#!/usr/bin/perl -w #---------------------------------------------------------------------- # copyright (C) 2011-2012 Firewall Services # Daniel Berteaud # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA #---------------------------------------------------------------------- use strict; use esmith::templates; use esmith::ConfigDB; use esmith::AccountsDB; use File::Path qw(mkpath rmtree); use PHP::Serialization qw(serialize unserialize); my $c = esmith::ConfigDB->open_ro; my $a = esmith::AccountsDB->open_ro; # Remove all the permissions unlink(); # Remove active sessions unlink(); # Remove plugin and i18n cache unlink(); unlink(); foreach my $user (($a->users),$a->get('admin')){ my $name = $user->key; mkpath('/var/lib/ajaxplorer/plugins/auth.serial/' . $name); chmod 0770, "/var/lib/ajaxplorer/plugins/auth.serial/$name"; chown '0', '102', "/var/lib/ajaxplorer/plugins/auth.serial/$name"; if (-s "/var/lib/ajaxplorer/plugins/auth.serial/$name/role.ser"){ open RROLE, "/var/lib/ajaxplorer/plugins/auth.serial/$name/role.ser"; my $data = ; close RROLE; $data = unserialize($data); delete $data->{"\0*\0acls"} if (defined $data->{"\0*\0acls"}); foreach my $share ($a->get_all_by_prop(type => 'share')){ my $sharename = $share->key; my $access = $share->prop('Ajaxplorer') || 'disabled'; next unless ($access eq 'enabled'); my @readgroups = split(/[;,]/, $share->prop('ReadGroups') || ''); my @writegroups = split(/[;,]/, $share->prop('WriteGroups') || ''); my @readusers = split(/[;,]/, $share->prop('ReadUsers') || ''); my @writeusers = split(/[;,]/, $share->prop('WriteUsers') || ''); foreach (@readgroups){ $data->{"\0*\0acls"}->{$sharename} = 'r' if ( $a->is_user_in_group($name,$_) ); } foreach (@writegroups){ $data->{"\0*\0acls"}->{$sharename} = 'rw' if ( $a->is_user_in_group($name,$_) ); } foreach (@readusers){ $data->{"\0*\0acls"}->{$sharename} = 'r' if ( $_ eq $name ); } foreach (@writeusers){ $data->{"\0*\0acls"}->{$sharename} = 'rw' if ( $_ eq $name ); } } open WROLE, '+>', "/var/lib/ajaxplorer/plugins/auth.serial/$name/role.ser"; print WROLE serialize($data); close WROLE; } } my $ajxp = $c->get('ajaxplorer') || die "Couldn't find ajaxplorer entry in ConfigDB\n"; my $homedir = $ajxp->prop('HomeDir') || 'none'; if ($homedir eq 'enabled'){ foreach ($a->users){ my $name = $_->key; set_user_acl($name); } } elsif ($homedir eq 'users'){ foreach ($a->users){ my $name = $_->key; if (($_->prop('AjxpHomeDir') || 'disabled') eq 'enabled'){ set_user_acl($name); } else{ remove_user_acl($name); } } } else{ foreach ($a->users){ my $name = $_->key; remove_user_acl($name); } } sub set_user_acl{ my $user = shift; my $acl = `/usr/bin/getfacl /home/e-smith/files/users/$user 2>/dev/null | egrep -c '^user:(apache|www):'`; chomp($acl); return if ($acl > 0); system('/usr/bin/setfacl', '-m', 'u:www:x', "/home/e-smith/files/users/$user"); system('/usr/bin/setfacl', '-R', '-m', 'u:www:rX,d:u:www:rX', "/home/e-smith/files/users/$user/home"); } sub remove_user_acl{ my $user = shift; my $acl = `/usr/bin/getfacl /home/e-smith/files/users/$user 2>/dev/null | egrep -c '^user:(apache|www):'`; chomp($acl); return if ($acl < 1); system('/usr/bin/setfacl', '-R', '-x', 'u:www,d:u:www', "/home/e-smith/files/users/$user/home"); system('/usr/bin/setfacl', '-x', 'u:www', "/home/e-smith/files/users/$user"); }