![[tokkee]](http://tokkee.org/images/avatar.png){kind=avatar}
diff --git a/branches/old/gosa-plugins/sudo/admin/sudo/class_sudoManagement.inc b/branches/old/gosa-plugins/sudo/admin/sudo/class_sudoManagement.inc
--- /dev/null
@@ -0,0 +1,527 @@
+<?php
+/*
+ * This code is part of GOsa (http://www.gosa-project.org)
+ * Copyright (C) 2003-2008 GONICUS GmbH
+ *
+ * ID: $$Id: class_sudoManagement.inc 10099 2008-04-01 12:52:01Z hickert $$
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ */
+
+/*! \brief This is the sudo management class. \
+ This class allows to add/remove/edit sudo roles with GOsa. \
+ All roles will be listed by this plugin, the displayed objects \
+ can also be filtered.
+*/
+class sudoManagement extends plugin
+{
+ /* Definitions */
+ public $plHeadline = "Sudo roles";
+ public $plDescription = "Manage sudo roles";
+ public $plIcon ="plugins/sudo/images/sudo.png";
+
+ private $DivListSudo = NULL;
+ private $sudotabs = NULL;
+ private $base = "";
+
+ private $start_pasting_copied_objects = FALSE;
+
+ public $acl_module = array("sudo");
+
+ /*! \brief */
+ public function __construct(&$config, &$ui)
+ {
+ /* Save configuration for internal use */
+ $this->config = &$config;
+ $this->ui = &$ui;
+ $this->base = sudo::get_sudoers_ou($this->config);
+
+ /* Copy & Paste enabled ?*/
+ if ($this->config->get_cfg_value("copyPaste") == "true"){
+ $this->CopyPasteHandler = new CopyPasteHandler($this->config);
+ }
+
+ /* Create dialog object */
+ $this->DivListSudo = new divListSudo($this->config,$this);
+ }
+
+
+ /*! \brief Generate && Display HTML content
+ */
+ public function execute()
+ {
+ /* Call parent execute */
+ plugin::execute();
+
+ /********************
+ Handle Posts
+ ********************/
+
+ /* Store these posts if the current object is locked (used by somebody else)*/
+ session::set('LOCK_VARS_TO_USE',array(
+ "/^act$/","/^id$/","/^sudo_edit_/","/^cut_/","/^copy_/",
+ "/^sudo_del_/","/^item_selected/","/menu_action/"));
+
+
+ /* Get html posts */
+ $s_action = "";
+ $s_entry = "";
+ foreach($_POST as $name => $value){
+ if(preg_match("/^sudo_edit_/",$name)){
+ $s_action = "edit_role";
+ $s_entry = preg_replace("/^sudo_edit_([0-9]*).*$/","\\1",$name);
+ }
+ if(preg_match("/^sudo_del_/",$name)){
+ $s_action = "del_role";
+ $s_entry = preg_replace("/^sudo_del_([0-9]*).*$/","\\1",$name);
+ }elseif(preg_match("/^editPaste.*/i",$name)){
+ $s_action="editPaste";
+ }elseif(preg_match("/^copy_.*/",$name)){
+ $s_action="copy";
+ $s_entry = preg_replace("/^copy_([0-9]*).*$/i","\\1",$name);
+# }elseif(preg_match("/^cut_.*/",$name)){
+# $s_action="cut";
+# $s_entry = preg_replace("/^cut_([0-9]*).*$/i","\\1",$name);
+ }
+ }
+
+ if(isset($_GET['act']) && isset($_GET['id']) && $_GET['act'] == "edit_entry"){
+ $id = trim($_GET['id']);
+ if(isset($this->list[$id])){
+ $s_action = "edit_role";
+ $s_entry = $id;
+ }
+ }
+
+ if(isset($_POST['menu_action']) && in_array($_POST['menu_action'],array("new_role","del_role","new_default","editPaste"))){
+ $s_action = $_POST['menu_action'];
+ }
+
+ /* handle C&P from layers menu */
+ if(isset($_POST['menu_action']) && preg_match("/^multiple_copy_systems/",$_POST['menu_action'])){
+ $s_action = "copy_multiple";
+ }
+
+ $smarty= get_smarty();
+
+ /********************
+ Copy & Paste Handling ...
+ ********************/
+
+ /* Display the copy & paste dialog, if it is currently open */
+ $ret = $this->copyPasteHandling_from_queue($s_action,$s_entry);
+ if($ret){
+ return($ret);
+ }
+
+
+ /********************
+ Create a new sudo ...
+ ********************/
+
+ /* New sudo? */
+ if ($s_action=="new_role" || $s_action == "new_default"){
+
+ /* Check create permissions */
+ $acl = $this->ui->get_permissions($this->base,"sudo/sudo");
+ if(preg_match("/c/",$acl)){
+
+ /* By default we set 'dn' to 'new', all relevant plugins will
+ react on this. */
+ $this->dn= "new";
+
+ /* Create new sudotabs object */
+ $this->sudotabs= new sudotabs($this->config, $this->config->data['TABS']['SUDOTABS'], $this->dn);
+
+ /* Set up the sudo ACL's for this 'dn' */
+ $this->sudotabs->set_acl_base($this->base);
+
+ /* This entry will become the default entry */
+ if($s_action == "new_default"){
+ $this->sudotabs->set_default(TRUE);
+ }
+ }
+ }
+
+
+ /********************
+ Save Sudo Tab/Object Changes
+ ********************/
+
+ /* Save changes */
+ if ((isset($_POST['edit_finish']) || isset($_POST['edit_apply'])) && is_object($this->sudotabs)){
+
+ /* Check tabs, will feed message array
+ Save, or display error message? */
+ $message= $this->sudotabs->check();
+ if (count($message) == 0){
+
+ /* Save user data to ldap */
+ $this->sudotabs->save();
+
+ if (!isset($_POST['edit_apply'])){
+
+ /* Sudo has been saved successfully, remove lock from LDAP. */
+ if ($this->dn != "new"){
+ $this->remove_lock();
+ }
+ unset ($this->sudotabs);
+ $this->sudotabs= NULL;
+ session::un_set('objectinfo');
+ }else{
+
+ /* Reinitialize tab */
+ if($this->sudotabs instanceof tabs){
+ $this->sudotabs->re_init();
+ }
+ }
+ } else {
+ /* Ok. There seem to be errors regarding to the tab data,
+ show message and continue as usual. */
+ msg_dialog::displayChecks($message);
+ }
+ }
+
+
+ /********************
+ Edit existing role
+ ********************/
+
+ /* User wants to edit data? */
+ if (($s_action=="edit_role") && !is_object($this->sudotabs)){
+
+ /* Get 'dn' from posted 'uid', must be unique */
+ $this->dn= $this->list[trim($s_entry)]['dn'];
+
+ /* Check locking & lock entry if required */
+ $user = get_lock($this->dn);
+ if ($user != ""){
+ return(gen_locked_message ($user, $this->dn));
+ }
+ add_lock ($this->dn, $this->ui->dn);
+
+ /* Register sudotabs to trigger edit dialog */
+ $this->sudotabs= new sudotabs($this->config,$this->config->data['TABS']['SUDOTABS'], $this->dn);
+ $this->sudotabs->set_acl_base($this->base);
+ session::set('objectinfo',$this->dn);
+ }
+
+
+ /********************
+ Delete entries requested, display confirm dialog
+ ********************/
+
+ if ($s_action=="del_role"){
+ $ids = $this->list_get_selected_items();
+ if(!count($ids) && $s_entry!=""){
+ $ids = array($s_entry);
+ }
+
+ $this->dns = array();
+ if(count($ids)){
+ $disallowed = array();
+ foreach($ids as $id){
+ $dn = $this->list[$id]['dn'];
+ $acl = $this->ui->get_permissions($dn, "sudo/sudo");
+ if(preg_match("/d/",$acl)){
+ $this->dns[$id] = $dn;
+ }else{
+ $disallowed[] = $dn;
+ }
+ }
+
+ if(count($disallowed)){
+ msg_dialog::display(_("Permission"),msgPool::permDelete($disallowed),INFO_DIALOG);
+ }
+
+ if(count($this->dns)){
+
+ /* Check locking of entries */
+ $users = get_multiple_locks($this->dns);
+ if(count($users)){
+ return(gen_locked_message($users,$this->dns));
+ }
+
+ /* Add locks */
+ add_lock($this->dns,$this->ui->dn);
+
+ /* Lock the current entry, so nobody will edit it during deletion */
+ $smarty->assign("info", msgPool::deleteInfo($this->dns,_("Sudo role")));
+ return($smarty->fetch(get_template_path('remove.tpl', TRUE)));
+ }
+ }
+ }
+
+
+ /********************
+ Delete entries confirmed
+ ********************/
+
+ /* Confirmation for deletion has been passed. Sudo should be deleted. */
+ if (isset($_POST['delete_sudos_confirmed'])){
+
+ /* Remove user by user and check acls before removeing them */
+ foreach($this->dns as $key => $dn){
+
+ /* Load permissions for selected 'dn' and check if
+ we're allowed to remove this 'dn' */
+ $acl = $this->ui->get_permissions($dn,"sudo/sudo");
+ if(preg_match("/d/",$acl)){
+
+ /* Delete request is permitted, perform LDAP action */
+ $this->sudotabs= new sudotabs($this->config,$this->config->data['TABS']['SUDOTABS'], $dn);
+ $this->sudotabs->set_acl_base($dn);
+ $this->sudotabs->delete ();
+ unset ($this->sudotabs);
+ $this->sudotabs= NULL;
+
+ } else {
+
+ /* Normally this shouldn't be reached, send some extra
+ logs to notify the administrator */
+ msg_dialog::display(_("Permission error"), msgPool::permDelete(), ERROR_DIALOG);
+ new log("security","sudo/".get_class($this),$dn,array(),"Tried to trick deletion.");
+ }
+ }
+
+ /* Remove lock file after successfull deletion */
+ $this->remove_lock();
+ $this->dns = array();
+ }
+
+
+ /********************
+ Delete entries Canceled
+ ********************/
+
+ /* Remove lock */
+ if(isset($_POST['delete_sudo_cancel'])){
+ $this->remove_lock();
+ $this->dns = array();
+ }
+
+ /********************
+ A dialog was canceled
+ ********************/
+
+ /* Cancel dialogs */
+ if (isset($_POST['edit_cancel']) && is_object($this->sudotabs)){
+ $this->remove_lock();
+ $this->sudotabs= NULL;
+ session::un_set('objectinfo');
+ }
+
+
+ /********************
+ If there is currently a dialog open, display it
+ ********************/
+
+ /* Show tab dialog if object is present */
+ if (is_object($this->sudotabs)){
+ $display= $this->sudotabs->execute();
+
+ /* Don't show buttons if tab dialog requests this */
+ if(isset($this->sudotabs->by_object)){
+ if (!$this->sudotabs->by_object[$this->sudotabs->current]->dialog){
+ $display.= "<p style=\"text-align:right\">\n";
+ $display.= "<input type=submit name=\"edit_finish\" style=\"width:80px\" value=\"".msgPool::okButton()."\">\n";
+ $display.= " \n";
+ if ($this->dn != "new"){
+ $display.= "<input type=submit name=\"edit_apply\" value=\"".msgPool::applyButton()."\">\n";
+ $display.= " \n";
+ }
+ $display.= "<input type=submit name=\"edit_cancel\" value=\"".msgPool::cancelButton()."\">\n";
+ $display.= "</p>";
+ }
+ }
+ return ($display);
+ }
+
+ /* Check if there is a snapshot dialog open */
+ if($str = $this->showSnapshotDialog(sudo::get_sudoers_ou($this->config),$this->get_used_snapshot_bases(),$this)){
+ return($str);
+ }
+
+ /* Display dialog with sudo list */
+ $this->DivListSudo->execute();
+ $this->reload ();
+ $this->DivListSudo->setEntries($this->list);
+ return($this->DivListSudo->Draw());
+ }
+
+
+ /*! \brief Return all selected elements from HTML list
+ @return Array List of all selected list elements
+ */
+ private function list_get_selected_items()
+ {
+ $ids = array();
+ foreach($_POST as $name => $value){
+ if(preg_match("/^item_selected_[0-9]*$/",$name)){
+ $id = preg_replace("/^item_selected_/","",$name);
+ $ids[$id] = $id;
+ }
+ }
+ return($ids);
+ }
+
+
+ /*! \brief Reload the list of sudo roles.
+ */
+ private function reload($CreatePosixsList=false)
+ {
+ $this->list = array();
+ $base = $this->base;
+
+ $Regex = trim($this->DivListSudo->Regex);
+ $UserRegex = trim($this->DivListSudo->UserRegex);
+ $SubSearch = $this->DivListSudo->SubSearch;
+
+ /********************
+ Create filter depending on selected checkboxes
+ ********************/
+ $values = array("cn","description","sudoUser","sudoCommand","sudoOption");
+ if($UserRegex == "*"){
+ $ff = "(&(|(cn=".$Regex.")(description=".$Regex."))(objectClass=sudoRole))";
+ }else{
+ $ff = "(&(|(cn=".$Regex.")(description=".$Regex."))(sudoUser=".$UserRegex.")(objectClass=sudoRole))";
+ }
+ $res = get_list($ff, "sudo",$base,$values, GL_SIZELIMIT);
+ $tmp = array();
+ foreach($res as $attrs){
+ $tmp[$attrs['cn'][0]] = $attrs;
+ }
+ uksort($tmp, 'strnatcasecmp');
+ $this->list = array_values($tmp);
+ }
+
+
+ /*! \brief Save HTML post data to object
+ */
+ public function save_object()
+ {
+ $this->DivListSudo->save_object();
+ if(is_object($this->CopyPasteHandler)){
+ $this->CopyPasteHandler->save_object();
+ }
+ }
+
+
+ /*! \brief Remove this account
+ */
+ public function remove_from_parent()
+ {
+ /* Optionally execute a command after we're done */
+ $this->postremove();
+ }
+
+
+ /*! \brief Save to LDAP
+ */
+ public function save()
+ {
+ /* Optionally execute a command after we're done */
+ $this->postcreate();
+ }
+
+
+ /*! \brief Remove lock from entry
+ */
+ public function remove_lock()
+ {
+ if (is_object($this->sudotabs) && $this->sudotabs->dn != "new"){
+ del_lock ($this->sudotabs->dn);
+ }
+ if(isset($this->dns) && is_array($this->dns) && count($this->dns)){
+ del_lock($this->dns);
+ }
+ }
+
+ function get_used_snapshot_bases()
+ {
+ return(array(sudo::get_sudoers_ou($this->config)));
+ }
+
+
+ function copyPasteHandling_from_queue($s_action,$s_entry)
+ {
+ /* Check if Copy & Paste is disabled */
+ if(!is_object($this->CopyPasteHandler)){
+ return("");
+ }
+
+ $ui = get_userinfo();
+
+ /* Add a single entry to queue */
+ if($s_action == "cut" || $s_action == "copy"){
+
+ /* Cleanup object queue */
+ $this->CopyPasteHandler->cleanup_queue();
+ $dn = $this->list[$s_entry]['dn'];
+
+ if($s_action == "copy" && $ui->is_copyable($dn,"sudo","sudo")){
+ $this->CopyPasteHandler->add_to_queue($dn,$s_action,"sudotabs","SUDOTABS","sudo");
+ }
+# if($s_action == "cut" && $ui->is_cutable($dn,"sudo","sudo")){
+# $this->CopyPasteHandler->add_to_queue($dn,$s_action,"sudotabs","SUDOTABS","sudo");
+# }
+ }
+
+ /* Add entries to queue */
+ if($s_action == "copy_multiple" || $s_action == "cut_multiple"){
+
+ /* Cleanup object queue */
+ $this->CopyPasteHandler->cleanup_queue();
+
+ /* Add new entries to CP queue */
+ foreach($this->list_get_selected_items() as $id){
+ $dn = $this->list[$id]['dn'];
+
+ if($s_action == "copy_multiple" && $ui->is_copyable($dn,"sudo","sudo")){
+ $this->CopyPasteHandler->add_to_queue($dn,"copy","sudotabs","SUDOTABS","sudo");
+ }
+# if($s_action == "cut_multiple" && $ui->is_cutable($dn,"sudo","sudo")){
+# $this->CopyPasteHandler->add_to_queue($dn,"cut","sudotabs","SUDOTABS","sudo");
+# }
+ }
+ }
+
+ /* Start pasting entries */
+ if($s_action == "editPaste"){
+ $this->start_pasting_copied_objects = TRUE;
+ }
+
+ /* Return C&P dialog */
+ if($this->start_pasting_copied_objects && $this->CopyPasteHandler->entries_queued()){
+
+ /* Get dialog */
+ $this->CopyPasteHandler->SetVar("base",$this->DivListSudo->selectedBase);
+ $data = $this->CopyPasteHandler->execute();
+
+ /* Return dialog data */
+ if(!empty($data)){
+ return($data);
+ }
+ }
+
+ /* Automatically disable status for pasting */
+ if(!$this->CopyPasteHandler->entries_queued()){
+ $this->start_pasting_copied_objects = FALSE;
+ }
+ return("");
+ }
+}
+// vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
+?>