# Check if the source user/group is in a DB
my $userdb = &get_userdb_string();
if ($userdb) {
- ($dbh, $proto) = &connect_userdb($userdb);
+ ($dbh, $proto, $prefix, $args) = &connect_userdb($userdb);
&error($dbh) if (!ref($dbh));
if ($proto eq "mysql" || $proto eq "postgresql") {
# Search in SQL DB
}
elsif ($proto eq "ldap") {
# Search in LDAP
- # XXX
+ my $fromclass = $fromtype eq "user" ? "userclass"
+ : "groupclass";
+ my $rv = $dbh->search(
+ base => $prefix,
+ filter => '(&(cn='.$from.')(objectClass='.
+ $fromclass.'))',
+ scope => 'sub');
+ $rv->code && &error($rv->error);
+ my ($fromobj) = $rv->all_entries;
+ $fromid = $fromobj ? $fromobj->dn() : undef;
+ my $toclass = $totype eq "user" ? "userclass"
+ : "groupclass";
+ my $rv = $dbh->search(
+ base => $prefix,
+ filter => '(&(cn='.$to.')(objectClass='.
+ $toclass.'))',
+ scope => 'sub');
+ $rv->code && &error($rv->error);
+ my ($toobj) = $rv->all_entries;
+ $toid = $toobj ? $toobj->dn() : undef;
}
}
-if (defined($fromid) && defined($toid)) {
+if (defined($fromid) && defined($toid) &&
+ ($proto eq "mysql" || $proto eq "postgresql")) {
# Copy from database to database
- if ($proto eq "mysql" || $proto eq "postgresql") {
- my $delcmd = $dbh->prepare("delete from webmin_${totype}_acl where id = ? and module = ?");
- my $cmd = $dbh->prepare("insert into webmin_${totype}_acl select ?,module,attr,value from webmin_${fromtype}_acl where id = ? and module = ?");
- foreach my $m (@$mods) {
- $delcmd && $delcmd->execute($toid, $m) ||
- &error("Failed to clear ACLs : ".$dbh->errstr);
- $delcmd->finish();
- $cmd && $cmd->execute($toid, $fromid, $m) ||
- &error("Failed to copy ACLs : ".$dbh->errstr);
- $cmd->finish();
- }
- }
- elsif ($proto eq "ldap") {
- # XXX
+ my $delcmd = $dbh->prepare("delete from webmin_${totype}_acl where id = ? and module = ?");
+ my $cmd = $dbh->prepare("insert into webmin_${totype}_acl select ?,module,attr,value from webmin_${fromtype}_acl where id = ? and module = ?");
+ foreach my $m (@$mods) {
+ $delcmd && $delcmd->execute($toid, $m) ||
+ &error("Failed to clear ACLs : ".$dbh->errstr);
+ $delcmd->finish();
+ $cmd && $cmd->execute($toid, $fromid, $m) ||
+ &error("Failed to copy ACLs : ".$dbh->errstr);
+ $cmd->finish();
}
}
elsif (!defined($fromid) && !defined($toid)) {
}
print DEBUG "REMOTE_USER = ",$ENV{"REMOTE_USER"},"\n";
print DEBUG "BASE_REMOTE_USER = ",$ENV{"BASE_REMOTE_USER"},"\n";
+ print DEBUG "proto=$uinfo->{'proto'} id=$uinfo->{'id'}\n" if ($uinfo);
$ENV{"SSL_USER"} = $peername if ($validated == 2);
$ENV{"ANONYMOUS_USER"} = "1" if ($validated == 3 || $validated == 4);
$ENV{"DOCUMENT_ROOT"} = $roots[0];
}
# Extract attributes
+ my $pass = $u->get_value('pass');
$user = { 'name' => $username,
'id' => $u->dn(),
- 'pass' => $u->get_value('pass'),
+ 'pass' => $pass,
'proto' => $proto };
- my %attrs;
foreach my $la ($u->get_value('webminAttr')) {
my ($attr, $value) = split(/=/, $la, 2);
$attrs{$attr} = $value;
my ($acl) = $rv->all_entries;
if ($acl) {
foreach my $av ($acl->get_value(
- 'webminAcl')) {
+ 'webminAclEntry')) {
my ($a, $v) = split(/=/, $av,2);
$rv{$a} = $v;
}
my ($group) = $rv->all_entries;
# Find ACL sub-object for the module
- my $ldapm = $m;
+ my $ldapm = $m || "global";
if ($group) {
my $rv = $dbh->search(
base => $group->dn(),
}
my ($acl) = $rv->all_entries;
if ($acl) {
- foreach my $av ($acl->get_value('webminAcl')) {
+ foreach my $av ($acl->get_value(
+ 'webminAclEntry')) {
my ($a, $v) = split(/=/, $av, 2);
$rv{$a} = $v;
}
if ($user) {
# Find the ACL sub-object for the module
+ $foundindb = 1;
my $ldapm = $m || "global";
my $rv = $dbh->search(
base => $user->dn(),
}
my ($acl) = $rv->all_entries;
- my @attrs;
+ my @al;
foreach my $a (keys %{$_[0]}) {
- push(@attrs, "webminAclEntry",
- $a."=".$_[0]->{$a});
+ push(@al, $a."=".$_[0]->{$a});
}
if ($acl) {
# Update attributes
$rv = $dbh->modify($acl->dn(),
- replace => { @attrs });
+ replace => { "webminAclEntry", \@al });
}
else {
# Add a sub-object
- push(@attrs, "cn", $ldapm,
- "objectClass", "webminAcl");
+ my @attrs = ( "cn", $ldapm,
+ "objectClass", "webminAcl",
+ "webminAclEntry", \@al );
$rv = $dbh->add("cn=".$ldapm.",".$user->dn(),
attr => \@attrs);
}
}
my ($group) = $rv->all_entries;
- my $ldapm = $m;
+ my $ldapm = $m || "global";
if ($group) {
# Find the ACL sub-object for the module
+ $foundindb = 1;
my $rv = $dbh->search(
base => $group->dn(),
filter => '(cn='.$ldapm.')',
}
my ($acl) = $rv->all_entries;
- my @attrs;
+ my @al;
foreach my $a (keys %{$_[0]}) {
- push(@attrs, "webminAclEntry",
- $a."=".$_[0]->{$a});
+ push(@al, $a."=".$_[0]->{$a});
}
if ($acl) {
# Update attributes
$rv = $dbh->modify($acl->dn(),
- replace => { @attrs });
+ replace => { "webminAclEntry", \@al });
}
else {
# Add a sub-object
- push(@attrs, "cn", $ldapm,
- "objectClass", "webminAcl");
+ my @attrs = ( "cn", $ldapm,
+ "objectClass", "webminAcl",
+ "webminAclEntry", \@al );
$rv = $dbh->add("cn=".$ldapm.",".$group->dn(),
attr => \@attrs);
}