45bb500e8a1ee4f5888ce358135b4cb1cf1e4167
1 <?php
2 /*!
3 \brief sudo-ldap plugin
4 \author Guido Serra <gserra@guidoserra.it>
5 \version 1.00
6 \date 22.03.2008
8 This class provides the functionality to read and write all attributes
9 relevant for sudo-ldap from/to the LDAP.
10 */
12 class sudoldap extends plugin
13 {
14 /* Definitions */
15 var $plHeadline= "sudo-ldap";
16 var $plDescription= "This does something";
18 /* Plugin specific values */
20 var $dialog = NULL;
22 var $attributes = array("cn",
23 "description",
24 "sudoUser",
25 "sudoHost",
26 "sudoCommand",
27 "sudoRunAs",
28 "sudoOption");
30 var $objectclasses = array("sudoRole");
32 var $Roles = array();
34 /* constructor, if 'dn' is set, the node loads the given
35 'dn' from LDAP */
36 function sudoldap ($config, $dn= NULL, $parent= NULL)
37 {
38 /* Configuration is fine, allways */
39 $this->config= $config;
41 /* Load bases attributes */
42 plugin::plugin($config, $dn, $parent);
44 $ldap= $this->config->get_ldap_link();
45 }
48 /* execute generates the html output for this node */
49 function execute($isCopyPaste = false)
50 {
51 /* Call parent execute */
52 plugin::execute();
53 $display= "";
54 $smarty= get_smarty();
56 $this->Roles = $this->getRoles();
58 /* Edited or Added zone
59 */
60 if((isset($_POST['SaveRoleChanges'])) && is_object($this->dialog)){
61 $this->dialog->save_object();
63 /* Check for errors
64 */
65 if(count($this->dialog->check())){
66 foreach($this->dialog->check() as $msgs){
67 print_red($msgs);
68 }
69 }else{
70 /* add new/edited zone
71 */
72 $ret = $this->dialog->save();
73 //if(!$this->dialog->isNew){
74 // unset($this->Roles[$this->dialog->OldRoleName]);
75 //}
76 $this->Roles[$ret['cn']] = $ret;
77 $this->dialog = NULL;
78 }
79 }
81 /* Cancel zone edit / new
82 */
83 if(isset($_POST['CancelRoleChanges'])){
84 $this->dialog = NULL;
85 }
87 /* Add empty new zone
88 */
89 //if(isset($_POST['AddRole']) && chkacl($this->acl,"sudoldap") == ""){
90 if(isset($_POST['AddRole'])){
91 $this->dialog = new sudoldapEditRole($this->config);
92 }
94 /* Check for edit role request
95 */
96 $once = false;
97 foreach( $_POST as $name => $value){
99 /* check all post for edit request
100 */
101 //if(preg_match("/^editRole_/",$name)&&!$once && chkacl($this->acl,"sudoldap") == ""){
102 if(preg_match("/^editRole_/",$name)&&!$once){
103 $once =true;
104 $tmp = preg_replace("/^editRole_/","",$name);
105 $tmp = base64_decode(preg_replace("/_.*$/","",$tmp));
106 $this->dialog= new sudoldapeditRole($this->config,$this->dn,$this->Roles[$tmp]);
107 }
109 /* check posts for delete zone
110 */
111 //if(preg_match("/^delRole_/",$name)&&!$once && chkacl($this->acl,"sudoldap") == ""){
112 if(preg_match("/^delRole_/",$name)&&!$once){
114 $once =true;
115 $tmp = preg_replace("/^delRole_/","",$name);
116 $tmp = base64_decode(preg_replace("/_.*$/","",$tmp));
118 /* Initiate deletion
119 */
120 $this->RemoveRole($tmp);
121 }
122 }
124 /* Show dialog
125 */
126 if($this->dialog!= NULL){
127 $this->dialog->save_object();
128 $this->dialog->parent = $this;
129 return($this->dialog->execute());
130 }
132 $RoleList = new divSelectBox("sudoRoles");
133 $RoleList -> SetHeight(300);
134 $editImg = "<input type='image' src='images/edit.png' name='editRole_%s'>
135 <input type='image' src='images/edittrash.png' name='delRole_%s'>";
136 foreach($this->Roles as $role => $values ){
137 $link = "<a href='?plug=".$_GET['plug']."&act=edit&id=%s'>%s</a>";
138 $RoleList->AddEntry(array(
139 array("string" => sprintf($link,base64_encode($role),$role)),
140 //array("string" => sprintf($link,base64_encode($zone),_("Reverse zone")." : ".getNameFromMix($values['ReverseZone']))),
141 //array("string" => _("TTL")." : ".$values['sOAttl']),
142 //array("string" => _("Class")." : ".$values['dNSClass']),
143 array("string" => str_replace("%s",base64_encode($role),$editImg))
144 ));
145 }
147 $smarty->assign("sudoldapACL",chkacl($this->acl,"sudoldap"));
149 $smarty->assign("RoleList",$RoleList->DrawList());
150 $display.= $smarty->fetch(get_template_path('sudoldap.tpl', TRUE));
151 return($display);
152 }
154 function getRoles()
155 {
156 $ret = array();
157 $ldap = $this->config->get_ldap_link();
158 $ldap->cd($this->config->current['BASE']);
159 $ldap->search("(objectClass=sudoRole)",$this->attributes);
160 while ($attrs= $ldap->fetch()){
161 $cn= $attrs['cn'][0];
162 foreach($this->attributes as $value){
163 if(isset($attrs[$value])){
164 $ret[$cn][$value] = $attrs[$value][0];
165 }
166 }
167 }
168 return($ret);
169 }
171 function RemoveRole($cn){
172 if($cn!=""){
173 $ldap= $this->config->get_ldap_link();
174 $dn = "cn=".$cn.",ou=SUDOers,".$this->config->current['BASE'];
175 $ldap->cd($dn);
176 $ldap->rmdir_recursive($dn);
177 show_ldap_error($ldap->get_error(), _("Removing DNS entries failed"));
178 unset($this->Roles[$cn]);
179 }
180 }
183 }
185 // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
186 ?>