function addImagePermissions($ownerdata, $resourceid, $virtual)
{
$ownerid = $ownerdata['id'];
// create new node if it does not exist
if ($virtual) {
$nodename = 'newvmimages';
} else {
$nodename = 'newimages';
}
$query = "SELECT id " . "FROM privnode " . "WHERE name = '{$nodename}' AND " . "parent = 3";
$qh = doQuery($query, 101);
if (!($row = mysql_fetch_assoc($qh))) {
$query2 = "INSERT INTO privnode " . "(parent, " . "name) " . "VALUES " . "(3, " . "'{$nodename}')";
doQuery($query2, 101);
$qh = doQuery($query, 101);
$row = mysql_fetch_assoc($qh);
}
$parent = $row['id'];
$query = "SELECT id " . "FROM privnode " . "WHERE name = '{$ownerdata['login']}-{$ownerid}' AND " . "parent = {$parent}";
$qh = doQuery($query, 101);
if ($row = mysql_fetch_assoc($qh)) {
$newnode = $row['id'];
} else {
$query = "INSERT INTO privnode " . "(parent, name) " . "VALUES ({$parent}, '{$ownerdata['login']}-{$ownerid}')";
doQuery($query, 101);
$qh = doQuery("SELECT LAST_INSERT_ID() FROM privnode", 101);
$row = mysql_fetch_row($qh);
$newnode = $row[0];
}
// give user imageCheckOut and imageAdmin at new node
$newprivs = array('imageCheckOut', 'imageAdmin');
updateUserOrGroupPrivs($ownerid, $newnode, $newprivs, array(), 'user');
// create new image group if it does not exist
$query = "SELECT id " . "FROM usergroup " . "WHERE name = 'manageNewImages'";
$qh = doQuery($query, 101);
$row = mysql_fetch_assoc($qh);
$ownergroupid = $row['id'];
if ($virtual) {
$prefix = 'newvmimages';
} else {
$prefix = 'newimages';
}
$query = "SELECT id " . "FROM resourcegroup " . "WHERE name = '{$prefix}-{$ownerdata['login']}-{$ownerid}' AND " . "ownerusergroupid = {$ownergroupid} AND " . "resourcetypeid = 13";
$qh = doQuery($query, 101);
if ($row = mysql_fetch_assoc($qh)) {
$resourcegroupid = $row['id'];
} else {
$query = "INSERT INTO resourcegroup " . "(name, " . "ownerusergroupid, " . "resourcetypeid) " . "VALUES ('{$prefix}-{$ownerdata['login']}-{$ownerid}', " . "{$ownergroupid}, " . "13)";
doQuery($query, 305);
$qh = doQuery("SELECT LAST_INSERT_ID() FROM resourcegroup", 101);
$row = mysql_fetch_row($qh);
$resourcegroupid = $row[0];
// map group to newimages/newvmimages comp group
if ($virtual) {
$rgroupname = 'newvmimages';
} else {
$rgroupname = 'newimages';
}
$query = "SELECT id " . "FROM resourcegroup " . "WHERE name = '{$rgroupname}' AND " . "resourcetypeid = 12";
$qh = doQuery($query, 101);
$row = mysql_fetch_assoc($qh);
$compResGrpid = $row['id'];
$query = "INSERT INTO resourcemap " . "(resourcegroupid1, " . "resourcetypeid1, " . "resourcegroupid2, " . "resourcetypeid2) " . "VALUES ({$resourcegroupid}, " . "13, " . "{$compResGrpid}, " . "12)";
doQuery($query, 101);
}
// make image group available at new node
$adds = array('available', 'administer');
if ($virtual) {
updateResourcePrivs("image/newvmimages-{$ownerdata['login']}-{$ownerid}", $newnode, $adds, array());
} else {
updateResourcePrivs("image/newimages-{$ownerdata['login']}-{$ownerid}", $newnode, $adds, array());
}
// add image to image group
$query = "INSERT INTO resourcegroupmembers " . "(resourceid, resourcegroupid) " . "VALUES ({$resourceid}, {$resourcegroupid})";
doQuery($query, 101);
}
function addImage($data)
{
global $user;
if (get_magic_quotes_gpc()) {
$data['description'] = stripslashes($data['description']);
$data['usage'] = stripslashes($data['usage']);
}
$data['description'] = mysql_escape_string($data['description']);
$data['usage'] = mysql_escape_string($data['usage']);
$ownerdata = getUserInfo($data['owner']);
$ownerid = $ownerdata['id'];
if (empty($data['maxconcurrent']) || !is_numeric($data['maxconcurrent'])) {
$data['maxconcurrent'] = 'NULL';
}
$query = "INSERT INTO image " . "(prettyname, " . "ownerid, " . "platformid, " . "OSid, " . "minram, " . "minprocnumber, " . "minprocspeed, " . "minnetwork, " . "maxconcurrent, " . "reloadtime, " . "deleted, " . "description, " . "`usage`, " . "basedoffrevisionid) " . "VALUES ('{$data["prettyname"]}', " . "{$ownerid}, " . "{$data["platformid"]}, " . "{$data["osid"]}, " . "{$data["minram"]}, " . "{$data["minprocnumber"]}, " . "{$data["minprocspeed"]}, " . "{$data["minnetwork"]}, " . "{$data["maxconcurrent"]}, " . "{$data["reloadtime"]}, " . "1, " . "'{$data['description']}', " . "'{$data['usage']}', " . "{$data['basedoffrevisionid']})";
doQuery($query, 205);
// get last insert id
$qh = doQuery("SELECT LAST_INSERT_ID() FROM image", 206);
if (!($row = mysql_fetch_row($qh))) {
abort(207);
}
$imageid = $row[0];
// possibly add entry to imagemeta table
$imagemetaid = 0;
if ($data['checkuser'] != 0 && $data['checkuser'] != 1) {
$data['checkuser'] = 1;
}
if (!is_numeric($data['usergroupid']) || $data['usergroupid'] <= 0) {
$data['usergroupid'] = "NULL";
}
if ($data['sysprep'] != 0 && $data['sysprep'] != 1) {
$data['sysprep'] = 1;
}
if ($data['checkuser'] == 0 || is_numeric($data['usergroupid']) && $data['usergroupid'] > 0 || $data['sysprep'] == 0) {
$query = "INSERT INTO imagemeta " . "(checkuser, " . "usergroupid, " . "sysprep) " . "VALUES " . "({$data['checkuser']}, " . "{$data['usergroupid']}, " . "{$data['sysprep']})";
doQuery($query, 101);
// get last insert id
$qh = doQuery("SELECT LAST_INSERT_ID() FROM imagemeta", 101);
if (!($row = mysql_fetch_row($qh))) {
abort(207);
}
$imagemetaid = $row[0];
}
// create name from pretty name, os, and last insert id
$OSs = getOSList();
$name = $OSs[$data["osid"]]["name"] . "-" . preg_replace('/\\W/', '', $data["prettyname"]) . $imageid . "-v0";
if ($imagemetaid) {
$query = "UPDATE image " . "SET name = '{$name}', " . "imagemetaid = {$imagemetaid} " . "WHERE id = {$imageid}";
} else {
$query = "UPDATE image SET name = '{$name}' WHERE id = {$imageid}";
}
doQuery($query, 208);
$query = "INSERT INTO imagerevision " . "(imageid, " . "userid, " . "datecreated, " . "production, " . "imagename, " . "comments) " . "VALUES ({$imageid}, " . "{$user['id']}, " . "NOW(), " . "1, " . "'{$name}', " . "'{$data['comments']}')";
doQuery($query, 101);
// add entry in resource table
$query = "INSERT INTO resource " . "(resourcetypeid, " . "subid) " . "VALUES (13, " . "{$imageid})";
doQuery($query, 209);
$qh = doQuery("SELECT LAST_INSERT_ID() FROM resource", 101);
$row = mysql_fetch_row($qh);
$resourceid = $row[0];
if (strncmp($OSs[$data['osid']]['name'], 'vmware', 6) == 0) {
$vmware = 1;
} else {
$vmware = 0;
}
// create new node if it does not exist
if ($vmware) {
$nodename = 'newvmimages';
} else {
$nodename = 'newimages';
}
$query = "SELECT id " . "FROM privnode " . "WHERE name = '{$nodename}' AND " . "parent = 3";
$qh = doQuery($query, 101);
if (!($row = mysql_fetch_assoc($qh))) {
$query2 = "INSERT INTO privnode " . "(parent, " . "name) " . "VALUES " . "(3, " . "'{$nodename}')";
doQuery($query2, 101);
$qh = doQuery($query, 101);
$row = mysql_fetch_assoc($qh);
}
$parent = $row['id'];
$query = "SELECT id " . "FROM privnode " . "WHERE name = '{$ownerdata['login']}-{$ownerid}' AND " . "parent = {$parent}";
$qh = doQuery($query, 101);
if ($row = mysql_fetch_assoc($qh)) {
$newnode = $row['id'];
} else {
$query = "INSERT INTO privnode " . "(parent, name) " . "VALUES ({$parent}, '{$ownerdata['login']}-{$ownerid}')";
doQuery($query, 101);
$qh = doQuery("SELECT LAST_INSERT_ID() FROM privnode", 101);
$row = mysql_fetch_row($qh);
$newnode = $row[0];
}
// give user imageCheckOut and imageAdmin at new node
$newprivs = array('imageCheckOut', 'imageAdmin');
updateUserOrGroupPrivs($ownerid, $newnode, $newprivs, array(), 'user');
// create new image group if it does not exist
$query = "SELECT id " . "FROM usergroup " . "WHERE name = 'manageNewImages'";
$qh = doQuery($query, 101);
$row = mysql_fetch_assoc($qh);
$ownergroupid = $row['id'];
if ($vmware) {
$prefix = 'newvmimages';
} else {
$prefix = 'newimages';
}
$query = "SELECT id " . "FROM resourcegroup " . "WHERE name = '{$prefix}-{$ownerdata['login']}-{$ownerid}' AND " . "ownerusergroupid = {$ownergroupid} AND " . "resourcetypeid = 13";
$qh = doQuery($query, 101);
if ($row = mysql_fetch_assoc($qh)) {
$resourcegroupid = $row['id'];
} else {
$query = "INSERT INTO resourcegroup " . "(name, " . "ownerusergroupid, " . "resourcetypeid) " . "VALUES ('{$prefix}-{$ownerdata['login']}-{$ownerid}', " . "{$ownergroupid}, " . "13)";
doQuery($query, 305);
$qh = doQuery("SELECT LAST_INSERT_ID() FROM resourcegroup", 101);
$row = mysql_fetch_row($qh);
$resourcegroupid = $row[0];
// map group to newimages/newvmimages comp group
if ($vmware) {
$rgroupname = 'newvmimages';
} else {
$rgroupname = 'newimages';
}
$query = "SELECT id " . "FROM resourcegroup " . "WHERE name = '{$rgroupname}' AND " . "resourcetypeid = 12";
$qh = doQuery($query, 101);
$row = mysql_fetch_assoc($qh);
$compResGrpid = $row['id'];
$query = "INSERT INTO resourcemap " . "(resourcegroupid1, " . "resourcetypeid1, " . "resourcegroupid2, " . "resourcetypeid2) " . "VALUES ({$resourcegroupid}, " . "13, " . "{$compResGrpid}, " . "12)";
doQuery($query, 101);
}
// make image group available at new node
$adds = array('available', 'administer');
if ($vmware) {
updateResourcePrivs("image/newvmimages-{$ownerdata['login']}-{$ownerid}", $newnode, $adds, array());
} else {
updateResourcePrivs("image/newimages-{$ownerdata['login']}-{$ownerid}", $newnode, $adds, array());
}
// add image to image group
$query = "INSERT INTO resourcegroupmembers " . "(resourceid, resourcegroupid) " . "VALUES ({$resourceid}, {$resourcegroupid})";
doQuery($query, 101);
return $imageid;
}
function AJsubmitAddResourcePriv()
{
global $user;
$node = processInputVar("activeNode", ARG_NUMERIC);
if (!checkUserHasPriv("resourceGrant", $user["id"], $node)) {
$text = "You do not have rights to add new resource groups at this node.";
print "addResourceGroupPaneHide(); ";
print "alert('{$text}');";
return;
}
$newgroupid = processInputVar("newgroupid", ARG_NUMERIC);
$privs = array("computerAdmin", "mgmtNodeAdmin", "imageAdmin", "scheduleAdmin", "serverProfileAdmin");
$resourcegroups = getUserResources($privs, array("manageGroup"), 1);
$groupdata = getResourceGroups('', $newgroupid);
if (empty($groupdata)) {
$text = "Invalid resource group submitted.";
print "addResourceGroupPaneHide(); ";
print "alert('{$text}');";
return;
}
list($newtype, $tmp) = explode('/', $groupdata[$newgroupid]['name']);
if (!array_key_exists($newgroupid, $resourcegroups[$newtype])) {
$text = "You do not have rights to manage the specified resource group.";
print "addResourceGroupPaneHide(); ";
print "alert('{$text}');";
return;
}
$perms = explode(':', processInputVar('perms', ARG_STRING));
$privtypes = getResourcePrivs();
$newgroupprivs = array();
foreach ($privtypes as $type) {
if (in_array($type, $perms)) {
array_push($newgroupprivs, $type);
}
}
if (empty($newgroupprivs) || count($newgroupprivs) == 1 && in_array("cascade", $newgroupprivs)) {
$text = "<font color=red>No resource group privileges were specified</font>";
print setAttribute('addResourceGroupPrivStatus', 'innerHTML', $text);
return;
}
updateResourcePrivs($newgroupid, $node, $newgroupprivs, array());
clearPrivCache();
print "refreshPerms(); ";
print "addResourceGroupPaneHide(); ";
}
function AJsubmitAddResourcePriv()
{
global $user;
$node = processInputVar("activeNode", ARG_NUMERIC);
if (!checkUserHasPriv("resourceGrant", $user["id"], $node)) {
$text = "You do not have rights to add new resource groups at this node.";
print "addUserGroupPaneHide(); ";
print "alert('{$text}');";
dbDisconnect();
exit;
}
$newgroupid = processInputVar("newgroupid", ARG_NUMERIC);
# FIXME validate newgroupid
$perms = explode(':', processInputVar('perms', ARG_STRING));
$privtypes = array("block", "cascade", "available", "administer", "manageGroup");
$newgroupprivs = array();
foreach ($privtypes as $type) {
if (in_array($type, $perms)) {
array_push($newgroupprivs, $type);
}
}
if (empty($newgroupprivs) || count($newgroupprivs) == 1 && in_array("cascade", $newgroupprivs)) {
$text = "<font color=red>No resource group privileges were specified</font>";
print setAttribute('addResourceGroupPrivStatus', 'innerHTML', $text);
dbDisconnect();
exit;
}
updateResourcePrivs($newgroupid, $node, $newgroupprivs, array());
clearPrivCache();
print "addResourceGroupPaneHide(); ";
print "refreshPerms(); ";
dbDisconnect();
exit;
}
function _XMLRPCchangeResourceGroupPriv_sub($mode, $name, $type, $nodeid, $permissions)
{
require_once ".ht-inc/privileges.php";
global $user;
if (!is_numeric($nodeid)) {
return array('status' => 'error', 'errorcode' => 78, 'errormsg' => 'Invalid nodeid specified');
}
if (!checkUserHasPriv("resourceGrant", $user['id'], $nodeid)) {
return array('status' => 'error', 'errorcode' => 61, 'errormsg' => 'Unable to remove resource group privileges on this node');
}
$resourcetypes = getTypes('resources');
if (!in_array($type, $resourcetypes['resources'])) {
return array('status' => 'error', 'errorcode' => 71, 'errormsg' => 'Invalid resource type');
}
$groupid = getResourceGroupID("{$type}/{$name}");
if (is_null($groupid)) {
return array('status' => 'error', 'errorcode' => 74, 'errormsg' => 'resource group does not exist');
}
$changeperms = explode(':', $permissions);
$allperms = getResourcePrivs();
$diff = array_diff($changeperms, $allperms);
if (count($diff)) {
return array('status' => 'error', 'errorcode' => 66, 'errormsg' => 'Invalid or missing permissions list supplied');
}
$nocheckperms = array('block', 'cascade', 'available');
$checkperms = array_diff($changeperms, $nocheckperms);
$groupdata = getResourceGroups($type, $groupid);
if (count($checkperms) && !array_key_exists($groupdata[$groupid]["ownerid"], $user["groups"])) {
return array('status' => 'error', 'errorcode' => 79, 'errormsg' => 'Unable to modify privilege set for resource group');
}
$key = "{$type}/{$name}/{$groupid}";
$cnp = getNodeCascadePrivileges($nodeid, "resources");
$np = getNodePrivileges($nodeid, 'resources');
if (array_key_exists($key, $cnp['resources']) && (!array_key_exists($key, $np['resources']) || !in_array('block', $np['resources'][$key]))) {
$intersect = array_intersect($cnp['resources'][$key], $changeperms);
if (count($intersect)) {
return array('status' => 'error', 'errorcode' => 80, 'errormsg' => 'Unable to modify privileges cascaded to this node');
}
}
if ($mode == 'remove') {
$diff = array_diff($np['resources'][$key], $changeperms);
if (count($diff) == 1 && in_array("cascade", $diff)) {
$changeperms[] = 'cascade';
}
}
if ($mode == 'add') {
updateResourcePrivs("{$groupid}", $nodeid, $changeperms, array());
} elseif ($mode == 'remove') {
updateResourcePrivs("{$groupid}", $nodeid, array(), $changeperms);
}
return array('status' => 'success');
}
