sudo-ldap/src/class_sudoldap.inc

   1 <?php
   2 /*!
   3   \brief   sudo-ldap plugin
   4   \author  Guido Serra <gserra@guidoserra.it>
   5   \version 1.00
   6   \date    22.03.2008
   7
   8   This class provides the functionality to read and write all attributes
   9   relevant for sudo-ldap from/to the LDAP.
  10  */
  11
  12 class sudoldap extends plugin
  13 {
  14   /* Definitions */
  15   var $plHeadline= "sudo-ldap";
  16   var $plDescription= "This does something";
  17
  18   /* Plugin specific values */
  19
  20   var $dialog           = NULL;
  21
  22   var $attributes       = array("cn",
  23                                 "description",
  24                                 "sudoUser",
  25                                 "sudoHost",
  26                                 "sudoCommand",
  27                                 "sudoRunAs",
  28                                 "sudoOption");
  29
  30   var $objectclasses    = array("sudoRole");
  31
  32   var $Roles            = array();
  33
  34   /* constructor, if 'dn' is set, the node loads the given
  35      'dn' from LDAP */
  36   function sudoldap ($config, $dn= NULL, $parent= NULL)
  37   {
  38     /* Configuration is fine, allways */
  39     $this->config= $config;
  40
  41     /* Load bases attributes */
  42     plugin::plugin($config, $dn, $parent);
  43
  44     $ldap= $this->config->get_ldap_link();
  45   }
  46
  47
  48   /* execute generates the html output for this node */
  49   function execute($isCopyPaste = false)
  50   {
  51         /* Call parent execute */
  52         plugin::execute();
  53         $display= "";
  54         $smarty= get_smarty();
  55
  56         $this->Roles = $this->getRoles();
  57
  58         /* Edited or Added zone
  59          */
  60         if((isset($_POST['SaveRoleChanges'])) && is_object($this->dialog)){
  61                 $this->dialog->save_object();
  62
  63                 /* Check for errors
  64                  */
  65                 if(count($this->dialog->check())){
  66                         foreach($this->dialog->check() as $msgs){
  67                                 print_red($msgs);
  68                         }
  69                 }else{
  70                         /* add new/edited zone
  71                          */
  72                         $ret = $this->dialog->save();
  73                         //if(!$this->dialog->isNew){
  74                         //      unset($this->Roles[$this->dialog->OldRoleName]);
  75                         //}
  76                         $this->Roles[$ret['cn']] = $ret;
  77                         $this->dialog = NULL;
  78                 }
  79         }
  80
  81         /* Cancel zone edit / new
  82          */
  83         if(isset($_POST['CancelRoleChanges'])){
  84                 $this->dialog = NULL;
  85         }
  86
  87         /* Add empty new zone
  88          */
  89         //if(isset($_POST['AddRole']) && chkacl($this->acl,"sudoldap") == ""){
  90         if(isset($_POST['AddRole'])){
  91                 $this->dialog = new sudoldapEditRole($this->config);
  92         }
  93
  94         /* Check for edit role request
  95          */
  96         $once = false;
  97         foreach( $_POST as $name => $value){
  98
  99                 /* check all post for edit request
 100                  */
 101                 //if(preg_match("/^editRole_/",$name)&&!$once && chkacl($this->acl,"sudoldap") == ""){
 102                 if(preg_match("/^editRole_/",$name)&&!$once){
 103                         $once =true;
 104                         $tmp = preg_replace("/^editRole_/","",$name);
 105                         $tmp = base64_decode(preg_replace("/_.*$/","",$tmp));
 106                         $this->dialog= new sudoldapeditRole($this->config,$this->dn,$this->Roles[$tmp]);
 107                 }
 108
 109                 /* check posts for delete zone
 110                  */
 111                 //if(preg_match("/^delRole_/",$name)&&!$once && chkacl($this->acl,"sudoldap") == ""){
 112                 if(preg_match("/^delRole_/",$name)&&!$once){
 113
 114                         $once =true;
 115                         $tmp = preg_replace("/^delRole_/","",$name);
 116                         $tmp = base64_decode(preg_replace("/_.*$/","",$tmp));
 117
 118                 /* Initiate deletion
 119                  */
 120                 $this->RemoveRole($tmp);
 121                 }
 122         }
 123
 124         /* Show dialog
 125          */
 126         if($this->dialog!= NULL){
 127                 $this->dialog->save_object();
 128                 $this->dialog->parent = $this;
 129                 return($this->dialog->execute());
 130         }
 131
 132         $RoleList = new divSelectBox("sudoRoles");
 133         $RoleList -> SetHeight(300);
 134         $editImg = "<input type='image' src='images/edit.png' name='editRole_%s'>
 135         <input type='image' src='images/edittrash.png' name='delRole_%s'>";
 136         foreach($this->Roles as $role => $values ){
 137                 $link = "<a href='?plug=".$_GET['plug']."&act=edit&id=%s'>%s</a>";
 138                 $RoleList->AddEntry(array(
 139                         array("string" => sprintf($link,base64_encode($role),$role)),
 140                         //array("string" => sprintf($link,base64_encode($zone),_("Reverse zone")." : ".getNameFromMix($values['ReverseZone']))),
 141                         //array("string" => _("TTL")." : ".$values['sOAttl']),
 142                         //array("string" => _("Class")." : ".$values['dNSClass']),
 143                         array("string" => str_replace("%s",base64_encode($role),$editImg))
 144             ));
 145         }
 146
 147         $smarty->assign("sudoldapACL",chkacl($this->acl,"sudoldap"));
 148
 149         $smarty->assign("RoleList",$RoleList->DrawList());
 150         $display.= $smarty->fetch(get_template_path('sudoldap.tpl', TRUE));
 151         return($display);
 152   }
 153
 154   function getRoles()
 155   {
 156     $ret = array();
 157     $ldap = $this->config->get_ldap_link();
 158     $ldap->cd($this->config->current['BASE']);
 159     $ldap->search("(objectClass=sudoRole)",$this->attributes);
 160     while ($attrs= $ldap->fetch()){
 161         $cn= $attrs['cn'][0];
 162         foreach($this->attributes as $value){
 163                 if(isset($attrs[$value])){
 164                         $ret[$cn][$value] = $attrs[$value][0];
 165                 }
 166         }
 167     }
 168     return($ret);
 169   }
 170
 171   function RemoveRole($cn){
 172         if($cn!=""){
 173                 $ldap= $this->config->get_ldap_link();
 174                 $dn = "cn=".$cn.",ou=SUDOers,".$this->config->current['BASE'];
 175                 $ldap->cd($dn);
 176                 $ldap->rmdir_recursive($dn);
 177                 show_ldap_error($ldap->get_error(), _("Removing DNS entries failed"));
 178                 unset($this->Roles[$cn]);
 179         }
 180   }
 181
 182
 183 }
 184
 185 // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
 186 ?>