mirror of
https://github.com/webmin/webmin.git
synced 2025-08-19 01:15:14 +00:00
Access control
This commit is contained in:
Jamie Cameron
23
ldap-server/acl_security.pl
Normal file
23
ldap-server/acl_security.pl
Normal file
@ -0,0 +1,23 @@
|
||||
|
||||
do 'ldap-server-lib.pl';
|
||||
@acl_functions = ( 'slapd', 'schema', 'acl', 'browser', 'create' );
|
||||
|
||||
# acl_security_form(&options)
|
||||
# Output HTML for editing security options for the acl module
|
||||
sub acl_security_form
|
||||
{
|
||||
foreach my $f (@acl_functions) {
|
||||
print &ui_table_row($text{'acl_'.$f},
|
||||
&ui_yesno_radio($f, $_[0]->{$f}));
|
||||
}
|
||||
}
|
||||
|
||||
# acl_security_save(&options)
|
||||
# Parse the form for security options for the acl module
|
||||
sub acl_security_save
|
||||
{
|
||||
foreach my $f (@acl_functions) {
|
||||
$_[0]->{$f} = $in{$f};
|
||||
}
|
||||
}
|
||||
|
||||
@ -3,6 +3,7 @@
|
||||
|
||||
require './ldap-server-lib.pl';
|
||||
&error_setup($text{'add_err'});
|
||||
$access{'browser'} || &error($text{'browser_ecannot'});
|
||||
&ReadParse();
|
||||
$ldap = &connect_ldap_db();
|
||||
ref($ldap) || &error($ldap);
|
||||
|
||||
@ -1,3 +1,4 @@
|
||||
config_file=/etc/ldap/slapd.conf
|
||||
schema_dir=/etc/ldap/schema
|
||||
slapd=slapd
|
||||
ldap_user=ldap
|
||||
|
||||
@ -7,6 +7,7 @@ ssl=Use TLS encryption with LDAP server?,1,-Detect automatically,1-Yes,0-No
|
||||
slapd=Full path to OpenLDAP server program,8
|
||||
config_file=OpenLDAP server configuration file,8
|
||||
schema_dir=OpenLDAP schema directory,7
|
||||
ldap_user=User OpenLDAP server runs as,5
|
||||
|
||||
line2=User interface settings,11
|
||||
browse_max=Maximum number of sub-objects to display,3,Unlimited
|
||||
|
||||
@ -3,6 +3,7 @@
|
||||
|
||||
require './ldap-server-lib.pl';
|
||||
&error_setup($text{'delete_err'});
|
||||
$access{'browser'} || &error($text{'browser_ecannot'});
|
||||
&ReadParse();
|
||||
$ldap = &connect_ldap_db();
|
||||
ref($ldap) || &error($ldap);
|
||||
|
||||
@ -3,6 +3,7 @@
|
||||
|
||||
require './ldap-server-lib.pl';
|
||||
&local_ldap_server() == 1 || &error($text{'slapd_elocal'});
|
||||
$access{'schema'} || &error($text{'schema_ecannot'});
|
||||
&ReadParse();
|
||||
|
||||
# Find it includes
|
||||
|
||||
9
ldap-server/edit_acl.cgi
Normal file
9
ldap-server/edit_acl.cgi
Normal file
@ -0,0 +1,9 @@
|
||||
#!/usr/local/bin/perl
|
||||
# Show access control settings from config
|
||||
|
||||
require './ldap-server-lib.pl';
|
||||
&local_ldap_server() == 1 || &error($text{'slapd_elocal'});
|
||||
$access{'acl'} || &error($text{'acl_ecannot'});
|
||||
&ui_print_header(undef, $text{'acl_title'}, "", "acl");
|
||||
|
||||
|
||||
@ -3,6 +3,7 @@
|
||||
|
||||
require './ldap-server-lib.pl';
|
||||
&ui_print_header(undef, $text{'browser_title'}, "", "browser");
|
||||
$access{'browser'} || &error($text{'browser_ecannot'});
|
||||
&ReadParse();
|
||||
|
||||
# Connect to LDAP server, or die trying
|
||||
|
||||
@ -3,6 +3,7 @@
|
||||
|
||||
require './ldap-server-lib.pl';
|
||||
&local_ldap_server() == 1 || &error($text{'slapd_elocal'});
|
||||
$access{'schema'} || &error($text{'schema_ecannot'});
|
||||
&ui_print_header(undef, $text{'schema_title'}, "", "schema");
|
||||
&ReadParse();
|
||||
|
||||
|
||||
@ -3,6 +3,7 @@
|
||||
|
||||
require './ldap-server-lib.pl';
|
||||
&local_ldap_server() == 1 || &error($text{'slapd_elocal'});
|
||||
$access{'schema'} || &error($text{'schema_ecannot'});
|
||||
&ReadParse();
|
||||
&is_under_directory($config{'schema_dir'}, $in{'file'}) ||
|
||||
&error($text{'schema_edir'});
|
||||
|
||||
@ -3,6 +3,7 @@
|
||||
|
||||
require './ldap-server-lib.pl';
|
||||
&local_ldap_server() == 1 || &error($text{'slapd_elocal'});
|
||||
$access{'slapd'} || &error($text{'slapd_ecannot'});
|
||||
&ui_print_header(undef, $text{'slapd_title'}, "", "slapd");
|
||||
&ReadParse();
|
||||
$conf = &get_config();
|
||||
|
||||
@ -3,6 +3,7 @@
|
||||
|
||||
require './ldap-server-lib.pl';
|
||||
&local_ldap_server() == 1 || &error($text{'slapd_elocal'});
|
||||
$access{'slapd'} || &error($text{'slapd_ecannot'});
|
||||
&foreign_require("webmin", "webmin-lib.pl");
|
||||
&ReadParse();
|
||||
&error_setup($text{'gencert_err'});
|
||||
@ -21,9 +22,14 @@ else {
|
||||
}
|
||||
|
||||
# Do it
|
||||
$err = &webmin::parse_ssl_key_form(\%in, $keyfile, $certfile);
|
||||
$err = &webmin::parse_ssl_key_form(\%in, $keyfile,
|
||||
$certfile eq $keyfile ? undef : $certfile);
|
||||
&error($err) if ($err);
|
||||
|
||||
# Make readable by LDAP user
|
||||
&set_ownership_permissions($config{'ldap_user'}, undef, undef,
|
||||
$keyfile, $certfile);
|
||||
|
||||
# Update config to use them
|
||||
&lock_file($config{'config_file'});
|
||||
&save_directive($conf, "TLSCertificateFile", $certfile);
|
||||
|
||||
@ -3,6 +3,7 @@
|
||||
|
||||
require './ldap-server-lib.pl';
|
||||
&local_ldap_server() == 1 || &error($text{'slapd_elocal'});
|
||||
$access{'slapd'} || &error($text{'slapd_ecannot'});
|
||||
&foreign_require("webmin", "webmin-lib.pl");
|
||||
|
||||
&ui_print_header(undef, $text{'gencert_title'}, "");
|
||||
|
||||
@ -41,8 +41,9 @@ if ($local) {
|
||||
}
|
||||
else {
|
||||
# Just browser and DN creator?
|
||||
@pages = ( "browse", "create" );
|
||||
@pages = ( "browser", "create" );
|
||||
}
|
||||
@pages = grep { $access{$_} } @pages;
|
||||
@links = map { "edit_".$_.".cgi" } @pages;
|
||||
@titles = map { $text{$_."_title"} } @pages;
|
||||
@icons = map { "images/$_.gif" } @pages;
|
||||
|
||||
@ -63,6 +63,7 @@ slapd_eca=Missing or incorrectly formatted TLS CA certificate file
|
||||
slapd_gencert=Generate SSL Certificate
|
||||
slapd_gencertdesc=To run your LDAP server in TLS mode, an SSL certificate and private key must first be generated. Click this button to create a self-signed certificate for your system.
|
||||
slapd_gencertwarn=Warning - your existing certificate will no longer be used.
|
||||
slapd_elocal=You are not allowed to configure the LDAP server
|
||||
|
||||
schema_title=Manage Schema
|
||||
schema_file=Name
|
||||
@ -80,11 +81,14 @@ schema_path=Full filename
|
||||
schema_edesc=This page allows you to manually edit an LDAP schema file. This should only be done if you are familiar with the file format, as no checking is done by Webmin.
|
||||
schema_return=schema list
|
||||
schema_emove=Could not find schema file to move!
|
||||
schema_ecannot=You are not allowed to manage the LDAP schema
|
||||
|
||||
acl_title=LDAP Access Control
|
||||
acl_ecannot=You are not allowed to configure LDAP access control
|
||||
|
||||
browser_title=Browse Database
|
||||
browser_econn=The LDAP browser cannot be used : $1
|
||||
browser_ecannot=You are not allowed to browse the LDAP database
|
||||
browser_base=Browsing:
|
||||
browser_ok=Show
|
||||
browser_esearch=LDAP search failed : $1
|
||||
@ -201,3 +205,9 @@ gencert_same=Current config files
|
||||
gencert_dir=Directory
|
||||
gencert_err=Failed to generate certificate
|
||||
gencert_edest=Destination directory does not exist
|
||||
|
||||
acl_slapd=Can configure LDAP server?
|
||||
acl_schema=Can manage schema?
|
||||
acl_acl=Can edit access control?
|
||||
acl_browser=Can browse and edit database?
|
||||
acl_create=Can create new tree?
|
||||
|
||||
@ -3,8 +3,6 @@
|
||||
# XXX initial setup
|
||||
# XXX install ldap server
|
||||
# XXX default configs for various systems (include search max of 100)
|
||||
# XXX LDAP logging in more detail, like we do for SQL
|
||||
# XXX spam, postfix and ldap-useradmin too
|
||||
|
||||
do '../web-lib.pl';
|
||||
&init_config();
|
||||
|
||||
@ -3,6 +3,7 @@
|
||||
|
||||
require './ldap-server-lib.pl';
|
||||
&error_setup($text{'rename_err'});
|
||||
$access{'browser'} || &error($text{'browser_ecannot'});
|
||||
&ReadParse();
|
||||
$ldap = &connect_ldap_db();
|
||||
ref($ldap) || &error($ldap);
|
||||
|
||||
@ -3,6 +3,7 @@
|
||||
|
||||
require './ldap-server-lib.pl';
|
||||
&error_setup($text{'save_err'});
|
||||
$access{'browser'} || &error($text{'browser_ecannot'});
|
||||
&ReadParse();
|
||||
$ldap = &connect_ldap_db();
|
||||
ref($ldap) || &error($ldap);
|
||||
|
||||
@ -3,6 +3,7 @@
|
||||
|
||||
require './ldap-server-lib.pl';
|
||||
&error_setup($text{'schema_err'});
|
||||
$access{'schema'} || &error($text{'schema_ecannot'});
|
||||
&local_ldap_server() == 1 || &error($text{'slapd_elocal'});
|
||||
&ReadParse();
|
||||
|
||||
|
||||
@ -2,11 +2,12 @@
|
||||
# Write out a schema file
|
||||
|
||||
require './ldap-server-lib.pl';
|
||||
&error_setup($text{'schema_eerr'});
|
||||
&local_ldap_server() == 1 || &error($text{'slapd_elocal'});
|
||||
$access{'schema'} || &error($text{'schema_ecannot'});
|
||||
&ReadParseMime();
|
||||
|
||||
# Validate
|
||||
&error_setup($text{'schema_eerr'});
|
||||
&is_under_directory($config{'schema_dir'}, $in{'file'}) ||
|
||||
&error($text{'schema_edir'});
|
||||
$in{'data'} =~ s/\r//g;
|
||||
|
||||
@ -3,6 +3,7 @@
|
||||
|
||||
require './ldap-server-lib.pl';
|
||||
&error_setup($text{'slapd_err'});
|
||||
$access{'slapd'} || &error($text{'slapd_ecannot'});
|
||||
&local_ldap_server() == 1 || &error($text{'slapd_elocal'});
|
||||
&ReadParse();
|
||||
|
||||
|
||||
@ -3,6 +3,7 @@
|
||||
|
||||
require './ldap-server-lib.pl';
|
||||
&error_setup($text{'sdelete_err'});
|
||||
$access{'browser'} || &error($text{'browser_ecannot'});
|
||||
&ReadParse();
|
||||
$ldap = &connect_ldap_db();
|
||||
ref($ldap) || &error($ldap);
|
||||
|
||||
@ -3,6 +3,7 @@
|
||||
|
||||
require './ldap-server-lib.pl';
|
||||
&local_ldap_server() == 1 || &error($text{'slapd_elocal'});
|
||||
$access{'schema'} || &error($text{'schema_ecannot'});
|
||||
&ReadParse();
|
||||
|
||||
# Find it includes
|
||||
|
||||
@ -3,6 +3,7 @@
|
||||
|
||||
require './ldap-server-lib.pl';
|
||||
&local_ldap_server() == 1 || &error($text{'slapd_elocal'});
|
||||
$access{'schema'} || &error($text{'schema_ecannot'});
|
||||
&ReadParse();
|
||||
&is_under_directory($config{'schema_dir'}, $in{'file'}) ||
|
||||
&error($text{'schema_edir'});
|
||||
|
||||
Reference in New Issue
Block a user