ldap-server/acl_save.cgi

   1 #!/usr/local/bin/perl
   2 # Create, update or delete one access control rule
   3
   4 require './ldap-server-lib.pl';
   5 &error_setup($text{'eacl_err'});
   6 &local_ldap_server() == 1 || &error($text{'slapd_elocal'});
   7 $access{'acl'} || &error($text{'acl_ecannot'});
   8 &ReadParse();
   9
  10 # Get the current rule
  11 &lock_slapd_files();
  12 if (&get_config_type() == 1) {
  13         $conf = &get_config();
  14         @access = &find("access", $conf);
  15         }
  16 else {
  17         $defdb = &get_default_db();
  18         $conf = &get_ldif_config();
  19         @access = &find_ldif("olcAccess", $conf, $defdb);
  20         }
  21
  22 # Get the ACL object
  23 if (!$in{'new'}) {
  24         $acl = $access[$in{'idx'}];
  25         $p = &parse_ldap_access($acl);
  26         }
  27 else {
  28         $p = { };
  29         }
  30
  31 if ($in{'delete'}) {
  32         # Just take out of access list
  33         @access = grep { $_ ne $acl } @access;
  34         }
  35 else {
  36         # Validate and store inputs, starting with object
  37         if ($in{'what'} == 1) {
  38                 $p->{'what'} = '*';
  39                 }
  40         elsif ($in{'what'} == 2) {
  41                 $p->{'what'} =
  42                         'dn'.($in{'what_style'} ? '.'.$in{'what_style'} : '').
  43                         '=""';
  44                 }
  45         else {
  46                 $in{'what_dn'} =~ /^\S+=\S.*$/ || &error($text{'eacl_edn'});
  47                 $p->{'what'} =
  48                         'dn'.($in{'what_style'} ? '.'.$in{'what_style'} : '').
  49                         '='.$in{'what_dn'};
  50                 }
  51
  52         # Object filter and attribute list
  53         delete($p->{'filter'});
  54         if ($in{'filter_on'}) {
  55                 $in{'filter'} =~ /^\S+$/ || &error($text{'eacl_efilter'});
  56                 $p->{'filter'} = $in{'filter'};
  57                 }
  58         delete($p->{'attrs'});
  59         if ($in{'attrs_on'}) {
  60                 $in{'attrs'} =~ /^\S+$/ || &error($text{'eacl_eattrs'});
  61                 $p->{'attrs'} = $in{'attrs'};
  62                 }
  63
  64         # Each granted user
  65         @by = ( );
  66         for($i=0; defined($in{"wmode_$i"}); $i++) {
  67                 next if ($in{"wmode_$i"} eq "");
  68                 local $by = { };
  69
  70                 # Who are we granting
  71                 if ($in{"wmode_$i"} eq "other") {
  72                         # Other DN
  73                         $in{"who_$i"} =~ /^\S+=\S.*$/ ||
  74                                 &error(&text('eacl_ewho', $i+1));
  75                         $by->{'who'} = $in{"who_$i"};
  76                         }
  77                 else {
  78                         # Just selected
  79                         $by->{'who'} = $in{"wmode_$i"};
  80                         }
  81
  82                 # Access level
  83                 $in{"access_$i"} =~ /^\S+$/ ||
  84                         &error(&text('eacl_eaccess', $i+1));
  85                 $by->{'access'} = $in{"access_$i"};
  86
  87                 # Additional attributes
  88                 $by->{'control'} = [ &split_quoted_string($in{"control_$i"}) ];
  89                 push(@by, $by);
  90                 }
  91         $p->{'by'} = \@by;
  92
  93         # Add to access directive list
  94         if ($in{'new'}) {
  95                 $acl = { 'name' => 'access',
  96                          'values' => [ ] };
  97                 push(@access, $acl);
  98                 }
  99         &store_ldap_access($acl, $p);
 100         }
 101
 102 # Write out access directives
 103 if (&get_config_type() == 1) {
 104         &save_directive($conf, "access", @access);
 105         }
 106 else {
 107         &save_ldif_directive($conf, "olcAccess", $defdb, @access);
 108         }
 109 &flush_file_lines();
 110 &unlock_slapd_files();
 111
 112 # Log and return
 113 &webmin_log($in{'delete'} ? "delete" : $in{'new'} ? "create" : "modify",
 114             "access", $p->{'what'});
 115 &redirect("edit_acl.cgi");
 116