From b7ce2a769aad90388222f99d0e5825f26880bf48 Mon Sep 17 00:00:00 2001 From: hickert Date: Tue, 31 Oct 2006 07:12:20 +0000 Subject: [PATCH] Added acls check to getldif Fixed error msgs from getxls git-svn-id: https://oss.gonicus.de/repositories/gosa/trunk@4967 594d385d-05f5-0310-b6e9-bd551577e9d8 --- html/getldif.php | 92 +++++++++++++++++++++++++----------------------- html/getxls.php | 2 +- 2 files changed, 48 insertions(+), 46 deletions(-) diff --git a/html/getldif.php b/html/getldif.php index 1c32f12ac..0045c6757 100644 --- a/html/getldif.php +++ b/html/getldif.php @@ -25,34 +25,34 @@ function dump_ldap ($mode= 0) $display = ""; - if($mode == 2){ // Single Entry Export ! - $dn = base64_decode($_GET['dn']); - $display = $ldap->gen_one_entry($dn); - echo $display; - } - elseif($mode == 3){ // Full LDIF Export ! - $dn = base64_decode($_GET['dn']); - $display = $ldap->gen_ldif($dn); - echo $display; - } - elseif($mode == 4){ // IVBB LDIF Export - $dn = base64_decode($_GET['dn']); - $display= $ldap->gen_ldif($dn,"(objectClass=ivbbentry)",array( - "GouvernmentOrganizationalUnit","houseIdentifier","vocation", - "ivbbLastDeliveryCollective","gouvernmentOrganizationalPersonLocality", - "gouvernmentOrganizationalUnitDescription","gouvernmentOrganizationalUnitSubjectArea", - "functionalTitle","role","certificateSerialNumber","userCertificate","publicVisible", - "telephoneNumber","seeAlso","description","title","x121Address","registeredAddress", - "destinationIndicator","preferredDeliveryMethod","telexNumber","teletexTerminalIdentifier", - "telephoneNumber","internationaliSDNNumber","facsimileTelephoneNumber","street", - "postOfficeBox","postalCode","postalAddress","physicalDeliveryOfficeName","ou", - "st","l","audio","businessCategory","carLicense","departmentNumber","displayName", - "employeeNumber","employeeType","givenName","homePhone","homePostalAddress", - "initials","jpegPhoto","labeledURI","mail","manager","mobile","o","pager","photo", - "roomNumber","secretary","userCertificate","x500uniqueIdentifier","preferredLanguage", - "userSMIMECertificate","userPKCS12")); - - echo $display; + if($mode == 2){ // Single Entry Export ! + $dn = base64_decode($_GET['dn']); + $display = $ldap->gen_one_entry($dn); + echo $display; + } + elseif($mode == 3){ // Full LDIF Export ! + $dn = base64_decode($_GET['dn']); + $display = $ldap->gen_ldif($dn); + echo $display; + } + elseif($mode == 4){ // IVBB LDIF Export + $dn = base64_decode($_GET['dn']); + $display= $ldap->gen_ldif($dn,"(objectClass=ivbbentry)",array( + "GouvernmentOrganizationalUnit","houseIdentifier","vocation", + "ivbbLastDeliveryCollective","gouvernmentOrganizationalPersonLocality", + "gouvernmentOrganizationalUnitDescription","gouvernmentOrganizationalUnitSubjectArea", + "functionalTitle","role","certificateSerialNumber","userCertificate","publicVisible", + "telephoneNumber","seeAlso","description","title","x121Address","registeredAddress", + "destinationIndicator","preferredDeliveryMethod","telexNumber","teletexTerminalIdentifier", + "telephoneNumber","internationaliSDNNumber","facsimileTelephoneNumber","street", + "postOfficeBox","postalCode","postalAddress","physicalDeliveryOfficeName","ou", + "st","l","audio","businessCategory","carLicense","departmentNumber","displayName", + "employeeNumber","employeeType","givenName","homePhone","homePostalAddress", + "initials","jpegPhoto","labeledURI","mail","manager","mobile","o","pager","photo", + "roomNumber","secretary","userCertificate","x500uniqueIdentifier","preferredLanguage", + "userSMIMECertificate","userPKCS12")); + + echo $display; } } @@ -72,6 +72,15 @@ if (!isset($_SESSION['ui'])){ $ui= $_SESSION["ui"]; $config= $_SESSION['config']; +/* Check ACL's */ +$dn = base64_decode($_GET['dn']); +$acl = $ui->get_permissions($dn,"ldapmanager/ldifexport"); +if(!preg_match("/r/",$acl)){ + echo "insufficient permissions"; + exit(); +} + + header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT"); header("Cache-Control: no-cache"); @@ -80,26 +89,19 @@ header("Cache-Control: post-check=0, pre-check=0"); header("Content-type: text/plain"); -/* Check ACL's */ -$acl= get_permissions ($config->current['BASE'], $ui->subtreeACL); -$acl= get_module_permission($acl, "all", $config->current['BASE']); -if (chkacl($acl, "all") != ""){ - header ("Location: index.php"); - exit; -} switch ($_GET['ivbb']){ - case 2: dump_ldap (2); - break; + case 2: dump_ldap (2); + break; - case 3: dump_ldap (3); - break; + case 3: dump_ldap (3); + break; - case 4: dump_ldap (4); - break; - - default: - echo "Error in ivbb parameter. Request aborted."; - } + case 4: dump_ldap (4); + break; + + default: + echo "Error in ivbb parameter. Request aborted."; +} // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler: ?> diff --git a/html/getxls.php b/html/getxls.php index 7bb560e7d..ef5acfb9a 100644 --- a/html/getxls.php +++ b/html/getxls.php @@ -406,7 +406,7 @@ session_start (); /* Logged in? Simple security check */ if (!isset($_SESSION['ui'])){ - gosa_log ("Error: getldif.php called without session"); + gosa_log ("Error: getxls.php called without session"); header ("Location: index.php"); exit; } -- 2.30.2