push(@by, $by);
}
$p->{'by'} = \@by;
- # XXX
# Add to access directive list
if ($in{'new'}) {
# Log and return
&webmin_log($in{'delete'} ? "delete" : $in{'new'} ? "create" : "modify",
- "access", $p->{'who'});
+ "access", $p->{'what'});
&redirect("edit_acl.cgi");
--- /dev/null
+#!/usr/local/bin/perl
+# Delete a bunch of access control rules
+
+require './ldap-server-lib.pl';
+&error_setup($text{'dacl_err'});
+&local_ldap_server() == 1 || &error($text{'slapd_elocal'});
+$access{'acl'} || &error($text{'acl_ecannot'});
+&ReadParse();
+
+# Filter out un-wanted rules
+&lock_file($config{'config_file'});
+$conf = &get_config();
+@access = &find("access", $conf);
+%d = map { $_, 1 } split(/\0/, $in{'d'});
+keys(%d) || &error($text{'dacl_enone'});
+for($i=0; $i<@access; $i++) {
+ push(@newaccess, $access[$i]) if (!$d{$i});
+ }
+
+# Save them
+&save_directive($conf, "access", @newaccess);
+&flush_file_lines($config{'config_file'});
+&unlock_file($config{'config_file'});
+
+&webmin_log("delete", "accesses", scalar(keys(%d)));
+&redirect("edit_acl.cgi");
+
--- /dev/null
+#!/usr/local/bin/perl
+# Move an access control rule down (later)
+
+require './ldap-server-lib.pl';
+&local_ldap_server() == 1 || &error($text{'slapd_elocal'});
+$access{'acl'} || &error($text{'acl_ecannot'});
+&ReadParse();
+
+# Find it
+&lock_file($config{'config_file'});
+$conf = &get_config();
+@access = &find("access", $conf);
+$p = &parse_ldap_access($access[$in{'idx'}]);
+
+# Move up
+($access[$in{'idx'}+1], $access[$in{'idx'}]) =
+ ($access[$in{'idx'}], $access[$in{'idx'}+1]);
+&save_directive($conf, "access", @access);
+&flush_file_lines($config{'config_file'});
+&unlock_file($config{'config_file'});
+
+&webmin_log("down", "access", $p->{'what'});
+&redirect("edit_acl.cgi");
+
$mover = &ui_up_down_arrows(
"up_acl.cgi?idx=$i",
"down_acl.cgi?idx=$i",
- $i > 1,
- $i && $i < @access-1);
+ $i > 0,
+ $i < @access-1);
$p = &parse_ldap_access($a);
print &ui_checked_columns_row([
"<a href='acl_form.cgi?idx=$i'>$p->{'whatdesc'}</a>",
log_bootup=Enabled LDAP server at boot
log_bootdown=Disabled LDAP server at boot
log_perms=Fixed LDAP server permissions
+log_create_access=Created access control rule for $1
+log_delete_access=Delete access control rule for $1
+log_modify_access=Updated access control rule for $1
+log_up_access=Moved up access control rule for $1
+log_down_access=Moved down access control rule for $1
+log_delete_accesses=Deleted $1 access control rules
+log_all=all objects
gencert_title=Generate SSL Certificate
gencert_header=New SSL certificate details
# Functions for configuring and talking to an LDAP server
# XXX help pages
-# XXX acl mass deletion
# XXX make sure ACLs work!
do '../web-lib.pl';
if (defined($old[$i]) && defined($values[$i])) {
# Update some directive
splice(@$lref, $old[$i]->{'line'}, $len, $line);
- $old[$i]->{'values'} = \@unqvalues;
+ if (&indexof($values[$i], @$conf) < 0) {
+ $old[$i]->{'values'} = \@unqvalues;
+ }
$old[$i]->{'eline'} = $old[$i]->{'line'};
$changed = $old[$i];
if ($len != 1) {
return &text('log_'.$action.'_attrs', $object,
"<tt>".&html_escape($p->{'dn'})."</tt>");
}
+elsif ($type eq 'access') {
+ return &text('log_'.$action.'_access',
+ $object eq '*' ? $text{'log_all'} :
+ $object =~ /^dn(\.[^=]+)?=(.*)/ ?
+ "<tt>".&html_escape("$2")."</tt>" :
+ "<tt>".&html_escape($object)."</tt>");
+ }
+elsif ($type eq 'accesses') {
+ return &text('log_'.$action.'_accesses', $object);
+ }
elsif ($action eq 'sfile' || $action eq 'sup' || $action eq 'sdown') {
return &text('log_'.$action, "<tt>".&html_escape($object)."</tt>");
}
elsif ($action eq 'boot') {
return $object ? $text{'log_bootup'} : $text{'log_bootdown'};
}
+elsif ($action eq 'create') {
+ return &text('log_create', "<tt>".&html_escape($object)."</tt>");
+ }
else {
return $text{'log_'.$action};
}
--- /dev/null
+#!/usr/local/bin/perl
+# Move an access control rule up (earlier)
+
+require './ldap-server-lib.pl';
+&local_ldap_server() == 1 || &error($text{'slapd_elocal'});
+$access{'acl'} || &error($text{'acl_ecannot'});
+&ReadParse();
+
+# Find it
+&lock_file($config{'config_file'});
+$conf = &get_config();
+@access = &find("access", $conf);
+$p = &parse_ldap_access($access[$in{'idx'}]);
+
+# Move up
+($access[$in{'idx'}-1], $access[$in{'idx'}]) =
+ ($access[$in{'idx'}], $access[$in{'idx'}-1]);
+&save_directive($conf, "access", @access);
+&flush_file_lines($config{'config_file'});
+&unlock_file($config{'config_file'});
+
+&webmin_log("up", "access", $p->{'what'});
+&redirect("edit_acl.cgi");
+