From b38fb65e57cb444d9fd12f01f3f7980fbc3e2a12 Mon Sep 17 00:00:00 2001 From: hickert Date: Mon, 7 Apr 2008 12:07:22 +0000 Subject: [PATCH] Updated sudo -Added trust mode git-svn-id: https://oss.gonicus.de/repositories/gosa/trunk@10232 594d385d-05f5-0310-b6e9-bd551577e9d8 --- .../sudo/admin/sudo/class_sudoGeneric.inc | 192 +++++++++++++++++- gosa-plugins/sudo/admin/sudo/generic.tpl | 47 ++++- 2 files changed, 229 insertions(+), 10 deletions(-) diff --git a/gosa-plugins/sudo/admin/sudo/class_sudoGeneric.inc b/gosa-plugins/sudo/admin/sudo/class_sudoGeneric.inc index f5bd1f2a1..a2ba757bf 100644 --- a/gosa-plugins/sudo/admin/sudo/class_sudoGeneric.inc +++ b/gosa-plugins/sudo/admin/sudo/class_sudoGeneric.inc @@ -35,8 +35,12 @@ class sudo extends plugin var $sudoHost = array("ALL"); var $sudoRunas = array("ALL"); + var $accessTo = array(); + var $trustModel = ""; + var $show_ws_dialog = FALSE; + var $objectclasses = array("top","sudoRole"); - var $attributes = array("cn","description","sudoUser","sudoCommand","sudoHost","sudoRunas"); + var $attributes = array("cn","description","sudoUser","sudoCommand","sudoHost","sudoRunas","accessTo","trustModel"); var $is_account = TRUE; @@ -90,6 +94,24 @@ class sudo extends plugin $this->$attr = $tmp; } } + + /* Is this account a trustAccount? */ + if ($this->is_account && isset($this->attrs['trustModel'])){ + $this->trustModel= $this->attrs['trustModel'][0]; + $this->was_trust_account= TRUE; + } else { + $this->was_trust_account= FALSE; + $this->trustModel= ""; + } + + $this->accessTo = array(); + if ($this->is_account && isset($this->attrs['accessTo'])){ + for ($i= 0; $i<$this->attrs['accessTo']['count']; $i++){ + $tmp= $this->attrs['accessTo'][$i]; + $this->accessTo[$tmp]= $tmp; + } + } + } } @@ -102,6 +124,98 @@ class sudo extends plugin /* Call parent execute */ plugin::execute(); + /********************* + Access control list + *********************/ + + /* Add user workstation? */ + if (isset($_POST["add_ws"])){ + $this->show_ws_dialog= TRUE; + $this->dialog= TRUE; + } + + /* Add user workstation? */ + if (isset($_POST["add_ws_finish"]) && isset($_POST['wslist'])){ + foreach($_POST['wslist'] as $ws){ + $this->accessTo[$ws]= $ws; + } + ksort($this->accessTo); + $this->is_modified= TRUE; + } + + /* Remove user workstations? */ + if (isset($_POST["delete_ws"]) && isset($_POST['workstation_list'])){ + foreach($_POST['workstation_list'] as $name){ + unset ($this->accessTo[$name]); + } + $this->is_modified= TRUE; + } + + /* Add user workstation finished? */ + if (isset($_POST["add_ws_finish"]) || isset($_POST["add_ws_cancel"])){ + $this->show_ws_dialog= FALSE; + $this->dialog= FALSE; + } + + /* Show ws dialog */ + if ($this->show_ws_dialog){ + + $smarty = get_smarty(); + + + /* Save data */ + $sysfilter= session::get("sysfilter"); + foreach( array("depselect", "regex") as $type){ + if (isset($_POST[$type])){ + $sysfilter[$type]= $_POST[$type]; + } + } + if (isset($_GET['search'])){ + $s= mb_substr($_GET['search'], 0, 1, "UTF8")."*"; + if ($s == "**"){ + $s= "*"; + } + $sysfilter['regex']= $s; + } + session::set("sysfilter", $sysfilter); + + /* Get workstation list */ + $exclude= ""; + foreach($this->accessTo as $ws){ + $exclude.= "(cn=$ws)"; + } + if ($exclude != ""){ + $exclude= "(!(|$exclude))"; + } + $regex= $sysfilter['regex']; + $filter= "(&(|(objectClass=goServer)(objectClass=gotoWorkstation)(objectClass=gotoTerminal))$exclude(cn=*)(cn=$regex))"; + + $deps_a = array(get_ou("serverou"), + get_ou("terminalou"), + get_ou("workstationou")); + + $res= get_sub_list($filter, array("terminal","server","workstation"), $deps_a, get_ou("systemsou").$sysfilter['depselect'], array("cn"), GL_SUBSEARCH | GL_SIZELIMIT); + $wslist= array(); + foreach ($res as $attrs){ + $wslist[]= preg_replace('/\$/', '', $attrs['cn'][0]); + } + asort($wslist); + $smarty->assign("search_image", get_template_path('images/search.png')); + $smarty->assign("launchimage", get_template_path('images/small_filter.png')); + $smarty->assign("tree_image", get_template_path('images/tree.png')); + $smarty->assign("deplist", $this->config->idepartments); + $smarty->assign("alphabet", generate_alphabet()); + foreach( array("depselect", "regex") as $type){ + $smarty->assign("$type", $sysfilter[$type]); + } + $smarty->assign("hint", print_sizelimit_warning()); + $smarty->assign("wslist", $wslist); + $smarty->assign("apply", apply_filter()); + $display= $smarty->fetch (get_template_path('trust_machines.tpl', TRUE, dirname(__FILE__))); + return ($display); + } + + /********************* Add users *********************/ @@ -234,6 +348,37 @@ class sudo extends plugin $smarty->assign($attr,$this->$attr); } + +/* Work on trust modes */ + $smarty->assign("trusthide", " disabled "); + $smarty->assign("trustmodeACL", $this->getacl("trustModel")); + if ($this->trustModel == "fullaccess"){ + $trustmode= 1; + // pervent double disable tag in html code, this will disturb our clean w3c html + $smarty->assign("trustmode", $this->getacl("trustModel")); + + } elseif ($this->trustModel == "byhost"){ + $trustmode= 2; + $smarty->assign("trusthide", ""); + } else { + // pervent double disable tag in html code, this will disturb our clean w3c html + $smarty->assign("trustmode", $this->getacl("trustModel")); + $trustmode= 0; + } + $smarty->assign("trustmode", $trustmode); + $smarty->assign("trustmodes", array( 0 => _("disabled"), 1 => _("full access"), + 2 => _("allow access to these hosts"))); + + if((count($this->accessTo))==0) + $smarty->assign("emptyArrAccess",true); + else + $smarty->assign("emptyArrAccess",false); + + + $smarty->assign("workstations", $this->accessTo); + + + $divlist_sudoUser = new divSelectBox("divlist_sudoUser"); $divlist_sudoUser->SetHeight("90"); $divlist_sudoHost = new divSelectBox("divlist_sudoHost"); @@ -291,6 +436,25 @@ class sudo extends plugin if(is_object($this->dialog)){ $this->dialog->save_object(); } + + /* Trust mode - special handling */ + if($this->acl_is_writeable("trustModel")){ + if (isset($_POST['trustmode'])){ + $saved= $this->trustModel; + if ($_POST['trustmode'] == "1"){ + $this->trustModel= "fullaccess"; + } elseif ($_POST['trustmode'] == "2"){ + $this->trustModel= "byhost"; + } else { + $this->trustModel= ""; + } + if ($this->trustModel != $saved){ + $this->is_modified= TRUE; + } + } + } + + } @@ -299,6 +463,32 @@ class sudo extends plugin function save() { plugin::save(); + /* Trust accounts */ + $objectclasses= array(); + foreach ($this->attrs['objectClass'] as $key => $class){ + if (preg_match('/trustAccount/i', $class)){ + continue; + } + $objectclasses[]= $this->attrs['objectClass'][$key]; + } + + $this->attrs['objectClass']= $objectclasses; + if ($this->trustModel != ""){ + $this->attrs['objectClass'][]= "trustAccount"; + $this->attrs['trustModel']= $this->trustModel; + $this->attrs['accessTo']= array(); + if ($this->trustModel == "byhost"){ + foreach ($this->accessTo as $host){ + $this->attrs['accessTo'][]= $host; + } + } + } else { + if ($this->was_trust_account){ + $this->attrs['accessTo']= array(); + $this->attrs['trustModel']= array(); + } + } + /* Ensure a correct array index */ diff --git a/gosa-plugins/sudo/admin/sudo/generic.tpl b/gosa-plugins/sudo/admin/sudo/generic.tpl index be45c1709..3a4e21adc 100644 --- a/gosa-plugins/sudo/admin/sudo/generic.tpl +++ b/gosa-plugins/sudo/admin/sudo/generic.tpl @@ -1,7 +1,7 @@ -

Sudo generic

- + + - - - - + + + +
Generic + +

Sudo generic

@@ -20,26 +20,55 @@
+ 		+

{t}System trust{/t}

+ {t}Trust mode{/t}  + {render acl=$trustmodeACL} + + {/render} + {render acl=$trustmodeACL} + + {/render} +
+ {render acl=$trustmodeACL} +   + {/render} + {render acl=$trustmodeACL} + + {/render} +

 

User / Groups {$divlist_sudoUser} Commands - {$divlist_sudoCommand} - -

 

Hosts {$divlist_sudoHost}

 

Commands + {$divlist_sudoCommand} + + Run as {$divlist_sudoRunas} -- 2.30.2