michael/webmin
1
0
Fork 0
mirror of https://github.com/webmin/webmin.git synced 2026-03-20 16:50:24 +00:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Move LDIF access control rules up and down

Browse Source
This commit is contained in:
Jamie Cameron
2009-05-06 01:02:34 +00:00
parent b1607f968c
commit d26753f961
8 changed files with 112 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
ldap-server/acl_form.cgi
View File

@@ -6,9 +6,18 @@ require './ldap-server-lib.pl';
$access{'acl'} || &error($text{'acl_ecannot'});
&ReadParse();
# Get ACLs
if (&get_config_type() == 1) {
$conf = &get_config();
@access = &find("access", $conf);
}
else {
$defdb = &get_default_db();
$conf = &get_ldif_config();
@access = &find_ldif("olcAccess", $conf, $defdb);
}
# Page header
$conf = &get_config();
@access = &find("access", $conf);
if ($in{'new'}) {
&ui_print_header(undef, $text{'eacl_title1'}, "", "eacl");
$p = { 'what' => '*',
@@ -27,8 +36,9 @@ print &ui_hidden("idx", $in{'idx'});
print &ui_table_start($text{'eacl_header'}, undef, 2);
# Granting to what object
$what = $p->{'what'} eq '*' ? 1 : 0;
if ($p->{'what'} =~ /^dn(\.([^=]+))?=(.*)$/i) {
$what = $p->{'what'} eq '*' || $p->{'what'} eq '' ? 1 : 0;
if ($p->{'what'} =~ /^dn(\.([^=]+))?="(.*)"$/i ||
$p->{'what'} =~ /^dn(\.([^=]+))?=(.*)$/i) {
$dn = $3;
$style = $2;
}
@@ -72,7 +82,7 @@ foreach $b (@{$p->{'by'}}, { }, { }, { }) {
[ 'other', $text{'eacl_other'} ] ],
1, 0, 0, 0,
"style='width:45%' onChange='form.who_$i.disabled = (form.wmode_$i.value != \"other\")'").
&ui_textbox("who_$i", $kwho ? "" : $b->{'who'}, 30,
&ui_textbox("who_$i", $kwho ? "" : $b->{'who'}, 50,
$kwho, undef, "style='width:45%'"),
# What access level? Show textbox if complex

22
ldap-server/delete_acls.cgi
View File

@@ -9,8 +9,17 @@ $access{'acl'} || &error($text{'acl_ecannot'});
# Filter out un-wanted rules
&lock_slapd_files();
$conf = &get_config();
@access = &find("access", $conf);
if (&get_config_type() == 1) {
$conf = &get_config();
@access = &find("access", $conf);
}
else {
$defdb = &get_default_db();
$conf = &get_ldif_config();
@access = &find_ldif("olcAccess", $conf, $defdb);
}
%d = map { $_, 1 } split(/\0/, $in{'d'});
keys(%d) || &error($text{'dacl_enone'});
for($i=0; $i<@access; $i++) {
@@ -18,8 +27,13 @@ for($i=0; $i<@access; $i++) {
}
# Save them
&save_directive($conf, "access", @newaccess);
&flush_file_lines($config{'config_file'});
if (&get_config_type() == 1) {
&save_directive($conf, "access", @newaccess);
}
else {
&save_ldif_directive($conf, "olcAccess", $defdb, @newaccess);
}
&flush_file_lines();
&unlock_slapd_files();
&webmin_log("delete", "accesses", scalar(keys(%d)));

37
ldap-server/down_acl.cgi
View File

@@ -6,17 +6,36 @@ require './ldap-server-lib.pl';
$access{'acl'} || &error($text{'acl_ecannot'});
&ReadParse();
# Find it
&lock_slapd_files();
$conf = &get_config();
@access = &find("access", $conf);
$p = &parse_ldap_access($access[$in{'idx'}]);
# Move up
($access[$in{'idx'}+1], $access[$in{'idx'}]) =
($access[$in{'idx'}], $access[$in{'idx'}+1]);
&save_directive($conf, "access", @access);
&flush_file_lines($config{'config_file'});
if (&get_config_type() == 1) {
# Move down in old-style config
$conf = &get_config();
@access = &find("access", $conf);
($access[$in{'idx'}+1], $access[$in{'idx'}]) =
($access[$in{'idx'}], $access[$in{'idx'}+1]);
&save_directive($conf, "access", @access);
&flush_file_lines($config{'config_file'});
}
else {
# Move down in LDIF config
$defdb = &get_default_db();
$conf = &get_ldif_config();
@access = &find_ldif("olcAccess", $conf, $defdb);
($access[$in{'idx'}+1], $access[$in{'idx'}]) =
($access[$in{'idx'}], $access[$in{'idx'}+1]);
if ($access[$in{'idx'}]->{'values'}->[0] =~ /^\{\d+\}to/ &&
$access[$in{'idx'}+1]->{'values'}->[0] =~ /^\{\d+\}to/) {
# Swap indexes too
($access[$in{'idx'}]->{'values'}->[0],
$access[$in{'idx'}+1]->{'values'}->[0]) =
($access[$in{'idx'}+1]->{'values'}->[0],
$access[$in{'idx'}]->{'values'}->[0]);
}
&save_ldif_directive($conf, "olcAccess", $defdb, @access);
&flush_file_lines();
}
&unlock_slapd_files();
&webmin_log("down", "access", $p->{'what'});

13
ldap-server/edit_acl.cgi
View File

@@ -6,8 +6,17 @@ require './ldap-server-lib.pl';
$access{'acl'} || &error($text{'acl_ecannot'});
&ui_print_header(undef, $text{'acl_title'}, "", "acl");
$conf = &get_config();
@access = &find("access", $conf);
# Get ACLs
if (&get_config_type() == 1) {
$conf = &get_config();
@access = &find("access", $conf);
}
else {
$defdb = &get_default_db();
$conf = &get_ldif_config();
@access = &find_ldif("olcAccess", $conf, $defdb);
}
@crlinks = ( "<a href='acl_form.cgi?new=1'>$text{'acl_add'}</a>" );
if (@access) {
# Show table of ACLs

3
ldap-server/index.cgi
View File

@@ -79,7 +79,8 @@ if ($p && ref($ldap) && $access{'browser'}) {
if ($local) {
# All local server icons
@pages = ( &get_config_type() == 1 ? "slapd" : "ldif",
"schema", "acl", "browser", "create" );
&get_config_type() == 1 ? ( "schema" ) : ( ),
"acl", "browser", "create" );
}
else {
# Just browser and DN creator

1
ldap-server/lang/en
View File

@@ -284,6 +284,7 @@ access_read=read
access_write=write
access_all=anyone
access_any=All objects
access_nodn=Objects with no DN
access_lnone=No access
access_lauth=Authenticate
access_lcompare=Compare

14
ldap-server/ldap-server-lib.pl
View File

@@ -633,8 +633,11 @@ sub parse_ldap_access
local ($a) = @_;
local @v = @{$a->{'values'}};
local $p = { };
shift(@v); # Remove to
$p->{'what'} = shift(@v); # Object
print STDERR "v=",join("/", @v),"\n";
shift(@v); # Remove to or {x}to
if ($v[0] !~ /^(filter|attrs)=/) {
$p->{'what'} = shift(@v); # Object
}
if ($v[0] =~ /^filter=(\S+)/) {
# Filter added to what
$p->{'filter'} = $1;
@@ -665,11 +668,12 @@ while(@v) {
push(@{$p->{'by'}}, $by);
}
$p->{'bydesc'} = join(", ", @descs);
if ($p->{'what'} eq '*') {
if ($p->{'what'} eq '*' || $p->{'what'} eq '') {
$p->{'whatdesc'} = $text{'access_any'};
}
elsif ($p->{'what'} =~ /^dn(\.[^=]+)?=(.*)$/) {
$p->{'whatdesc'} = "<tt>$2</tt>";
elsif ($p->{'what'} =~ /^dn(\.[^=]+)?="(.*)"$/ ||
$p->{'what'} =~ /^dn(\.[^=]+)?=(.*)$/) {
$p->{'whatdesc'} = $2 ne '' ? "<tt>$2</tt>" : $text{'access_nodn'};
}
else {
$p->{'whatdesc'} = $p->{'what'};

37
ldap-server/up_acl.cgi
View File

@@ -6,17 +6,36 @@ require './ldap-server-lib.pl';
$access{'acl'} || &error($text{'acl_ecannot'});
&ReadParse();
# Find it
&lock_slapd_files();
$conf = &get_config();
@access = &find("access", $conf);
$p = &parse_ldap_access($access[$in{'idx'}]);
# Move up
($access[$in{'idx'}-1], $access[$in{'idx'}]) =
($access[$in{'idx'}], $access[$in{'idx'}-1]);
&save_directive($conf, "access", @access);
&flush_file_lines($config{'config_file'});
if (&get_config_type() == 1) {
# Move up in old-style config
$conf = &get_config();
@access = &find("access", $conf);
($access[$in{'idx'}-1], $access[$in{'idx'}]) =
($access[$in{'idx'}], $access[$in{'idx'}-1]);
&save_directive($conf, "access", @access);
&flush_file_lines($config{'config_file'});
}
else {
# Move up in LDIF config
$defdb = &get_default_db();
$conf = &get_ldif_config();
@access = &find_ldif("olcAccess", $conf, $defdb);
($access[$in{'idx'}-1], $access[$in{'idx'}]) =
($access[$in{'idx'}], $access[$in{'idx'}-1]);
if ($access[$in{'idx'}]->{'values'}->[0] =~ /^\{\d+\}to/ &&
$access[$in{'idx'}-1]->{'values'}->[0] =~ /^\{\d+\}to/) {
# Swap indexes too
($access[$in{'idx'}]->{'values'}->[0],
$access[$in{'idx'}-1]->{'values'}->[0]) =
($access[$in{'idx'}-1]->{'values'}->[0],
$access[$in{'idx'}]->{'values'}->[0]);
}
&save_ldif_directive($conf, "olcAccess", $defdb, @access);
&flush_file_lines();
}
&unlock_slapd_files();
&webmin_log("up", "access", $p->{'what'});