-
Notifications
You must be signed in to change notification settings - Fork 1
/
host_modify.php
197 lines (173 loc) · 6.9 KB
/
host_modify.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
<?php
// Modify Host ACLs
// $Id: host_modify.php,v 2.15 2007-03-14 12:10:52 turbo Exp $
// {{{ Setup session etc
if(!@$_SESSION) {
// Called directly - as in modifying something with a host
require("./include/pql_session.inc");
require($_SESSION["path"]."/include/pql_config.inc");
}
require($_SESSION["path"]."/left-head.html");
// }}}
// {{{ Retreive all users
if(pql_get_define("PQL_CONF_SUBTREE_USERS")) {
$subrdn = pql_get_define("PQL_CONF_SUBTREE_USERS") . ",";
}
$userdn = $subrdn . $_GET["domain"];
$filter = pql_get_define("PQL_CONF_REFERENCE_USERS_WITH", $_REQUEST["rootdn"])."=*";
$users = $_pql->get_dn($userdn, $filter);
if($users) {
sort($users);
} else {
$users = array();
}
// Extract 'human readable' name from the user DN's found
$user_results = pql_left_htmlify_userlist($_REQUEST["rootdn"], $_REQUEST["domain"],
$userdn, $users, ($links = NULL));
if($user_results) {
asort($user_results);
}
// }}}
// {{{ Retreive all physical computers
$computer_results = $_pql->get_dn($_SESSION["USER_SEARCH_DN_CTR"],
'(&(cn=*)(objectclass=ipHost)(ipHostNumber=*))');
if($computer_results) {
sort($computer_results);
}
// }}}
if(isset($_REQUEST['action'])) {
if($_REQUEST['action'] == 'remove_user_from_host') {
// {{{ Remove user from host
// NOTE: Removing the last uniqueMember will result in:
// ldap_modify: Object class violation (65)
// additional info: object class 'groupOfUniqueNames' requires attribute 'uniqueMember'
// Check to see if this is the last uniqueMember in this groupDN
for($i=0; $computer_results[$i]; $i++) {
if(lc($computer_results[$i]) == lc($_REQUEST["host"])) {
// Retreive uniqueMember from this host
$host_users = $_pql->get_attribute($computer_results[$i], pql_get_define("PQL_ATTR_UNIQUE_GROUP"));
$count = count($host_users);
$computer_number = $i; // Needed to manual remove below.
break;
}
}
if($count > 1)
// There's more than one uniqueMember value, remove the requested one.
$msg = pql_modify_attribute($_REQUEST["host"],
pql_get_define("PQL_ATTR_UNIQUE_GROUP"),
$_REQUEST["userdn"], '');
else
// This IS the last uniqueMember value, remove the whole object.
$msg = $_pql->delete($_REQUEST["host"]);
if(isset($msg) && ($msg == 1))
$msg = pql_complete_constant($LANG->_("Host ACL Updated Successfully. Removed: %what% From: %where%"),
array("what" => $_REQUEST['userdn'], "where" => $_REQUEST['host']));
else
$msg = pql_complete_constant($LANG->_("Failed to update Host ACL. Could not remove %what%"),
array("what" => $_REQUEST['userdn']));
$url = "host_detail.php?host=".urlencode($_REQUEST["host"])."&msg=".urlencode($msg);
pql_header($url);
// }}}
} elseif($_REQUEST['action'] == 'add_user_to_host') {
// {{{ Add user to host
if(pql_modify_attribute($_REQUEST['computer'], pql_get_define('PQL_ATTR_UNIQUE_GROUP'), '', $_REQUEST['userdn'])) {
pql_format_status_msg(pql_complete_constant($LANG->_("Successfully added %user% to host ACL"), array('user' => $_REQUEST['userdn'])));
// Since we've already retreived all hosts, we must manually add the user to the correct part of the array(s).
if(is_array($computer_results[$computer_number][pql_get_define("PQL_ATTR_UNIQUE_GROUP")]))
$computer_results[$computer_number][pql_get_define("PQL_ATTR_UNIQUE_GROUP")][] = $_REQUEST['userdn'];
else {
$tmp = $computer_results[$computer_number][pql_get_define("PQL_ATTR_UNIQUE_GROUP")]; // Save the current (flat) value
unset($computer_results[$computer_number][pql_get_define("PQL_ATTR_UNIQUE_GROUP")]); // Undefine the value, so it can be re-initialized
$computer_results[$computer_number][pql_get_define("PQL_ATTR_UNIQUE_GROUP")][] = $tmp; // Add the original value
$computer_results[$computer_number][pql_get_define("PQL_ATTR_UNIQUE_GROUP")][] = $_REQUEST['userdn']; // Add the new user DN
}
} else
pql_format_status_msg(pql_complete_constant($LANG->_("Failed to add %user% to Host ACL"), array('user' => $_REQUEST['userdn'])));
// }}}
}
}
if(is_array($computer_results)) {
// {{{ Show this domains user access
?>
<form action="<?php echo $_SERVER["PHP_SELF"]?>" method="POST">
<table cellspacing="0" cellpadding="3" border="0">
<th colspan="3" align="left"><?php echo $LANG->_("Host Control Access")?>
<tr class="c2">
<td class="title"><?php echo $LANG->_("Allow")?> </td>
<?php
if(isset($_REQUEST['userdn']) && isset($_REQUEST['uid'])) {
// {{{ If user info is passed in the request string then their is no need to grab all the users from ldap
?>
<td class="title">
<?php echo $_REQUEST['uid']; ?>
<input type="hidden" name="userdn" value="<?php echo $_REQUEST['userdn']; ?>">
</td>
<?php
// }}}
} else {
// {{{ No user was passed in in request string so make the list
print " <td>\n";
print " <select name='userdn'>\n";
foreach($user_results as $dn => $user)
print " <option value='$dn'>$user</option>\n";
print " </select>\n </td>\n";
// }}}
}
// {{{ Host column
?>
<td class="title"> <?php echo $LANG->_("access to physical host")."\n"?> </td>
<td>
<select name="computer">
<?php
foreach($computer_results as $host_dn) {
$host = $_pql->get_attribute($host_dn, pql_get_define("PQL_ATTR_CN"));
print " <option value='" . $host_dn . "'>" . $host . "</option>\n";
}
?>
</select>
</td>
<?php
// }}}
?>
</tr>
</th>
</table>
<input type="hidden" name="view" value="hostacl">
<input type="hidden" name="action" value="add_user_to_host">
<input type="Submit" name="Submit" value="<?php echo $LANG->_("Add To Host ACL")?>">
</form>
<?php
// }}}
} else {
// {{{ There's no computers, so we couldn't insert the 'add user to host ACL' form above.
// Instead, just say there wasn't any hosts to modify...
echo '<img src="images/info.png" width="16" height="16" alt="" border="0">';
echo " ";
echo $LANG->_("Could not find any computers/hosts, so I couldn't show you the form. Start by adding a host. You do this at the left Computers frame.");
// }}}
}
// {{{ Find all host with user from this branch
// Setup search filter for finding hosts
// objectClass => ipHost AND groupOfUniqueNames.
$filter = '(&(objectClass=ipHost)(objectClass=groupOfUniqueNames)(|';
foreach($users as $user) {
// Search for each and every user in the groupOfUniqueNames.
$filter .= '('.pql_get_define("PQL_ATTR_UNIQUE_GROUP").'='.$user.')';
}
$filter .= '))';
$hosts = $_pql->get_dn($_SESSION["USER_SEARCH_DN_CTR"], $filter);
if($hosts) {
if(!is_array($hosts))
$hosts = array($hosts);
} else {
$hosts = array();
}
// }}}
include("./tables/host_details-acl.inc");
/* Local variables:
* mode: php
* mode: font-lock
* tab-width: 4
* End:
*/
?>