function addImagePermissions($ownerdata, $resourceid, $virtual) { $ownerid = $ownerdata['id']; // create new node if it does not exist if ($virtual) { $nodename = 'newvmimages'; } else { $nodename = 'newimages'; } $query = "SELECT id " . "FROM privnode " . "WHERE name = '{$nodename}' AND " . "parent = 3"; $qh = doQuery($query, 101); if (!($row = mysql_fetch_assoc($qh))) { $query2 = "INSERT INTO privnode " . "(parent, " . "name) " . "VALUES " . "(3, " . "'{$nodename}')"; doQuery($query2, 101); $qh = doQuery($query, 101); $row = mysql_fetch_assoc($qh); } $parent = $row['id']; $query = "SELECT id " . "FROM privnode " . "WHERE name = '{$ownerdata['login']}-{$ownerid}' AND " . "parent = {$parent}"; $qh = doQuery($query, 101); if ($row = mysql_fetch_assoc($qh)) { $newnode = $row['id']; } else { $query = "INSERT INTO privnode " . "(parent, name) " . "VALUES ({$parent}, '{$ownerdata['login']}-{$ownerid}')"; doQuery($query, 101); $qh = doQuery("SELECT LAST_INSERT_ID() FROM privnode", 101); $row = mysql_fetch_row($qh); $newnode = $row[0]; } // give user imageCheckOut and imageAdmin at new node $newprivs = array('imageCheckOut', 'imageAdmin'); updateUserOrGroupPrivs($ownerid, $newnode, $newprivs, array(), 'user'); // create new image group if it does not exist $query = "SELECT id " . "FROM usergroup " . "WHERE name = 'manageNewImages'"; $qh = doQuery($query, 101); $row = mysql_fetch_assoc($qh); $ownergroupid = $row['id']; if ($virtual) { $prefix = 'newvmimages'; } else { $prefix = 'newimages'; } $query = "SELECT id " . "FROM resourcegroup " . "WHERE name = '{$prefix}-{$ownerdata['login']}-{$ownerid}' AND " . "ownerusergroupid = {$ownergroupid} AND " . "resourcetypeid = 13"; $qh = doQuery($query, 101); if ($row = mysql_fetch_assoc($qh)) { $resourcegroupid = $row['id']; } else { $query = "INSERT INTO resourcegroup " . "(name, " . "ownerusergroupid, " . "resourcetypeid) " . "VALUES ('{$prefix}-{$ownerdata['login']}-{$ownerid}', " . "{$ownergroupid}, " . "13)"; doQuery($query, 305); $qh = doQuery("SELECT LAST_INSERT_ID() FROM resourcegroup", 101); $row = mysql_fetch_row($qh); $resourcegroupid = $row[0]; // map group to newimages/newvmimages comp group if ($virtual) { $rgroupname = 'newvmimages'; } else { $rgroupname = 'newimages'; } $query = "SELECT id " . "FROM resourcegroup " . "WHERE name = '{$rgroupname}' AND " . "resourcetypeid = 12"; $qh = doQuery($query, 101); $row = mysql_fetch_assoc($qh); $compResGrpid = $row['id']; $query = "INSERT INTO resourcemap " . "(resourcegroupid1, " . "resourcetypeid1, " . "resourcegroupid2, " . "resourcetypeid2) " . "VALUES ({$resourcegroupid}, " . "13, " . "{$compResGrpid}, " . "12)"; doQuery($query, 101); } // make image group available at new node $adds = array('available', 'administer'); if ($virtual) { updateResourcePrivs("image/newvmimages-{$ownerdata['login']}-{$ownerid}", $newnode, $adds, array()); } else { updateResourcePrivs("image/newimages-{$ownerdata['login']}-{$ownerid}", $newnode, $adds, array()); } // add image to image group $query = "INSERT INTO resourcegroupmembers " . "(resourceid, resourcegroupid) " . "VALUES ({$resourceid}, {$resourcegroupid})"; doQuery($query, 101); }
function addImage($data) { global $user; if (get_magic_quotes_gpc()) { $data['description'] = stripslashes($data['description']); $data['usage'] = stripslashes($data['usage']); } $data['description'] = mysql_escape_string($data['description']); $data['usage'] = mysql_escape_string($data['usage']); $ownerdata = getUserInfo($data['owner']); $ownerid = $ownerdata['id']; if (empty($data['maxconcurrent']) || !is_numeric($data['maxconcurrent'])) { $data['maxconcurrent'] = 'NULL'; } $query = "INSERT INTO image " . "(prettyname, " . "ownerid, " . "platformid, " . "OSid, " . "minram, " . "minprocnumber, " . "minprocspeed, " . "minnetwork, " . "maxconcurrent, " . "reloadtime, " . "deleted, " . "description, " . "`usage`, " . "basedoffrevisionid) " . "VALUES ('{$data["prettyname"]}', " . "{$ownerid}, " . "{$data["platformid"]}, " . "{$data["osid"]}, " . "{$data["minram"]}, " . "{$data["minprocnumber"]}, " . "{$data["minprocspeed"]}, " . "{$data["minnetwork"]}, " . "{$data["maxconcurrent"]}, " . "{$data["reloadtime"]}, " . "1, " . "'{$data['description']}', " . "'{$data['usage']}', " . "{$data['basedoffrevisionid']})"; doQuery($query, 205); // get last insert id $qh = doQuery("SELECT LAST_INSERT_ID() FROM image", 206); if (!($row = mysql_fetch_row($qh))) { abort(207); } $imageid = $row[0]; // possibly add entry to imagemeta table $imagemetaid = 0; if ($data['checkuser'] != 0 && $data['checkuser'] != 1) { $data['checkuser'] = 1; } if (!is_numeric($data['usergroupid']) || $data['usergroupid'] <= 0) { $data['usergroupid'] = "NULL"; } if ($data['sysprep'] != 0 && $data['sysprep'] != 1) { $data['sysprep'] = 1; } if ($data['checkuser'] == 0 || is_numeric($data['usergroupid']) && $data['usergroupid'] > 0 || $data['sysprep'] == 0) { $query = "INSERT INTO imagemeta " . "(checkuser, " . "usergroupid, " . "sysprep) " . "VALUES " . "({$data['checkuser']}, " . "{$data['usergroupid']}, " . "{$data['sysprep']})"; doQuery($query, 101); // get last insert id $qh = doQuery("SELECT LAST_INSERT_ID() FROM imagemeta", 101); if (!($row = mysql_fetch_row($qh))) { abort(207); } $imagemetaid = $row[0]; } // create name from pretty name, os, and last insert id $OSs = getOSList(); $name = $OSs[$data["osid"]]["name"] . "-" . preg_replace('/\\W/', '', $data["prettyname"]) . $imageid . "-v0"; if ($imagemetaid) { $query = "UPDATE image " . "SET name = '{$name}', " . "imagemetaid = {$imagemetaid} " . "WHERE id = {$imageid}"; } else { $query = "UPDATE image SET name = '{$name}' WHERE id = {$imageid}"; } doQuery($query, 208); $query = "INSERT INTO imagerevision " . "(imageid, " . "userid, " . "datecreated, " . "production, " . "imagename, " . "comments) " . "VALUES ({$imageid}, " . "{$user['id']}, " . "NOW(), " . "1, " . "'{$name}', " . "'{$data['comments']}')"; doQuery($query, 101); // add entry in resource table $query = "INSERT INTO resource " . "(resourcetypeid, " . "subid) " . "VALUES (13, " . "{$imageid})"; doQuery($query, 209); $qh = doQuery("SELECT LAST_INSERT_ID() FROM resource", 101); $row = mysql_fetch_row($qh); $resourceid = $row[0]; if (strncmp($OSs[$data['osid']]['name'], 'vmware', 6) == 0) { $vmware = 1; } else { $vmware = 0; } // create new node if it does not exist if ($vmware) { $nodename = 'newvmimages'; } else { $nodename = 'newimages'; } $query = "SELECT id " . "FROM privnode " . "WHERE name = '{$nodename}' AND " . "parent = 3"; $qh = doQuery($query, 101); if (!($row = mysql_fetch_assoc($qh))) { $query2 = "INSERT INTO privnode " . "(parent, " . "name) " . "VALUES " . "(3, " . "'{$nodename}')"; doQuery($query2, 101); $qh = doQuery($query, 101); $row = mysql_fetch_assoc($qh); } $parent = $row['id']; $query = "SELECT id " . "FROM privnode " . "WHERE name = '{$ownerdata['login']}-{$ownerid}' AND " . "parent = {$parent}"; $qh = doQuery($query, 101); if ($row = mysql_fetch_assoc($qh)) { $newnode = $row['id']; } else { $query = "INSERT INTO privnode " . "(parent, name) " . "VALUES ({$parent}, '{$ownerdata['login']}-{$ownerid}')"; doQuery($query, 101); $qh = doQuery("SELECT LAST_INSERT_ID() FROM privnode", 101); $row = mysql_fetch_row($qh); $newnode = $row[0]; } // give user imageCheckOut and imageAdmin at new node $newprivs = array('imageCheckOut', 'imageAdmin'); updateUserOrGroupPrivs($ownerid, $newnode, $newprivs, array(), 'user'); // create new image group if it does not exist $query = "SELECT id " . "FROM usergroup " . "WHERE name = 'manageNewImages'"; $qh = doQuery($query, 101); $row = mysql_fetch_assoc($qh); $ownergroupid = $row['id']; if ($vmware) { $prefix = 'newvmimages'; } else { $prefix = 'newimages'; } $query = "SELECT id " . "FROM resourcegroup " . "WHERE name = '{$prefix}-{$ownerdata['login']}-{$ownerid}' AND " . "ownerusergroupid = {$ownergroupid} AND " . "resourcetypeid = 13"; $qh = doQuery($query, 101); if ($row = mysql_fetch_assoc($qh)) { $resourcegroupid = $row['id']; } else { $query = "INSERT INTO resourcegroup " . "(name, " . "ownerusergroupid, " . "resourcetypeid) " . "VALUES ('{$prefix}-{$ownerdata['login']}-{$ownerid}', " . "{$ownergroupid}, " . "13)"; doQuery($query, 305); $qh = doQuery("SELECT LAST_INSERT_ID() FROM resourcegroup", 101); $row = mysql_fetch_row($qh); $resourcegroupid = $row[0]; // map group to newimages/newvmimages comp group if ($vmware) { $rgroupname = 'newvmimages'; } else { $rgroupname = 'newimages'; } $query = "SELECT id " . "FROM resourcegroup " . "WHERE name = '{$rgroupname}' AND " . "resourcetypeid = 12"; $qh = doQuery($query, 101); $row = mysql_fetch_assoc($qh); $compResGrpid = $row['id']; $query = "INSERT INTO resourcemap " . "(resourcegroupid1, " . "resourcetypeid1, " . "resourcegroupid2, " . "resourcetypeid2) " . "VALUES ({$resourcegroupid}, " . "13, " . "{$compResGrpid}, " . "12)"; doQuery($query, 101); } // make image group available at new node $adds = array('available', 'administer'); if ($vmware) { updateResourcePrivs("image/newvmimages-{$ownerdata['login']}-{$ownerid}", $newnode, $adds, array()); } else { updateResourcePrivs("image/newimages-{$ownerdata['login']}-{$ownerid}", $newnode, $adds, array()); } // add image to image group $query = "INSERT INTO resourcegroupmembers " . "(resourceid, resourcegroupid) " . "VALUES ({$resourceid}, {$resourcegroupid})"; doQuery($query, 101); return $imageid; }
function AJsubmitAddResourcePriv() { global $user; $node = processInputVar("activeNode", ARG_NUMERIC); if (!checkUserHasPriv("resourceGrant", $user["id"], $node)) { $text = "You do not have rights to add new resource groups at this node."; print "addResourceGroupPaneHide(); "; print "alert('{$text}');"; return; } $newgroupid = processInputVar("newgroupid", ARG_NUMERIC); $privs = array("computerAdmin", "mgmtNodeAdmin", "imageAdmin", "scheduleAdmin", "serverProfileAdmin"); $resourcegroups = getUserResources($privs, array("manageGroup"), 1); $groupdata = getResourceGroups('', $newgroupid); if (empty($groupdata)) { $text = "Invalid resource group submitted."; print "addResourceGroupPaneHide(); "; print "alert('{$text}');"; return; } list($newtype, $tmp) = explode('/', $groupdata[$newgroupid]['name']); if (!array_key_exists($newgroupid, $resourcegroups[$newtype])) { $text = "You do not have rights to manage the specified resource group."; print "addResourceGroupPaneHide(); "; print "alert('{$text}');"; return; } $perms = explode(':', processInputVar('perms', ARG_STRING)); $privtypes = getResourcePrivs(); $newgroupprivs = array(); foreach ($privtypes as $type) { if (in_array($type, $perms)) { array_push($newgroupprivs, $type); } } if (empty($newgroupprivs) || count($newgroupprivs) == 1 && in_array("cascade", $newgroupprivs)) { $text = "<font color=red>No resource group privileges were specified</font>"; print setAttribute('addResourceGroupPrivStatus', 'innerHTML', $text); return; } updateResourcePrivs($newgroupid, $node, $newgroupprivs, array()); clearPrivCache(); print "refreshPerms(); "; print "addResourceGroupPaneHide(); "; }
function AJsubmitAddResourcePriv() { global $user; $node = processInputVar("activeNode", ARG_NUMERIC); if (!checkUserHasPriv("resourceGrant", $user["id"], $node)) { $text = "You do not have rights to add new resource groups at this node."; print "addUserGroupPaneHide(); "; print "alert('{$text}');"; dbDisconnect(); exit; } $newgroupid = processInputVar("newgroupid", ARG_NUMERIC); # FIXME validate newgroupid $perms = explode(':', processInputVar('perms', ARG_STRING)); $privtypes = array("block", "cascade", "available", "administer", "manageGroup"); $newgroupprivs = array(); foreach ($privtypes as $type) { if (in_array($type, $perms)) { array_push($newgroupprivs, $type); } } if (empty($newgroupprivs) || count($newgroupprivs) == 1 && in_array("cascade", $newgroupprivs)) { $text = "<font color=red>No resource group privileges were specified</font>"; print setAttribute('addResourceGroupPrivStatus', 'innerHTML', $text); dbDisconnect(); exit; } updateResourcePrivs($newgroupid, $node, $newgroupprivs, array()); clearPrivCache(); print "addResourceGroupPaneHide(); "; print "refreshPerms(); "; dbDisconnect(); exit; }
function _XMLRPCchangeResourceGroupPriv_sub($mode, $name, $type, $nodeid, $permissions) { require_once ".ht-inc/privileges.php"; global $user; if (!is_numeric($nodeid)) { return array('status' => 'error', 'errorcode' => 78, 'errormsg' => 'Invalid nodeid specified'); } if (!checkUserHasPriv("resourceGrant", $user['id'], $nodeid)) { return array('status' => 'error', 'errorcode' => 61, 'errormsg' => 'Unable to remove resource group privileges on this node'); } $resourcetypes = getTypes('resources'); if (!in_array($type, $resourcetypes['resources'])) { return array('status' => 'error', 'errorcode' => 71, 'errormsg' => 'Invalid resource type'); } $groupid = getResourceGroupID("{$type}/{$name}"); if (is_null($groupid)) { return array('status' => 'error', 'errorcode' => 74, 'errormsg' => 'resource group does not exist'); } $changeperms = explode(':', $permissions); $allperms = getResourcePrivs(); $diff = array_diff($changeperms, $allperms); if (count($diff)) { return array('status' => 'error', 'errorcode' => 66, 'errormsg' => 'Invalid or missing permissions list supplied'); } $nocheckperms = array('block', 'cascade', 'available'); $checkperms = array_diff($changeperms, $nocheckperms); $groupdata = getResourceGroups($type, $groupid); if (count($checkperms) && !array_key_exists($groupdata[$groupid]["ownerid"], $user["groups"])) { return array('status' => 'error', 'errorcode' => 79, 'errormsg' => 'Unable to modify privilege set for resource group'); } $key = "{$type}/{$name}/{$groupid}"; $cnp = getNodeCascadePrivileges($nodeid, "resources"); $np = getNodePrivileges($nodeid, 'resources'); if (array_key_exists($key, $cnp['resources']) && (!array_key_exists($key, $np['resources']) || !in_array('block', $np['resources'][$key]))) { $intersect = array_intersect($cnp['resources'][$key], $changeperms); if (count($intersect)) { return array('status' => 'error', 'errorcode' => 80, 'errormsg' => 'Unable to modify privileges cascaded to this node'); } } if ($mode == 'remove') { $diff = array_diff($np['resources'][$key], $changeperms); if (count($diff) == 1 && in_array("cascade", $diff)) { $changeperms[] = 'cascade'; } } if ($mode == 'add') { updateResourcePrivs("{$groupid}", $nodeid, $changeperms, array()); } elseif ($mode == 'remove') { updateResourcePrivs("{$groupid}", $nodeid, array(), $changeperms); } return array('status' => 'success'); }