fws
/
smeserver-ajaxplorer
4
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
Ajaxplorer integration on SME Server. Not maintained anymore
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
27 Commits
1 Branch
10 Tags
1.1 MiB
Tag: Branch: Tree: b027fe7a3e
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'b027fe7a3e'
${ noResults }
smeserver-ajaxplorer/root/etc/e-smith/events/actions/ajaxplorer-user-rights

146 lines
5.0 KiB
Raw Blame History

#!/usr/bin/perl -w
#----------------------------------------------------------------------
# copyright (C) 2011-2012 Firewall Services
# Daniel Berteaud <daniel@firewall-services.com>
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#----------------------------------------------------------------------
use strict;
use esmith::templates;
use esmith::ConfigDB;
use esmith::AccountsDB;
use File::Path qw(mkpath rmtree);
use PHP::Serialization qw(serialize unserialize);
my $c = esmith::ConfigDB->open_ro;
my $a = esmith::AccountsDB->open_ro;
# Remove all the permissions
unlink(</var/lib/ajaxplorer/plugins/auth.serial/*/rights.ser>);
# Remove active sessions
unlink(</var/lib/ajaxplorer/tmp/sess_*>);
# Remove plugin and i18n cache
unlink(</var/cache/ajaxplorer/plugin*.ser>);
unlink(</var/cache/ajaxplorer/i18n/*.ser>);
foreach my $user (($a->users),$a->get('admin')){
my $name = $user->key;
mkpath('/var/lib/ajaxplorer/plugins/auth.serial/' . $name);
chmod 0770, "/var/lib/ajaxplorer/plugins/auth.serial/$name";
chown '0', '102', "/var/lib/ajaxplorer/plugins/auth.serial/$name";
processTemplate(
{
TEMPLATE_PATH => "/var/lib/ajaxplorer/plugins/auth.serial/__user__/rights.ser",
MORE_DATA => {KEY=>$name},
OUTPUT_FILENAME => "/var/lib/ajaxplorer/plugins/auth.serial/$name/rights.ser",
});
if (-s "/var/lib/ajaxplorer/plugins/auth.serial/$name/role.ser"){
open RROLE, "/var/lib/ajaxplorer/plugins/auth.serial/$name/role.ser";
my $data = <RROLE>;
close RROLE;
$data = unserialize($data);
delete $data->{"\0*\0acls"} if (defined $data->{"\0*\0acls"});
foreach my $share ($a->get_all_by_prop(type => 'share')){
my $sharename = $share->key;
my $access = $share->prop('Ajaxplorer') || 'disabled';
next unless ($access eq 'enabled');
my @readgroups = split(/[;,]/, $share->prop('ReadGroups') || '');
my @writegroups = split(/[;,]/, $share->prop('WriteGroups') || '');
my @readusers = split(/[;,]/, $share->prop('ReadUsers') || '');
my @writeusers = split(/[;,]/, $share->prop('WriteUsers') || '');
foreach (@readgroups){
$data->{"\0*\0acls"}->{$sharename} = 'r' if ( $a->is_user_in_group($name,$_) );
}
foreach (@writegroups){
$data->{"\0*\0acls"}->{$sharename} = 'rw' if ( $a->is_user_in_group($name,$_) );
}
foreach (@readusers){
$data->{"\0*\0acls"}->{$sharename} = 'r' if ( $_ eq $name );
}
foreach (@writeusers){
$data->{"\0*\0acls"}->{$sharename} = 'rw' if ( $_ eq $name );
}
}
open WROLE, '+>', "/var/lib/ajaxplorer/plugins/auth.serial/$name/role.ser";
print WROLE serialize($data);
close WROLE;
}
}
my $ajxp = $c->get('ajaxplorer') || die "Couldn't find ajaxplorer entry in ConfigDB\n";
my $homedir = $ajxp->prop('HomeDir') || 'none';
if ($homedir eq 'enabled'){
foreach ($a->users){
my $name = $_->key;
set_user_acl($name);
}
}
elsif ($homedir eq 'users'){
foreach ($a->users){
my $name = $_->key;
if (($_->prop('AjxpHomeDir') || 'disabled') eq 'enabled'){
set_user_acl($name);
}
else{
remove_user_acl($name);
}
}
}
else{
foreach ($a->users){
my $name = $_->key;
remove_user_acl($name);
}
}
sub set_user_acl{
my $user = shift;
my $acl = `/usr/bin/getfacl /home/e-smith/files/users/$user 2>/dev/null | egrep -c '^user:(apache|www):'`;
chomp($acl);
return if ($acl > 0);
system('/usr/bin/setfacl',
'-m',
'u:www:x',
"/home/e-smith/files/users/$user");
system('/usr/bin/setfacl',
'-R',
'-m',
'u:www:rX,d:u:www:rX',
"/home/e-smith/files/users/$user/home");
}
sub remove_user_acl{
my $user = shift;
my $acl = `/usr/bin/getfacl /home/e-smith/files/users/$user 2>/dev/null | egrep -c '^user:(apache|www):'`;
chomp($acl);
return if ($acl < 1);
system('/usr/bin/setfacl',
'-R',
'-x',
'u:www,d:u:www',
"/home/e-smith/files/users/$user/home");
system('/usr/bin/setfacl',
'-x',
'u:www',
"/home/e-smith/files/users/$user");
}