![[ DNS Administrator ]](/fx/dnsadmin-logo.png){kind=logo}
Legend:
- Unmodified
- Added
- Removed
-
trunk/DNSDB.pm
r78 r83 30 30 &addDomain &delDomain &domainName 31 31 &addGroup &delGroup &getChildren &groupName 32 &addUser & delUser &userFullName &userStatus32 &addUser &updateUser &delUser &userFullName &userStatus &getUserData 33 33 &getSOA &getRecLine &getDomRecs 34 34 &addRec &updateRec &delRec … … 45 45 &addDomain &delDomain &domainName 46 46 &addGroup &delGroup &getChildren &groupName 47 &addUser & delUser &userFullName &userStatus47 &addUser &updateUser &delUser &userFullName &userStatus &getUserData 48 48 &getSOA &getRecLine &getDomRecs 49 49 &addRec &updateRec &delRec … … 753 753 754 754 755 ## DNSDB:: updateUser() 756 # 757 sub updateUser { 758 my $dbh = shift; 759 my $uid = shift; 760 my $username = shift; 761 my $group = shift; 762 my $pass = shift; 763 my $state = shift; 764 my $type = shift; 765 my $fname = shift || $username; 766 my $lname = shift || ''; 767 my $phone = shift || ''; # not going format-check 768 769 my $failmsg = ''; 770 771 # Allow transactions, and raise an exception on errors so we can catch it later. 772 # Use local to make sure these get "reset" properly on exiting this block 773 local $dbh->{AutoCommit} = 0; 774 local $dbh->{RaiseError} = 1; 775 776 my $sth; 777 778 # Password can be left blank; if so we assume there's one on file. 779 # Actual blank passwords are bad, mm'kay? 780 if (!$pass) { 781 $sth = $dbh->prepare("SELECT password FROM users WHERE user_id=?"); 782 $sth->execute($uid); 783 ($pass) = $sth->fetchrow_array; 784 } else { 785 $pass = unix_md5_crypt($pass); 786 } 787 788 eval { 789 my $sth = $dbh->prepare(q( 790 UPDATE users 791 SET username=?, password=?, firstname=?, lastname=?, phone=?, type=?, status=? 792 WHERE user_id=? 793 ) 794 ); 795 $sth->execute($username, $pass, $fname, $lname, $phone, $type, $state, $uid); 796 $dbh->commit; 797 }; 798 if ($@) { 799 my $msg = $@; 800 eval { $dbh->rollback; }; 801 return ('FAIL',"$failmsg: $msg"); 802 } else { 803 return ('OK','OK'); 804 } 805 } # end updateUser() 806 807 755 808 ## DNSDB::delUser() 756 809 # … … 826 879 return $status; 827 880 } # end userStatus() 881 882 883 ## DNSDB::getUserData() 884 # Get misc user data for display 885 sub getUserData { 886 my $dbh = shift; 887 my $uid = shift; 888 889 my $sth = $dbh->prepare("SELECT group_id,username,firstname,lastname,phone,type,status,inherit_perm ". 890 "FROM users WHERE user_id=?"); 891 $sth->execute($uid); 892 return $sth->fetchrow_hashref(); 893 894 } # end getUserData() 828 895 829 896 -
trunk/dns.cgi
r80 r83 19 19 use Net::DNS; 20 20 use DBI; 21 use Data::Dumper; 21 22 22 23 use lib '.'; … … 592 593 } elsif ($webvar{page} eq 'user') { 593 594 594 fill_actypelist();595 #fill_actypelist($webvar{accttype}); 595 596 fill_clonemelist(); 596 597 my %grpperms; 597 598 getPermissions($dbh, 'group', $curgroup, \%grpperms); 598 fill_permissions($page, \%grpperms); 599 599 600 my $grppermlist = new HTML::Template(filename => "$templatedir/permlist.tmpl"); 600 601 my %noaccess; … … 602 603 $grppermlist->param(info => 1); 603 604 $page->param(grpperms => $grppermlist->output); 605 604 606 $page->param(is_admin => $permissions{admin}); 605 607 606 # if ($webvar{action} eq 'new') {607 # } els 608 if ($webvar{action} eq 'add') {608 if ($webvar{action} eq 'add' or $webvar{action} eq 'update') { 609 610 $page->param(add => 1) if $webvar{action} eq 'add'; 609 611 610 612 my ($code,$msg); 611 613 612 614 my $alterperms = 0; # flag iff we need to force custom permissions due to user's current access limits 615 my %newperms; 613 616 614 617 if ($webvar{pass1} ne $webvar{pass2}) { … … 616 619 $msg = "Passwords don't match"; 617 620 } else { 618 # assemble a permission string - far simpler than trying to pass an 619 # indeterminate set of permission flags individually 620 621 # ooooh. 622 # OOOOH. 623 # We have to see if the user can add any particularpermissions; otherwise we have a priviledge escalation. Whee.624 625 if (!$permissions{admin}) {626 627 628 629 630 631 632 633 634 635 }636 ##work 621 622 # assemble a permission string - far simpler than trying to pass an 623 # indeterminate set of permission flags individually 624 625 # But first, we have to see if the user can add any particular 626 # permissions; otherwise we have a priviledge escalation. Whee. 627 628 if (!$permissions{admin}) { 629 my %grpperms; 630 getPermissions($dbh, 'group', $curgroup, \%grpperms); 631 my $ret = comparePermissions(\%permissions, \%grpperms); 632 if ($ret ne '<' && $ret ne '!') { 633 # User's permissions are not a superset or equivalent to group. Can't inherit 634 # (and include access user doesn't currently have), so we force custom. 635 $webvar{perms_type} = 'custom'; 636 $alterperms = 1; 637 } 638 } 639 637 640 my $permstring; 638 641 if ($webvar{perms_type} eq 'custom') { 639 642 $permstring = 'C:'; 640 643 foreach (@permtypes) { 644 $newperms{$_} = 0; 645 $newperms{$_} = 1 if $webvar{$_} eq 'on'; 641 646 if ($permissions{admin}) { 642 647 $permstring .= ",$_" if defined($webvar{$_}) && $webvar{$_} eq 'on'; … … 652 657 $permstring = 'i'; 653 658 } 654 ($code,$msg) = addUser($dbh,$webvar{uname}, $curgroup, $webvar{pass1}, 655 ($webvar{makeactive} eq 'on' ? 1 : 0), $webvar{accttype}, $permstring, 656 $webvar{fname}, $webvar{lname}, $webvar{phone}); 657 } 658 659 # hokay, a bit of magic to decide which page we hit. 659 if ($webvar{action} eq 'add') { 660 ($code,$msg) = addUser($dbh, $webvar{uname}, $curgroup, $webvar{pass1}, 661 ($webvar{makeactive} eq 'on' ? 1 : 0), $webvar{accttype}, $permstring, 662 $webvar{fname}, $webvar{lname}, $webvar{phone}); 663 } else { 664 # User update is icky. I'd really like to do this in one atomic 665 # operation, but that would duplicate a **lot** of code in DNSDB.pm 666 # Allowing for changing group, but not coding web support just yet. 667 ($code,$msg) = updateUser($dbh, $webvar{uid}, $webvar{uname}, $webvar{gid}, $webvar{pass1}, 668 ($webvar{makeactive} eq 'on' ? 1 : 0), $webvar{accttype}, 669 $webvar{fname}, $webvar{lname}, $webvar{phone}); 670 if ($code eq 'OK') { 671 ##fixme - need to actually get a correct permission set to pass in here, 672 # also a flag to revert custom permissions to inherited 673 ##work 674 ($code,$msg) = changePermissions($dbh, 'user', $webvar{uid}, \%newperms); 675 } 676 } 677 } 678 660 679 if ($code eq 'OK') { 661 ##log 680 662 681 logaction(0, $session->param("username"), $webvar{group}, 663 "Addeduser $webvar{uname} ($webvar{fname} $webvar{lname})");682 ($webvar{action} eq 'add' ? 'Added' : 'Updated')." user $webvar{uname} ($webvar{fname} $webvar{lname})"); 664 683 if ($alterperms) { 665 684 changepage(page => "useradmin", warnmsg => 666 "You can only grant permissions you hold. $webvar{uname} added with reduced access."); 685 "You can only grant permissions you hold. $webvar{uname} ". 686 ($webvar{action} eq 'add' ? 'added' : 'updated')." with reduced access."); 667 687 } else { 668 688 changepage(page => "useradmin"); 669 689 } 690 691 # add/update failed: 670 692 } else { 671 # oddity - apparently, xhtml 1.0 strict swallows username as an HTML::Template var. O_o672 693 $page->param(add_failed => 1); 694 $page->param(action => $webvar{action}); 695 $page->param(set_permgroup => 1); 673 696 $page->param(uname => $webvar{uname}); 674 697 $page->param(fname => $webvar{fname}); … … 677 700 $page->param(pass2 => $webvar{pass2}); 678 701 $page->param(errmsg => $msg); 679 fill_actypelist(); 702 fill_permissions($page, \%newperms); 703 fill_actypelist($webvar{accttype}); 680 704 fill_clonemelist(); 681 705 } 682 706 683 707 } elsif ($webvar{action} eq 'edit') { 684 } elsif ($webvar{action} eq 'update') { 708 709 $page->param(set_permgroup => 1); 710 $page->param(action => 'update'); 711 $page->param(uid => $webvar{user}); 712 fill_clonemelist(); 713 714 my $userinfo = getUserData($dbh,$webvar{user}); 715 fill_actypelist($userinfo->{type}); 716 # not using this yet, but adding it now means we can *much* more easily do so later. 717 $page->param(gid => $webvar{group_id}); 718 719 my %curperms; 720 getPermissions($dbh, 'user', $webvar{user}, \%curperms); 721 fill_permissions($page, \%curperms); 722 723 $page->param(uname => $userinfo->{username}); 724 $page->param(fname => $userinfo->{firstname}); 725 $page->param(lname => $userinfo->{lastname}); 726 if ($userinfo->{inherit_perm}) { 727 $page->param(perm_inherit => 1); 728 } else { 729 $page->param(perm_custom => 1); 730 } 731 732 # } elsif ($webvar{action} eq 'update') { 685 733 } else { 686 734 # default is "new" 735 $page->param(add => 1); 736 $page->param(action => 'add'); 737 fill_permissions($page, \%grpperms); 738 fill_actypelist(); 687 739 } 688 740 … … 744 796 $page->param(pass2 => $webvar{pass2}); 745 797 $page->param(errmsg => $msg); 746 fill_actypelist( );798 fill_actypelist($webvar{accttype}); 747 799 fill_clonemelist(); 748 800 } … … 1168 1220 1169 1221 sub fill_actypelist { 1222 my $curtype = shift || 'u'; 1223 1170 1224 my @actypes; 1171 1225 1172 1226 my %row1 = (actypeval => 'u', actypename => 'user'); 1173 $row1{typesel} = 1 if $ webvar{accttype}eq 'u';1227 $row1{typesel} = 1 if $curtype eq 'u'; 1174 1228 push @actypes, \%row1; 1175 1229 1176 1230 my %row2 = (actypeval => 'S', actypename => 'superuser'); 1177 $row2{typesel} = 1 if $ webvar{accttype}eq 'S';1231 $row2{typesel} = 1 if $curtype eq 'S'; 1178 1232 push @actypes, \%row2; 1179 1233 1180 $page->param(actypelist 1234 $page->param(actypelist => \@actypes); 1181 1235 } 1182 1236
Note:
See TracChangeset
for help on using the changeset viewer.
