From 10df20de8be16274f3cf4da59a7780265764e3f1 Mon Sep 17 00:00:00 2001 From: hickert Date: Thu, 7 Jan 2010 08:28:46 +0000 Subject: [PATCH] Added missing permission check to faiManagement::remove git-svn-id: https://oss.gonicus.de/repositories/gosa/trunk@15093 594d385d-05f5-0310-b6e9-bd551577e9d8 --- .../fai/admin/fai/class_faiManagement.inc | 28 ++++++++++++++----- 1 file changed, 21 insertions(+), 7 deletions(-) diff --git a/gosa-plugins/fai/admin/fai/class_faiManagement.inc b/gosa-plugins/fai/admin/fai/class_faiManagement.inc index 1719e82c3..8fd3847eb 100644 --- a/gosa-plugins/fai/admin/fai/class_faiManagement.inc +++ b/gosa-plugins/fai/admin/fai/class_faiManagement.inc @@ -392,22 +392,36 @@ class faiManagement extends management $ldap = $this->config->get_ldap_link(); $ldap->cd($this->config->current['BASE']); + $disallowed = array(); foreach($this->dns as $key => $dn){ $ldap->cat($dn); if($ldap->count()){ $attrs = $ldap->fetch(); $type= $this->get_type($attrs); - $str = management::removeEntryConfirmed($action,array($dn),$all,$type[0],$type[2],$type[1]); - if($str) return($str); - // Now save changes - FAI::save_release_changes_now(); - $to_del = FAI::clean_up_releases($dn); - foreach($to_del as $dn){ - $ldap->rmdir_recursive($dn); + $acl = $this->ui->get_permissions($dn,"fai/".$type[1]); + if(preg_match("/d/",$acl)){ + + // Now save changes + management::removeEntryConfirmed($action,array($dn),$all,$type[0],$type[2],$type[1]); + FAI::save_release_changes_now(); + $to_del = FAI::clean_up_releases($dn); + foreach($to_del as $dn){ + $ldap->rmdir_recursive($dn); + } + + } else { + $disallowed[] = $dn; + new log("security","fai/".get_class($this),$dn,array(),"Tried to trick deletion."); } } } + + /* Normally this shouldn't be reached, send some extra + logs to notify the administrator */ + if(count($disallowed)){ + msg_dialog::display(_("Permission error"), msgPool::permDelete($disallowed), ERROR_DIALOG); + } } -- 2.30.2