VladPolskiy/webmin
1
0
Fork 0
mirror of https://github.com/webmin/webmin.git synced 2025-08-19 01:15:14 +00:00
Code Issues Packages Projects Releases Wiki Activity

Access control

Browse Source
This commit is contained in:
Jamie Cameron
2007-12-13 20:02:12 +00:00
parent 02991ce8a2
commit e123d77cf5
24 changed files with 70 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
ldap-server/acl_security.pl Normal file
View File

@ -0,0 +1,23 @@
do 'ldap-server-lib.pl';
@acl_functions = ( 'slapd', 'schema', 'acl', 'browser', 'create' );
# acl_security_form(&options)
# Output HTML for editing security options for the acl module
sub acl_security_form
{
foreach my $f (@acl_functions) {
print &ui_table_row($text{'acl_'.$f},
&ui_yesno_radio($f, $_[0]->{$f}));
}
}
# acl_security_save(&options)
# Parse the form for security options for the acl module
sub acl_security_save
{
foreach my $f (@acl_functions) {
$_[0]->{$f} = $in{$f};
}
}

1
ldap-server/add_browser.cgi
View File

@ -3,6 +3,7 @@
require './ldap-server-lib.pl'; require './ldap-server-lib.pl';
&error_setup($text{'add_err'}); &error_setup($text{'add_err'});
$access{'browser'} || &error($text{'browser_ecannot'});
&ReadParse(); &ReadParse();
$ldap = &connect_ldap_db(); $ldap = &connect_ldap_db();
ref($ldap) || &error($ldap); ref($ldap) || &error($ldap);

1
ldap-server/config-*-linux
View File

@ -1,3 +1,4 @@
config_file=/etc/ldap/slapd.conf config_file=/etc/ldap/slapd.conf
schema_dir=/etc/ldap/schema schema_dir=/etc/ldap/schema
slapd=slapd slapd=slapd
ldap_user=ldap

1
ldap-server/config.info
View File

@ -7,6 +7,7 @@ ssl=Use TLS encryption with LDAP server?,1,-Detect automatically,1-Yes,0-No
slapd=Full path to OpenLDAP server program,8 slapd=Full path to OpenLDAP server program,8
config_file=OpenLDAP server configuration file,8 config_file=OpenLDAP server configuration file,8
schema_dir=OpenLDAP schema directory,7 schema_dir=OpenLDAP schema directory,7
ldap_user=User OpenLDAP server runs as,5
line2=User interface settings,11 line2=User interface settings,11
browse_max=Maximum number of sub-objects to display,3,Unlimited browse_max=Maximum number of sub-objects to display,3,Unlimited

1
ldap-server/delete_browser.cgi
View File

@ -3,6 +3,7 @@
require './ldap-server-lib.pl'; require './ldap-server-lib.pl';
&error_setup($text{'delete_err'}); &error_setup($text{'delete_err'});
$access{'browser'} || &error($text{'browser_ecannot'});
&ReadParse(); &ReadParse();
$ldap = &connect_ldap_db(); $ldap = &connect_ldap_db();
ref($ldap) || &error($ldap); ref($ldap) || &error($ldap);

1
ldap-server/down_schema.cgi
View File

@ -3,6 +3,7 @@
require './ldap-server-lib.pl'; require './ldap-server-lib.pl';
&local_ldap_server() == 1 || &error($text{'slapd_elocal'}); &local_ldap_server() == 1 || &error($text{'slapd_elocal'});
$access{'schema'} || &error($text{'schema_ecannot'});
&ReadParse(); &ReadParse();
# Find it includes # Find it includes

9
ldap-server/edit_acl.cgi Normal file
View File

@ -0,0 +1,9 @@
#!/usr/local/bin/perl
# Show access control settings from config
require './ldap-server-lib.pl';
&local_ldap_server() == 1 || &error($text{'slapd_elocal'});
$access{'acl'} || &error($text{'acl_ecannot'});
&ui_print_header(undef, $text{'acl_title'}, "", "acl");

1
ldap-server/edit_browser.cgi
View File

@ -3,6 +3,7 @@
require './ldap-server-lib.pl'; require './ldap-server-lib.pl';
&ui_print_header(undef, $text{'browser_title'}, "", "browser"); &ui_print_header(undef, $text{'browser_title'}, "", "browser");
$access{'browser'} || &error($text{'browser_ecannot'});
&ReadParse(); &ReadParse();
# Connect to LDAP server, or die trying # Connect to LDAP server, or die trying

1
ldap-server/edit_schema.cgi
View File

@ -3,6 +3,7 @@
require './ldap-server-lib.pl'; require './ldap-server-lib.pl';
&local_ldap_server() == 1 || &error($text{'slapd_elocal'}); &local_ldap_server() == 1 || &error($text{'slapd_elocal'});
$access{'schema'} || &error($text{'schema_ecannot'});
&ui_print_header(undef, $text{'schema_title'}, "", "schema"); &ui_print_header(undef, $text{'schema_title'}, "", "schema");
&ReadParse(); &ReadParse();

1
ldap-server/edit_sfile.cgi
View File

@ -3,6 +3,7 @@
require './ldap-server-lib.pl'; require './ldap-server-lib.pl';
&local_ldap_server() == 1 || &error($text{'slapd_elocal'}); &local_ldap_server() == 1 || &error($text{'slapd_elocal'});
$access{'schema'} || &error($text{'schema_ecannot'});
&ReadParse(); &ReadParse();
&is_under_directory($config{'schema_dir'}, $in{'file'}) || &is_under_directory($config{'schema_dir'}, $in{'file'}) ||
&error($text{'schema_edir'}); &error($text{'schema_edir'});

1
ldap-server/edit_slapd.cgi
View File

@ -3,6 +3,7 @@
require './ldap-server-lib.pl'; require './ldap-server-lib.pl';
&local_ldap_server() == 1 || &error($text{'slapd_elocal'}); &local_ldap_server() == 1 || &error($text{'slapd_elocal'});
$access{'slapd'} || &error($text{'slapd_ecannot'});
&ui_print_header(undef, $text{'slapd_title'}, "", "slapd"); &ui_print_header(undef, $text{'slapd_title'}, "", "slapd");
&ReadParse(); &ReadParse();
$conf = &get_config(); $conf = &get_config();

8
ldap-server/gencert.cgi
View File

@ -3,6 +3,7 @@
require './ldap-server-lib.pl'; require './ldap-server-lib.pl';
&local_ldap_server() == 1 || &error($text{'slapd_elocal'}); &local_ldap_server() == 1 || &error($text{'slapd_elocal'});
$access{'slapd'} || &error($text{'slapd_ecannot'});
&foreign_require("webmin", "webmin-lib.pl"); &foreign_require("webmin", "webmin-lib.pl");
&ReadParse(); &ReadParse();
&error_setup($text{'gencert_err'}); &error_setup($text{'gencert_err'});
@ -21,9 +22,14 @@ else {
} }
# Do it # Do it
$err = &webmin::parse_ssl_key_form(\%in, $keyfile, $certfile); $err = &webmin::parse_ssl_key_form(\%in, $keyfile,
$certfile eq $keyfile ? undef : $certfile);
&error($err) if ($err); &error($err) if ($err);
# Make readable by LDAP user
&set_ownership_permissions($config{'ldap_user'}, undef, undef,
$keyfile, $certfile);
# Update config to use them # Update config to use them
&lock_file($config{'config_file'}); &lock_file($config{'config_file'});
&save_directive($conf, "TLSCertificateFile", $certfile); &save_directive($conf, "TLSCertificateFile", $certfile);

1
ldap-server/gencert_form.cgi
View File

@ -3,6 +3,7 @@
require './ldap-server-lib.pl'; require './ldap-server-lib.pl';
&local_ldap_server() == 1 || &error($text{'slapd_elocal'}); &local_ldap_server() == 1 || &error($text{'slapd_elocal'});
$access{'slapd'} || &error($text{'slapd_ecannot'});
&foreign_require("webmin", "webmin-lib.pl"); &foreign_require("webmin", "webmin-lib.pl");
&ui_print_header(undef, $text{'gencert_title'}, ""); &ui_print_header(undef, $text{'gencert_title'}, "");

3
ldap-server/index.cgi
View File

@ -41,8 +41,9 @@ if ($local) {
} }
else { else {
# Just browser and DN creator? # Just browser and DN creator?
@pages = ( "browse", "create" ); @pages = ( "browser", "create" );
} }
@pages = grep { $access{$_} } @pages;
@links = map { "edit_".$_.".cgi" } @pages; @links = map { "edit_".$_.".cgi" } @pages;
@titles = map { $text{$_."_title"} } @pages; @titles = map { $text{$_."_title"} } @pages;
@icons = map { "images/$_.gif" } @pages; @icons = map { "images/$_.gif" } @pages;

10
ldap-server/lang/en
View File

@ -63,6 +63,7 @@ slapd_eca=Missing or incorrectly formatted TLS CA certificate file
slapd_gencert=Generate SSL Certificate slapd_gencert=Generate SSL Certificate
slapd_gencertdesc=To run your LDAP server in TLS mode, an SSL certificate and private key must first be generated. Click this button to create a self-signed certificate for your system. slapd_gencertdesc=To run your LDAP server in TLS mode, an SSL certificate and private key must first be generated. Click this button to create a self-signed certificate for your system.
slapd_gencertwarn=Warning - your existing certificate will no longer be used. slapd_gencertwarn=Warning - your existing certificate will no longer be used.
slapd_elocal=You are not allowed to configure the LDAP server
schema_title=Manage Schema schema_title=Manage Schema
schema_file=Name schema_file=Name
@ -80,11 +81,14 @@ schema_path=Full filename
schema_edesc=This page allows you to manually edit an LDAP schema file. This should only be done if you are familiar with the file format, as no checking is done by Webmin. schema_edesc=This page allows you to manually edit an LDAP schema file. This should only be done if you are familiar with the file format, as no checking is done by Webmin.
schema_return=schema list schema_return=schema list
schema_emove=Could not find schema file to move! schema_emove=Could not find schema file to move!
schema_ecannot=You are not allowed to manage the LDAP schema
acl_title=LDAP Access Control acl_title=LDAP Access Control
acl_ecannot=You are not allowed to configure LDAP access control
browser_title=Browse Database browser_title=Browse Database
browser_econn=The LDAP browser cannot be used : $1 browser_econn=The LDAP browser cannot be used : $1
browser_ecannot=You are not allowed to browse the LDAP database
browser_base=Browsing: browser_base=Browsing:
browser_ok=Show browser_ok=Show
browser_esearch=LDAP search failed : $1 browser_esearch=LDAP search failed : $1
@ -201,3 +205,9 @@ gencert_same=Current config files
gencert_dir=Directory gencert_dir=Directory
gencert_err=Failed to generate certificate gencert_err=Failed to generate certificate
gencert_edest=Destination directory does not exist gencert_edest=Destination directory does not exist
acl_slapd=Can configure LDAP server?
acl_schema=Can manage schema?
acl_acl=Can edit access control?
acl_browser=Can browse and edit database?
acl_create=Can create new tree?

2
ldap-server/ldap-server-lib.pl
View File

@ -3,8 +3,6 @@
# XXX initial setup # XXX initial setup
# XXX install ldap server # XXX install ldap server
# XXX default configs for various systems (include search max of 100) # XXX default configs for various systems (include search max of 100)
# XXX LDAP logging in more detail, like we do for SQL
# XXX spam, postfix and ldap-useradmin too
do '../web-lib.pl'; do '../web-lib.pl';
&init_config(); &init_config();

1
ldap-server/rename_browser.cgi
View File

@ -3,6 +3,7 @@
require './ldap-server-lib.pl'; require './ldap-server-lib.pl';
&error_setup($text{'rename_err'}); &error_setup($text{'rename_err'});
$access{'browser'} || &error($text{'browser_ecannot'});
&ReadParse(); &ReadParse();
$ldap = &connect_ldap_db(); $ldap = &connect_ldap_db();
ref($ldap) || &error($ldap); ref($ldap) || &error($ldap);

1
ldap-server/save_browser.cgi
View File

@ -3,6 +3,7 @@
require './ldap-server-lib.pl'; require './ldap-server-lib.pl';
&error_setup($text{'save_err'}); &error_setup($text{'save_err'});
$access{'browser'} || &error($text{'browser_ecannot'});
&ReadParse(); &ReadParse();
$ldap = &connect_ldap_db(); $ldap = &connect_ldap_db();
ref($ldap) || &error($ldap); ref($ldap) || &error($ldap);

1
ldap-server/save_schema.cgi
View File

@ -3,6 +3,7 @@
require './ldap-server-lib.pl'; require './ldap-server-lib.pl';
&error_setup($text{'schema_err'}); &error_setup($text{'schema_err'});
$access{'schema'} || &error($text{'schema_ecannot'});
&local_ldap_server() == 1 || &error($text{'slapd_elocal'}); &local_ldap_server() == 1 || &error($text{'slapd_elocal'});
&ReadParse(); &ReadParse();

3
ldap-server/save_sfile.cgi
View File

@ -2,11 +2,12 @@
# Write out a schema file # Write out a schema file
require './ldap-server-lib.pl'; require './ldap-server-lib.pl';
&error_setup($text{'schema_eerr'});
&local_ldap_server() == 1 || &error($text{'slapd_elocal'}); &local_ldap_server() == 1 || &error($text{'slapd_elocal'});
$access{'schema'} || &error($text{'schema_ecannot'});
&ReadParseMime(); &ReadParseMime();
# Validate # Validate
&error_setup($text{'schema_eerr'});
&is_under_directory($config{'schema_dir'}, $in{'file'}) || &is_under_directory($config{'schema_dir'}, $in{'file'}) ||
&error($text{'schema_edir'}); &error($text{'schema_edir'});
$in{'data'} =~ s/\r//g; $in{'data'} =~ s/\r//g;

1
ldap-server/save_slapd.cgi
View File

@ -3,6 +3,7 @@
require './ldap-server-lib.pl'; require './ldap-server-lib.pl';
&error_setup($text{'slapd_err'}); &error_setup($text{'slapd_err'});
$access{'slapd'} || &error($text{'slapd_ecannot'});
&local_ldap_server() == 1 || &error($text{'slapd_elocal'}); &local_ldap_server() == 1 || &error($text{'slapd_elocal'});
&ReadParse(); &ReadParse();

1
ldap-server/sdelete_browser.cgi
View File

@ -3,6 +3,7 @@
require './ldap-server-lib.pl'; require './ldap-server-lib.pl';
&error_setup($text{'sdelete_err'}); &error_setup($text{'sdelete_err'});
$access{'browser'} || &error($text{'browser_ecannot'});
&ReadParse(); &ReadParse();
$ldap = &connect_ldap_db(); $ldap = &connect_ldap_db();
ref($ldap) || &error($ldap); ref($ldap) || &error($ldap);

1
ldap-server/up_schema.cgi
View File

@ -3,6 +3,7 @@
require './ldap-server-lib.pl'; require './ldap-server-lib.pl';
&local_ldap_server() == 1 || &error($text{'slapd_elocal'}); &local_ldap_server() == 1 || &error($text{'slapd_elocal'});
$access{'schema'} || &error($text{'schema_ecannot'});
&ReadParse(); &ReadParse();
# Find it includes # Find it includes

1
ldap-server/view_sfile.cgi
View File

@ -3,6 +3,7 @@
require './ldap-server-lib.pl'; require './ldap-server-lib.pl';
&local_ldap_server() == 1 || &error($text{'slapd_elocal'}); &local_ldap_server() == 1 || &error($text{'slapd_elocal'});
$access{'schema'} || &error($text{'schema_ecannot'});
&ReadParse(); &ReadParse();
&is_under_directory($config{'schema_dir'}, $in{'file'}) || &is_under_directory($config{'schema_dir'}, $in{'file'}) ||
&error($text{'schema_edir'}); &error($text{'schema_edir'});