = $this->ui->get_permissions($this->DivListSudo->selectedBase,"sudo/sudo"); + $acl = $this->ui->get_permissions($this->base,"sudo/sudo"); if(preg_match("/c/",$acl)){ /* By default we set 'dn' to 'new', all relevant plugins will @@ -133,9 +115,7 @@ class sudoManagement extends plugin Save Sudo Tab/Object Changes ********************/ - /* Finish sudo edit is triggered by the tabulator dialog, so - the user wants to save edited data. Check and save at this - point. */ + /* Save changes */ if ((isset($_POST['edit_finish']) || isset($_POST['edit_apply'])) && is_object($this->sudotabs)){ /* Check tabs, will feed message array @@ -147,13 +127,12 @@ class sudoManagement extends plugin $this->sudotabs->save(); if (!isset($_POST['edit_apply'])){ + /* Sudo has been saved successfully, remove lock from LDAP. */ if ($this->dn != "new"){ del_lock ($this->dn); } - /* There's no page reload so we have to read new sudos at this point. */ - //$this->reload (); unset ($this->sudotabs); $this->sudotabs= NULL; session::un_set('objectinfo'); @@ -191,12 +170,17 @@ class sudoManagement extends plugin /******************** - Delete MULTIPLE entries requested, display confirm dialog + Delete entries requested, display confirm dialog ********************/ - if ($s_action=="del_multiple"){ + if ($s_action=="del_role"){ + $ids = $this->list_get_selected_items(); + if(!count($ids) && !empty($s_entry)){ + $ids = array($s_entry); + } + if(count($ids)){ foreach($ids as $id){ $dn = $this->list[$id]['dn']; @@ -221,7 +205,7 @@ class sudoManagement extends plugin /******************** - Delete MULTIPLE entries confirmed + Delete entries confirmed ********************/ /* Confirmation for deletion has been passed. Sudo should be deleted. */ @@ -268,89 +252,89 @@ class sudoManagement extends plugin } } - - /******************** - Delete sudo role - ********************/ - - /* Remove sudo was requested */ - if ($s_action=="del_role"){ - - /* Get 'dn' from posted 'uid' */ - $this->dn= $this->list[trim($s_entry)]['dn']; - - /* Load permissions for selected 'dn' and check if - we're allowed to remove this 'dn' */ - $acl = $this->ui->get_permissions($this->dn,"sudo/sudo"); - if(preg_match("/d/",$acl)){ - - /* Check locking, save current plugin in 'back_plugin', so - the dialog knows where to return. */ - if (($user= get_lock($this->dn)) != ""){ - return(gen_locked_message ($user, $this->dn)); - } - - /* Lock the current entry, so nobody will edit it during deletion */ - add_lock ($this->dn, $this->ui->dn); - $smarty->assign("info", msgPool::deleteInfo(@LDAP::fix($this->dn),_("sudo role"))); - $smarty->assign("multiple", false); - return($smarty->fetch(get_template_path('remove.tpl', TRUE))); - - } else { - - /* Obviously the user isn't allowed to delete. Show message and clean session. */ - msg_dialog::display(_("Permission error"), msgPool::permDelete()); - } - } - - - /******************** - Delete sudo confirmed - ********************/ - - /* Confirmation for deletion has been passed. Sudo should be deleted. */ - if (isset($_POST['delete_sudo_confirmed'])){ - - /* Some nice guy may send this as POST, so we've to check - for the permissions again. */ - $acl = $this->ui->get_permissions($this->dn,"sudo/sudo"); - if(preg_match("/d/",$acl)){ - - /* Delete request is permitted, perform LDAP action */ - $this->sudotabs= new sudotabs($this->config,$this->config->data['TABS']['SUDOTABS'], $this->dn); - $this->sudotabs->set_acl_base($this->dn); - $this->sudotabs->delete (); - unset ($this->sudotabs); - $this->sudotabs= NULL; - - /* Sudo list has changed, reload it. */ - //$this->reload (); - - } else { - - /* Normally this shouldn't be reached, send some extra - logs to notify the administrator */ - msg_dialog::display(_("Permission error"), msgPool::permDelete(), ERROR_DIALOG); - new log("security","sudo/".get_class($this),$dn,array(),"Tried to trick deletion."); - } - - /* Remove lock file after successfull deletion */ - del_lock ($this->dn); - session::un_set('objectinfo'); - } - - - /******************** - Delete sudo canceled - ********************/ - - /* Delete sudo canceled? */ - if (isset($_POST['delete_cancel'])){ - del_lock ($this->dn); - session::un_set('objectinfo'); - } - - +# +# /******************** +# Delete sudo role +# ********************/ +# +# /* Remove sudo was requested */ +# if ($s_action=="del_role"){ +# +# /* Get 'dn' from posted 'uid' */ +# $this->dn= $this->list[trim($s_entry)]['dn']; +# +# /* Load permissions for selected 'dn' and check if +# we're allowed to remove this 'dn' */ +# $acl = $this->ui->get_permissions($this->dn,"sudo/sudo"); +# if(preg_match("/d/",$acl)){ +# +# /* Check locking, save current plugin in 'back_plugin', so +# the dialog knows where to return. */ +# if (($user= get_lock($this->dn)) != ""){ +# return(gen_locked_message ($user, $this->dn)); +# } +# +# /* Lock the current entry, so nobody will edit it during deletion */ +# add_lock ($this->dn, $this->ui->dn); +# $smarty->assign("info", msgPool::deleteInfo(@LDAP::fix($this->dn),_("sudo role"))); +# $smarty->assign("multiple", false); +# return($smarty->fetch(get_template_path('remove.tpl', TRUE))); +# +# } else { +# +# /* Obviously the user isn't allowed to delete. Show message and clean session. */ +# msg_dialog::display(_("Permission error"), msgPool::permDelete()); +# } +# } +# +# +# /******************** +# Delete sudo confirmed +# ********************/ +# +# /* Confirmation for deletion has been passed. Sudo should be deleted. */ +# if (isset($_POST['delete_sudo_confirmed'])){ +# +# /* Some nice guy may send this as POST, so we've to check +# for the permissions again. */ +# $acl = $this->ui->get_permissions($this->dn,"sudo/sudo"); +# if(preg_match("/d/",$acl)){ +# +# /* Delete request is permitted, perform LDAP action */ +# $this->sudotabs= new sudotabs($this->config,$this->config->data['TABS']['SUDOTABS'], $this->dn); +# $this->sudotabs->set_acl_base($this->dn); +# $this->sudotabs->delete (); +# unset ($this->sudotabs); +# $this->sudotabs= NULL; +# +# /* Sudo list has changed, reload it. */ +# //$this->reload (); +# +# } else { +# +# /* Normally this shouldn't be reached, send some extra +# logs to notify the administrator */ +# msg_dialog::display(_("Permission error"), msgPool::permDelete(), ERROR_DIALOG); +# new log("security","sudo/".get_class($this),$dn,array(),"Tried to trick deletion."); +# } +# +# /* Remove lock file after successfull deletion */ +# del_lock ($this->dn); +# session::un_set('objectinfo'); +# } +# +# +# /******************** +# Delete sudo canceled +# ********************/ +# +# /* Delete sudo canceled? */ +# if (isset($_POST['delete_cancel'])){ +# del_lock ($this->dn); +# session::un_set('objectinfo'); +# } +# +# /******************** A dialog was canceled ********************/ diff --git a/gosa-core/plugins/admin/sudo/tabs_sudo.inc b/gosa-core/plugins/admin/sudo/tabs_sudo.inc index 5f36dcddb..a1265c491 100644 --- a/gosa-core/plugins/admin/sudo/tabs_sudo.inc +++ b/gosa-core/plugins/admin/sudo/tabs_sudo.inc @@ -39,7 +39,7 @@ class sudotabs extends tabs /* Check for new 'dn', in order to propagate the 'dn' to all plugins */ - $new_dn= 'cn='.$baseobject->cn.','.get_ou("sudoou"); + $new_dn= 'cn='.$baseobject->cn.','.sudo::get_sudoers_ou($baseobject->config); /* Move group? */ if ($this->dn != $new_dn){ -- 2.30.2