From c33e212295a670dd51ce07ff233e71f7a85f56a3 Mon Sep 17 00:00:00 2001
From: Roland Gruber <post@rolandgruber.de>
Date: Fri, 12 Aug 2011 18:25:13 +0000
Subject: [PATCH] added authorized services

---
 lam/graphics/services.png                   | Bin 0 -> 2259 bytes
 lam/lib/modules/authorizedServiceObject.inc | 309 ++++++++++++++++++++
 2 files changed, 309 insertions(+)
 create mode 100644 lam/graphics/services.png
 create mode 100644 lam/lib/modules/authorizedServiceObject.inc

diff --git a/lam/graphics/services.png b/lam/graphics/services.png
new file mode 100644
index 0000000000000000000000000000000000000000..56a5bd7f90105eea278fd66c6e17f28067bd2b16
GIT binary patch
literal 2259
zcmV;^2rT!BP)<h;3K|Lk000e1NJLTq001BW001Be1^@s6b9#F8000P@Nkl<ZScS!w
zdvH|M9ml`--rbvhC!4Sv2qYw>;UPp?-l!PfEmkUOQ5j1*sH0UV6d#Q!6vR@IL28{+
z1X0AI8S#-o1Cof48eR!$LLO{@kj-u$o9rXIn|<B8d+$A`e<%)$1aNTro%zk&x%Zqi
zpL@Q)-|rlT5Q6`w*lP`-mp$)3P_?Sn<v-=<@t@fI!QmM{D!|d&7TxOY`?lG8{Cnm+
zzMhXIWN^Idfn<Yr@*s<OYI#L<ek>v5rJbeI+ueb(C2My+`GW`uAy>q--@cIaTG8RN
zwstRVcKPU`>T?J89<4j%@rM*&UzA2-aa!N%^1XfF`1WR}r!^wPX-{8-KJ)sAZ+zc+
z{lyh8Bt=0)l(1p<p~?<_h&tQ>Du@bI2%&-`)3~hAxFl0aCX^6D1u;PbQGpUd=(q*T
zAG=Y2Z&^@YeLmxrT?edb8Kd=aNz$b0v`9Ac2#X?I-Y`79Q8cu;;OO=vBnSu#aVUg<
zC4iVvAjU<Vq)=2gwvG6#`drfWIKW)0f{!cCs4jMR>hGU9VMsJ8bmwHGju0e@n3Moy
zK&RuO)$-^G1dygT!mLk1EG_{I1p^k6EF&BhBVgDI1}#5s&DM|BZ!IiX3+6fi6auXL
z+xuIdSU7hj!!a=MJU|H~0x)U@X1xaCkchJCv$3<bwoponF=^)1Jk#V`vN)dMkWdIH
z2tpANW|IyomPK2)zvte^R~OWm{`2$x08|u!5KrL0HH}@GMRx%#5R1gY>r~)a7G}K$
zB^8aa!ooiv@ibM`f{K0s>J9oqnX?u>HT%7dD{ir-8UV0}t2uOdgUGa|ps}qx(Oh}Z
zc1;fiNr5jI1pscwBkM|fgHdX0_fUIJfCi!hEh;-5Q=5PCcK~w$<N!zoU<EK1z>;wb
zmLH1=2}%f|F)=|MJ-xK9rJJf#hW(<Y!+Y%{<XHyE1`V{<F<fqLPI6cjz^gfEcojl|
zgy+}2c2Ek~cL6v;2x%jP_z58%B9nRm`)f<K?%e!-xf=jvLIE%^YShRaGl^BJIfz1{
z{~gFLSe^b_(HEPX-k`s}wTGNI>!40|AMK3_w4|~@WHo680Jy8xF)(E8{H6Qil1zQ!
zD81O@r*$n|)D?`z&v*J9zh1T}uiqUwUc4u@xwU;_no)076p0}UMKBUWw>OB^4!4hp
z{xgIS<!V1b2<dd$ThH|NiD>QgArK5B6cf-F5qLr{^vM2?Ed3@S7?30tr|5VNYF>>*
zRD@2e2FEb4rlqLCY9iOlqvQb=DT!ymt2oFCfuaCuIxQqgg4UR->TfP9hr8`>Z`t(n
zs5y`BIb3b)qY6c`UW<Wd6J}1xwWefG7*1(_O91(^rcYFJEQ}^Sz_QS4I6S&;YeU}j
zg=>5*r%&}e`D-5;0L=8?t=Vy?s+rn*{4^xQDItWuw6nAv49^ke`#rRb`Q@zhoj&Pe
zx1ZXa9(v?V3oWjwS2+EU+&A_f#YtQHwa)@YA<zyQJGkhJ+Un1%nrYeT=CAsGT%v>!
zx^hd=TdX!+qkL!bpr6gZ?LYOcon5{VZF0Ej=?fin?~yuMWpmQ04?Vw%5Q4ZUL6WZy
zzz{+}DRA$K%^OSJc(%~)>P6YfCd|F#Rt!rwgHnKDfZ7Wk7heC@fg*>qvyta{)2uru
z&0R8o+5$?c#vh46Rw$fZJ|tubnHd)Jg=6sbhW2{=eTIw9F55o}7eDuX4t#SK@F~Ma
z?<+4oF>lf+Q)Qza_D(P6O}iCVgBGA)T}&7TP`<A9SUdr5UlgJwLs1CYd;D<wf=C}=
z1~>+XkJX-dXx<%TveHvcyGxI?Z+LOdh|H0<P8^n-oAvLlh3{VhKq-)O`-6WNI3#n9
z^V~V-(&bM)l9rsJ%bz?PqcSZ>$Us<#<Gj-ityYZ`qYjcxAczUryS(uDf)EmtkUKO(
zn~-G6s~E@Zi6gVrEXTza1-nX5)GwGe77`(O&%FBXvQM_G-1aR10AN{`1&|CN^un9P
z`xnifdRNI8HOS7gV06x4n2b6Iu{an85M>#@U<4hmUJw8SQjLUVSjCcNQV+GHz--VW
zE=lkNqsUG-BT3Cck`$=b9Lj6XSIwO;V#*Z&03d-vqqCZhSJyO888bA)9}!S|v=)J2
zjOukf1BL-8z;Fx#eGxJuX9$yFO<@!YG@N(FCX5=Il#y!U!f_dYdi9-#FAtP7jh-?s
zr|9)nlhe%x)*Xmo`h8D6Wk2@8wr|St%J#~!>3Q>>e&xL~Z)JmB(hna0oF;wDQ^l2y
z;o8<N+T?K41uHgJfHT~aU$Ex0;>t!k`GIFkj9F6(iYpr;y`dQW{a@cb2jD>f;{n_~
zbIIB-C0U^-8rziA;WOr5^-6Xr6hZ)%akR=fbRhs80Pgv%pPo6{?4*?qZ8U4j!Y2tK
z0H@F6^h54W8##OSTl<fnI%#uKPcTCB3s!#!fWOpdewx4dFHU!mRy8|mlf$j7d9!5W
zq~APkxxTxb@>Q=;88YwGSZ;YNX~3w(;PeA8A9LHH!e<piXvLX}w8tNz>)$DDWwirS
zFMWSuTk-x5Zy!BU+d{j1VLE^5rX7sNl6FN7{7@MNj~{!yvb08sODdNqfcx^t;&_vz
zZu^Jj`+hZZ;_dlAA3mqX=0KavE2?=l)~|i_VOQP$Pj4Ck%kqrII`V#i4tsjt%YV!p
zo;7e}_8?eO3~&b`IBR#o(;JMfTDJ6=g#W@>fU6=zO7weD-G~TDPyiouT8rhL8RJ*z
zwMnS4IdJY`r;?drVRJIAOm>Dv%ki2jLP*^=;5Q54k{E`gJNACwZqOvb8;rDVT=DQj
zpBy||7LJN|ansH+G0^4x*7%!c!R2CEHr13pb#Xi#=n}lPk6E>G1e;{aCb8~ggplZu
h4sav7=@#6m{s*q(z;}Tmu7Lmm002ovPDHLkV1gpVG(i9W

literal 0
HcmV?d00001

diff --git a/lam/lib/modules/authorizedServiceObject.inc b/lam/lib/modules/authorizedServiceObject.inc
new file mode 100644
index 00000000..e8fa8ad9
--- /dev/null
+++ b/lam/lib/modules/authorizedServiceObject.inc
@@ -0,0 +1,309 @@
+<?php
+/*
+$Id$
+
+  This code is not yet part of LDAP Account Manager (http://www.ldap-account-manager.org/)
+  Copyright (C) 2011  J de Jong
+
+  This program is free software; you can redistribute it and/or modify
+  it under the terms of the GNU General Public License as published by
+  the Free Software Foundation; either version 2 of the License, or
+  (at your option) any later version.
+
+  This program is distributed in the hope that it will be useful,
+  but WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+  GNU General Public License for more details.
+
+  You should have received a copy of the GNU General Public License
+  along with this program; if not, write to the Free Software
+  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+
+*/
+
+
+/**
+* Provides Authorized Service for accounts.
+*
+* @package modules
+* @author J de Jong
+*/
+
+/**
+* Provides Authorized Service for accounts.
+*
+* @package modules
+*/
+class authorizedServiceObject extends baseModule {
+
+	/**
+	* Creates a new authorizedServiceObject object.
+	*
+	* @param string $scope account type (user, group, host)
+	*/
+	function __construct($scope) {
+		// call parent constructor
+		parent::__construct($scope);
+		$this->autoAddObjectClasses = false;
+	}
+
+
+   /**
+    * Returns meta data that is interpreted by parent class
+    *
+    * @return array array with meta data
+    */
+    function get_metaData() {
+		$return = array();
+		// icon
+		$return['icon'] = 'services.png';
+		// manages user accounts
+		$return["account_types"] = array("user");
+		// alias name
+		$return["alias"] = _("Authorized Services");
+		// module dependencies
+		$return['dependencies'] = array('depends' => array(), 'conflicts' => array());
+		// managed object classes
+		$return['objectClasses'] = array('authorizedServiceObject');
+		// managed attributes
+		$return['attributes'] = array('authorizedService');
+		// help Entries
+		$return['help'] = array (
+			'authorizedService' => array (
+				"Headline" => _("Authorized Services"),
+				"Text" => _("Service name e.g. sshd, imap, ftp.... Enter one service per entry."). ' '. _("Use * for all services.")
+			),
+			'authorizedServices' => array (
+				"Headline" => _("Authorized Services"),
+				"Text" => _("Comma separated list of services (e.g. sshd, imap, ftp)."). ' '. _("Use * for all services.")
+			),
+			'autoAdd' => array(
+				"Headline" => _("Automatically add this extension"),
+				"Text" => _("This will enable the extension automatically if this profile is loaded.")
+			)
+		);
+		// upload fields 
+		$return['upload_columns'] = array(
+			array(
+				'name' => 'authorizedService',
+				'description' => _('Authorized Services'),
+				'help' => 'authorizedServices',
+				'example' => 'sshd, imap'
+			)
+		);
+		// available PDF fields
+		$return['PDF_fields'] = array(
+			'authorizedService' => _('Authorized Services')
+		);
+		// profile options
+		$profileContainer = new htmlTable();
+		$profileContainer->addElement(new htmlTableExtendedInputField(_('Authorized Services'), 'authorizedServiceObject_services', null, 'authorizedServices'), true);
+		$profileContainer->addElement(new htmlTableExtendedInputCheckbox('authorizedServiceObject_addExt', false, _('Automatically add this extension'), 'autoAdd'));
+		$return['profile_options'] = $profileContainer;
+		// profile checks
+		$return['profile_checks']['authorizedServiceObject_services'] = array('type' => 'ext_preg', 'regex' => 'ascii',
+		'error_message' => $this->messages['authorizedService'][0]);
+		return $return;
+    }
+
+	/**
+	* This function fills the error message array with messages
+	*/
+	function load_Messages() {
+		$this->messages['authorizedService'][0] = array('ERROR', 'Authorized services are invalid.');  // third array value is set dynamically
+		$this->messages['authorizedService'][1] = array('ERROR', _('Account %s:') . ' authorizedService', _('Please enter a valid list of service names.'));
+	}
+
+	/**
+	* Returns a list of modifications which have to be made to the LDAP account.
+	*
+	* @return array list of modifications
+	* <br>This function returns an array with 3 entries:
+	* <br>array( DN1 ('add' => array($attr), 'remove' => array($attr), 'modify' => array($attr)), DN2 .... )
+	* <br>DN is the DN to change. It may be possible to change several DNs (e.g. create a new user and add him to some groups via attribute memberUid)
+	* <br>"add" are attributes which have to be added to LDAP entry
+	* <br>"remove" are attributes which have to be removed from LDAP entry
+	* <br>"modify" are attributes which have to been modified in LDAP entry
+	* <br>"info" are values with informational value (e.g. to be used later by pre/postModify actions)
+	*/
+	function save_attributes() {
+		if (!in_array('authorizedServiceObject', $this->attributes['objectClass']) && !in_array('authorizedServiceObject', $this->orig['objectClass'])) {
+			// skip saving if the extension was not added/modified
+			return array();
+		}
+		return parent::save_attributes();
+	}
+
+	/**
+	 * Returns the HTML meta data for the main account page.
+	 * 
+	 * @return htmlElement HTML meta data
+	 */
+	function display_html_attributes() {
+		if (isset($_POST['form_subpage_authorizedServiceObject_attributes_addObjectClass'])) {
+			$this->attributes['objectClass'][] = 'authorizedServiceObject';
+		}
+		$return = new htmlTable();
+		if (in_array('authorizedServiceObject', $this->attributes['objectClass'])) {
+			$ASCount = 0;
+			// list current authorizedService's
+			if (isset($this->attributes['authorizedService'])) {
+				$ASCount = sizeof($this->attributes['authorizedService']);
+				for ($i = 0; $i < sizeof($this->attributes['authorizedService']); $i++) {
+					if ($i == 0) {
+						$return->addElement(new htmlOutputText(_('Authorized Services')));
+					}
+					else {
+						$return->addElement(new htmlOutputText(''));
+					}
+					$ASInput = new htmlInputField('authorizedService' . $i, $this->attributes['authorizedService'][$i]);
+					$return->addElement($ASInput);
+					$return->addElement(new htmlButton('delAS' . $i, 'del.png', true));
+					$return->addElement(new htmlHelpLink('authorizedService'), true);
+				}
+			}
+			// input box for new Service
+			$return->addElement(new htmlOutputText(_('New Authorized Service')));
+			$newASInput = new htmlInputField('authorizedService', '');
+			$return->addElement($newASInput);
+			$return->addElement(new htmlButton('addAS', 'add.png', true));
+			$return->addElement(new htmlHelpLink('authorizedService'));
+			$return->addElement(new htmlHiddenInput('as_number', $ASCount));
+			$return->addElement(new htmlOutputText(''), true);
+
+			$return->addElement(new htmlSpacer(null, '10px'),true);
+			$remButton = new htmlAccountPageButton('authorizedServiceObject', 'attributes', 'remObjectClass', _('Remove Authorized Service extension'));
+			$remButton->colspan = 4;
+			$return->addElement($remButton);
+		}
+		else {
+			$return->addElement(new htmlAccountPageButton('authorizedServiceObject', 'attributes', 'addObjectClass', _('Add Authorized Service extension')));
+		}
+
+		
+		return $return;
+	}
+
+	/**
+	* Processes user input of the primary module page.
+	* It checks if all input values are correct and updates the associated LDAP attributes.
+	*
+	* @return array list of info/error messages
+	*/
+	function process_attributes() {
+		if (isset($_POST['form_subpage_authorizedServiceObject_attributes_remObjectClass'])) {
+			$this->attributes['objectClass'] = array_delete(array('authorizedServiceObject'), $this->attributes['objectClass']);
+			if (isset($this->attributes['authorizedService'])) unset($this->attributes['authorizedService']);
+			return array();
+		}
+		if (!in_array('authorizedServiceObject', $this->attributes['objectClass'])) {
+			return array();
+		}
+
+
+		$errors = array();
+		$this->attributes['authorizedService'] = array();
+		// check old services
+		if (isset($_POST['as_number'])) {
+			for ($i = 0; $i < $_POST['as_number']; $i++) {
+				if (isset($_POST['delAS' . $i])) continue;
+				if (isset($_POST['authorizedService' . $i]) && ($_POST['authorizedService' . $i] != "")) {
+					// check if service has correct format
+					if (!get_preg($_POST['authorizedService' . $i], 'ascii')) {
+						$message = $this->messages['authorizedService'][0];
+						$message[] = $_POST['authorizedService' . $i];
+						$errors[] = $message;
+					}
+					$this->attributes['authorizedService'][] = $_POST['authorizedService' . $i];
+				}
+			}
+		}
+		// check new authorizedService
+		if (isset($_POST['authorizedService']) && ($_POST['authorizedService'] != "")) {
+			// check if service has correct format
+			if (get_preg($_POST['authorizedService'], 'ascii')) {
+				$this->attributes['authorizedService'][] = $_POST['authorizedService'];
+			}
+			else {
+				$message = $this->messages['authorizedService'][0];
+				$message[] = $_POST['authorizedService'];
+				$errors[] = $message;
+			}
+		}
+		$this->attributes['authorizedService'] = array_unique($this->attributes['authorizedService']);
+		return $errors;
+	}
+
+	/**
+	* In this function the LDAP account is built up.
+	*
+	* @param array $rawAccounts list of hash arrays (name => value) from user input
+	* @param array $partialAccounts list of hash arrays (name => value) which are later added to LDAP
+	* @param array $ids list of IDs for column position (e.g. "posixAccount_uid" => 5)
+	* @param array $selectedModules list of selected account modules
+	* @return array list of error messages if any
+	*/
+	function build_uploadAccounts($rawAccounts, $ids, &$partialAccounts, $selectedModules) {
+		$messages = array();
+		for ($i = 0; $i < sizeof($rawAccounts); $i++) {
+			// add object class
+			if (!in_array("authorizedServiceObject", $partialAccounts[$i]['objectClass'])) $partialAccounts[$i]['objectClass'][] = "authorizedServiceObject";
+			// add ASs
+			if ($rawAccounts[$i][$ids['authorizedService']] != "") {
+				$services = explode(', ', $rawAccounts[$i][$ids['authorizedService']]);
+				for ($m = 0; $m < sizeof($services); $m++) {
+					if (get_preg($services[$m], 'ascii')) {
+						$partialAccounts[$i]['authorizedService'][] = $services[$m];
+					}
+					else {
+						$errMsg = $this->messages['authorizedService'][1];
+						array_push($errMsg, array($i));
+						$messages[] = $errMsg;
+					}
+				}
+			}
+		}
+		return $messages;
+	}
+
+	/**
+	* Returns the PDF entries for this module.
+	*
+	* @return array list of possible PDF entries
+	*/
+	function get_pdfEntries() {
+		$return = array();
+		if (in_array('authorizedServiceObject', $this->attributes['objectClass'])) {
+			$return['authorizedServiceObject_authorizedService'][0] = '<block><key>' . _('Authorized Services') . '</key><value>' . implode(', ', $this->attributes['authorizedService']) . '</value></block>';
+		}
+		return $return;
+	}
+
+	/**
+	* Loads the values of an account profile into internal variables.
+	*
+	* @param array $profile hash array with profile values (identifier => value)
+	*/
+	function load_profile($profile) {
+		// profile mappings in meta data
+		parent::load_profile($profile);
+		// add extension
+		if (isset($profile['authorizedServiceObject_addExt'][0]) && ($profile['authorizedServiceObject_addExt'][0] == "true")) {
+			if (!in_array('authorizedServiceObject', $this->attributes['objectClass'])) {
+				$this->attributes['objectClass'][] = 'authorizedServiceObject';
+			}
+		}
+		// add ASs
+		if ($profile['authorizedServiceObject_services'][0] != "") {
+			$services = explode(',', $profile['authorizedServiceObject_services'][0]);
+			for ($m = 0; $m < sizeof($services); $m++) {
+				if (get_preg($services[$m], 'ascii')) {
+					$this->attributes['authorizedService'][] = trim($services[$m]);
+				}
+			}
+		}
+	}
+
+}
+
+?>