Added acls check to getldif

Fixed error msgs from getxls

git-svn-id: https://oss.gonicus.de/repositories/gosa/trunk@4967 594d385d-05f5-0310-b6e9-bd551577e9d8

diff --git a/html/getldif.php b/html/getldif.php
index 1c32f12ace8d473822e2d8d9ada9fc1653b86ac9..0045c6757fbf6a1a749a56b9706caceb9dba88bc 100644 (file)
--- a/html/getldif.php
+++ b/html/getldif.php
@@ -25,34 +25,34 @@ function dump_ldap ($mode= 0)
 
   $display = "";
 
-       if($mode == 2){ // Single Entry Export !
-       $dn =  base64_decode($_GET['dn']);
-       $display = $ldap->gen_one_entry($dn);
-       echo $display;
-       }
-       elseif($mode == 3){ // Full LDIF Export !
-       $dn =  base64_decode($_GET['dn']);
-       $display = $ldap->gen_ldif($dn);
-       echo $display;
-       }
-       elseif($mode == 4){ // IVBB LDIF Export
-       $dn =  base64_decode($_GET['dn']);
-       $display= $ldap->gen_ldif($dn,"(objectClass=ivbbentry)",array(
-             "GouvernmentOrganizationalUnit","houseIdentifier","vocation",
-             "ivbbLastDeliveryCollective","gouvernmentOrganizationalPersonLocality",
-             "gouvernmentOrganizationalUnitDescription","gouvernmentOrganizationalUnitSubjectArea",
-             "functionalTitle","role","certificateSerialNumber","userCertificate","publicVisible",
-             "telephoneNumber","seeAlso","description","title","x121Address","registeredAddress",
-             "destinationIndicator","preferredDeliveryMethod","telexNumber","teletexTerminalIdentifier",
-             "telephoneNumber","internationaliSDNNumber","facsimileTelephoneNumber","street",
-             "postOfficeBox","postalCode","postalAddress","physicalDeliveryOfficeName","ou",
-             "st","l","audio","businessCategory","carLicense","departmentNumber","displayName",
-             "employeeNumber","employeeType","givenName","homePhone","homePostalAddress",
-             "initials","jpegPhoto","labeledURI","mail","manager","mobile","o","pager","photo",
-             "roomNumber","secretary","userCertificate","x500uniqueIdentifier","preferredLanguage",
-             "userSMIMECertificate","userPKCS12"));
-          
-       echo $display;
+  if($mode == 2){      // Single Entry Export !
+    $dn =  base64_decode($_GET['dn']);
+    $display = $ldap->gen_one_entry($dn);
+    echo $display;
+  }
+  elseif($mode == 3){ // Full LDIF Export !
+    $dn =  base64_decode($_GET['dn']);
+    $display = $ldap->gen_ldif($dn);
+    echo $display;
+  }
+  elseif($mode == 4){ // IVBB LDIF Export
+    $dn =  base64_decode($_GET['dn']);
+    $display= $ldap->gen_ldif($dn,"(objectClass=ivbbentry)",array(
+          "GouvernmentOrganizationalUnit","houseIdentifier","vocation",
+          "ivbbLastDeliveryCollective","gouvernmentOrganizationalPersonLocality",
+          "gouvernmentOrganizationalUnitDescription","gouvernmentOrganizationalUnitSubjectArea",
+          "functionalTitle","role","certificateSerialNumber","userCertificate","publicVisible",
+          "telephoneNumber","seeAlso","description","title","x121Address","registeredAddress",
+          "destinationIndicator","preferredDeliveryMethod","telexNumber","teletexTerminalIdentifier",
+          "telephoneNumber","internationaliSDNNumber","facsimileTelephoneNumber","street",
+          "postOfficeBox","postalCode","postalAddress","physicalDeliveryOfficeName","ou",
+          "st","l","audio","businessCategory","carLicense","departmentNumber","displayName",
+          "employeeNumber","employeeType","givenName","homePhone","homePostalAddress",
+          "initials","jpegPhoto","labeledURI","mail","manager","mobile","o","pager","photo",
+          "roomNumber","secretary","userCertificate","x500uniqueIdentifier","preferredLanguage",
+          "userSMIMECertificate","userPKCS12"));
+
+    echo $display;
   }
 }
 
@@ -72,6 +72,15 @@ if (!isset($_SESSION['ui'])){
 $ui= $_SESSION["ui"];
 $config= $_SESSION['config'];
 
+/* Check ACL's */
+$dn =  base64_decode($_GET['dn']);
+$acl = $ui->get_permissions($dn,"ldapmanager/ldifexport");
+if(!preg_match("/r/",$acl)){
+  echo "insufficient permissions";
+  exit();
+}
+
+
 header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
 header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT");
 header("Cache-Control: no-cache");
@@ -80,26 +89,19 @@ header("Cache-Control: post-check=0, pre-check=0");
 
 header("Content-type: text/plain");
 
-/* Check ACL's */
-$acl= get_permissions ($config->current['BASE'], $ui->subtreeACL);
-$acl= get_module_permission($acl, "all", $config->current['BASE']);
-if (chkacl($acl, "all") != ""){
-  header ("Location: index.php");
-  exit;
-}
 
 switch ($_GET['ivbb']){
-       case 2: dump_ldap (2);
-               break;
+  case 2: dump_ldap (2);
+          break;
 
-       case 3: dump_ldap (3);
-               break;
+  case 3: dump_ldap (3);
+          break;
 
-       case 4: dump_ldap (4);
-               break;
-       
-    default:
-               echo "Error in ivbb parameter. Request aborted.";
-  }
+  case 4: dump_ldap (4);
+          break;
+
+  default:
+          echo "Error in ivbb parameter. Request aborted.";
+}
 // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
 ?>

diff --git a/html/getxls.php b/html/getxls.php
index 7bb560e7dfa866e4580e634d87ab52737feb7516..ef5acfb9a36921b171fe1130fbfad6397e5101c7 100644 (file)
--- a/html/getxls.php
+++ b/html/getxls.php
@@ -406,7 +406,7 @@ session_start ();
 
 /* Logged in? Simple security check */
 if (!isset($_SESSION['ui'])){
-  gosa_log ("Error: getldif.php called without session");
+  gosa_log ("Error: getxls.php called without session");
   header ("Location: index.php");
   exit;
 }