Exemplo n.º 1
0
 function addImagePermissions($ownerdata, $resourceid, $virtual)
 {
     $ownerid = $ownerdata['id'];
     // create new node if it does not exist
     if ($virtual) {
         $nodename = 'newvmimages';
     } else {
         $nodename = 'newimages';
     }
     $query = "SELECT id " . "FROM privnode " . "WHERE name = '{$nodename}' AND " . "parent = 3";
     $qh = doQuery($query, 101);
     if (!($row = mysql_fetch_assoc($qh))) {
         $query2 = "INSERT INTO privnode " . "(parent, " . "name) " . "VALUES " . "(3, " . "'{$nodename}')";
         doQuery($query2, 101);
         $qh = doQuery($query, 101);
         $row = mysql_fetch_assoc($qh);
     }
     $parent = $row['id'];
     $query = "SELECT id " . "FROM privnode " . "WHERE name = '{$ownerdata['login']}-{$ownerid}' AND " . "parent = {$parent}";
     $qh = doQuery($query, 101);
     if ($row = mysql_fetch_assoc($qh)) {
         $newnode = $row['id'];
     } else {
         $query = "INSERT INTO privnode " . "(parent, name) " . "VALUES ({$parent}, '{$ownerdata['login']}-{$ownerid}')";
         doQuery($query, 101);
         $qh = doQuery("SELECT LAST_INSERT_ID() FROM privnode", 101);
         $row = mysql_fetch_row($qh);
         $newnode = $row[0];
     }
     // give user imageCheckOut and imageAdmin at new node
     $newprivs = array('imageCheckOut', 'imageAdmin');
     updateUserOrGroupPrivs($ownerid, $newnode, $newprivs, array(), 'user');
     // create new image group if it does not exist
     $query = "SELECT id " . "FROM usergroup " . "WHERE name = 'manageNewImages'";
     $qh = doQuery($query, 101);
     $row = mysql_fetch_assoc($qh);
     $ownergroupid = $row['id'];
     if ($virtual) {
         $prefix = 'newvmimages';
     } else {
         $prefix = 'newimages';
     }
     $query = "SELECT id " . "FROM resourcegroup " . "WHERE name = '{$prefix}-{$ownerdata['login']}-{$ownerid}' AND " . "ownerusergroupid = {$ownergroupid} AND " . "resourcetypeid = 13";
     $qh = doQuery($query, 101);
     if ($row = mysql_fetch_assoc($qh)) {
         $resourcegroupid = $row['id'];
     } else {
         $query = "INSERT INTO resourcegroup " . "(name, " . "ownerusergroupid, " . "resourcetypeid) " . "VALUES ('{$prefix}-{$ownerdata['login']}-{$ownerid}', " . "{$ownergroupid}, " . "13)";
         doQuery($query, 305);
         $qh = doQuery("SELECT LAST_INSERT_ID() FROM resourcegroup", 101);
         $row = mysql_fetch_row($qh);
         $resourcegroupid = $row[0];
         // map group to newimages/newvmimages comp group
         if ($virtual) {
             $rgroupname = 'newvmimages';
         } else {
             $rgroupname = 'newimages';
         }
         $query = "SELECT id " . "FROM resourcegroup " . "WHERE name = '{$rgroupname}' AND " . "resourcetypeid = 12";
         $qh = doQuery($query, 101);
         $row = mysql_fetch_assoc($qh);
         $compResGrpid = $row['id'];
         $query = "INSERT INTO resourcemap " . "(resourcegroupid1, " . "resourcetypeid1, " . "resourcegroupid2, " . "resourcetypeid2) " . "VALUES ({$resourcegroupid}, " . "13, " . "{$compResGrpid}, " . "12)";
         doQuery($query, 101);
     }
     // make image group available at new node
     $adds = array('available', 'administer');
     if ($virtual) {
         updateResourcePrivs("image/newvmimages-{$ownerdata['login']}-{$ownerid}", $newnode, $adds, array());
     } else {
         updateResourcePrivs("image/newimages-{$ownerdata['login']}-{$ownerid}", $newnode, $adds, array());
     }
     // add image to image group
     $query = "INSERT INTO resourcegroupmembers " . "(resourceid, resourcegroupid) " . "VALUES ({$resourceid}, {$resourcegroupid})";
     doQuery($query, 101);
 }
Exemplo n.º 2
0
function addImage($data)
{
    global $user;
    if (get_magic_quotes_gpc()) {
        $data['description'] = stripslashes($data['description']);
        $data['usage'] = stripslashes($data['usage']);
    }
    $data['description'] = mysql_escape_string($data['description']);
    $data['usage'] = mysql_escape_string($data['usage']);
    $ownerdata = getUserInfo($data['owner']);
    $ownerid = $ownerdata['id'];
    if (empty($data['maxconcurrent']) || !is_numeric($data['maxconcurrent'])) {
        $data['maxconcurrent'] = 'NULL';
    }
    $query = "INSERT INTO image " . "(prettyname, " . "ownerid, " . "platformid, " . "OSid, " . "minram, " . "minprocnumber, " . "minprocspeed, " . "minnetwork, " . "maxconcurrent, " . "reloadtime, " . "deleted, " . "description, " . "`usage`, " . "basedoffrevisionid) " . "VALUES ('{$data["prettyname"]}', " . "{$ownerid}, " . "{$data["platformid"]}, " . "{$data["osid"]}, " . "{$data["minram"]}, " . "{$data["minprocnumber"]}, " . "{$data["minprocspeed"]}, " . "{$data["minnetwork"]}, " . "{$data["maxconcurrent"]}, " . "{$data["reloadtime"]}, " . "1, " . "'{$data['description']}', " . "'{$data['usage']}', " . "{$data['basedoffrevisionid']})";
    doQuery($query, 205);
    // get last insert id
    $qh = doQuery("SELECT LAST_INSERT_ID() FROM image", 206);
    if (!($row = mysql_fetch_row($qh))) {
        abort(207);
    }
    $imageid = $row[0];
    // possibly add entry to imagemeta table
    $imagemetaid = 0;
    if ($data['checkuser'] != 0 && $data['checkuser'] != 1) {
        $data['checkuser'] = 1;
    }
    if (!is_numeric($data['usergroupid']) || $data['usergroupid'] <= 0) {
        $data['usergroupid'] = "NULL";
    }
    if ($data['sysprep'] != 0 && $data['sysprep'] != 1) {
        $data['sysprep'] = 1;
    }
    if ($data['checkuser'] == 0 || is_numeric($data['usergroupid']) && $data['usergroupid'] > 0 || $data['sysprep'] == 0) {
        $query = "INSERT INTO imagemeta " . "(checkuser, " . "usergroupid, " . "sysprep) " . "VALUES " . "({$data['checkuser']}, " . "{$data['usergroupid']}, " . "{$data['sysprep']})";
        doQuery($query, 101);
        // get last insert id
        $qh = doQuery("SELECT LAST_INSERT_ID() FROM imagemeta", 101);
        if (!($row = mysql_fetch_row($qh))) {
            abort(207);
        }
        $imagemetaid = $row[0];
    }
    // create name from pretty name, os, and last insert id
    $OSs = getOSList();
    $name = $OSs[$data["osid"]]["name"] . "-" . preg_replace('/\\W/', '', $data["prettyname"]) . $imageid . "-v0";
    if ($imagemetaid) {
        $query = "UPDATE image " . "SET name = '{$name}', " . "imagemetaid = {$imagemetaid} " . "WHERE id = {$imageid}";
    } else {
        $query = "UPDATE image SET name = '{$name}' WHERE id = {$imageid}";
    }
    doQuery($query, 208);
    $query = "INSERT INTO imagerevision " . "(imageid, " . "userid, " . "datecreated, " . "production, " . "imagename, " . "comments) " . "VALUES ({$imageid}, " . "{$user['id']}, " . "NOW(), " . "1, " . "'{$name}', " . "'{$data['comments']}')";
    doQuery($query, 101);
    // add entry in resource table
    $query = "INSERT INTO resource " . "(resourcetypeid, " . "subid) " . "VALUES (13, " . "{$imageid})";
    doQuery($query, 209);
    $qh = doQuery("SELECT LAST_INSERT_ID() FROM resource", 101);
    $row = mysql_fetch_row($qh);
    $resourceid = $row[0];
    if (strncmp($OSs[$data['osid']]['name'], 'vmware', 6) == 0) {
        $vmware = 1;
    } else {
        $vmware = 0;
    }
    // create new node if it does not exist
    if ($vmware) {
        $nodename = 'newvmimages';
    } else {
        $nodename = 'newimages';
    }
    $query = "SELECT id " . "FROM privnode " . "WHERE name = '{$nodename}' AND " . "parent = 3";
    $qh = doQuery($query, 101);
    if (!($row = mysql_fetch_assoc($qh))) {
        $query2 = "INSERT INTO privnode " . "(parent, " . "name) " . "VALUES " . "(3, " . "'{$nodename}')";
        doQuery($query2, 101);
        $qh = doQuery($query, 101);
        $row = mysql_fetch_assoc($qh);
    }
    $parent = $row['id'];
    $query = "SELECT id " . "FROM privnode " . "WHERE name = '{$ownerdata['login']}-{$ownerid}' AND " . "parent = {$parent}";
    $qh = doQuery($query, 101);
    if ($row = mysql_fetch_assoc($qh)) {
        $newnode = $row['id'];
    } else {
        $query = "INSERT INTO privnode " . "(parent, name) " . "VALUES ({$parent}, '{$ownerdata['login']}-{$ownerid}')";
        doQuery($query, 101);
        $qh = doQuery("SELECT LAST_INSERT_ID() FROM privnode", 101);
        $row = mysql_fetch_row($qh);
        $newnode = $row[0];
    }
    // give user imageCheckOut and imageAdmin at new node
    $newprivs = array('imageCheckOut', 'imageAdmin');
    updateUserOrGroupPrivs($ownerid, $newnode, $newprivs, array(), 'user');
    // create new image group if it does not exist
    $query = "SELECT id " . "FROM usergroup " . "WHERE name = 'manageNewImages'";
    $qh = doQuery($query, 101);
    $row = mysql_fetch_assoc($qh);
    $ownergroupid = $row['id'];
    if ($vmware) {
        $prefix = 'newvmimages';
    } else {
        $prefix = 'newimages';
    }
    $query = "SELECT id " . "FROM resourcegroup " . "WHERE name = '{$prefix}-{$ownerdata['login']}-{$ownerid}' AND " . "ownerusergroupid = {$ownergroupid} AND " . "resourcetypeid = 13";
    $qh = doQuery($query, 101);
    if ($row = mysql_fetch_assoc($qh)) {
        $resourcegroupid = $row['id'];
    } else {
        $query = "INSERT INTO resourcegroup " . "(name, " . "ownerusergroupid, " . "resourcetypeid) " . "VALUES ('{$prefix}-{$ownerdata['login']}-{$ownerid}', " . "{$ownergroupid}, " . "13)";
        doQuery($query, 305);
        $qh = doQuery("SELECT LAST_INSERT_ID() FROM resourcegroup", 101);
        $row = mysql_fetch_row($qh);
        $resourcegroupid = $row[0];
        // map group to newimages/newvmimages comp group
        if ($vmware) {
            $rgroupname = 'newvmimages';
        } else {
            $rgroupname = 'newimages';
        }
        $query = "SELECT id " . "FROM resourcegroup " . "WHERE name = '{$rgroupname}' AND " . "resourcetypeid = 12";
        $qh = doQuery($query, 101);
        $row = mysql_fetch_assoc($qh);
        $compResGrpid = $row['id'];
        $query = "INSERT INTO resourcemap " . "(resourcegroupid1, " . "resourcetypeid1, " . "resourcegroupid2, " . "resourcetypeid2) " . "VALUES ({$resourcegroupid}, " . "13, " . "{$compResGrpid}, " . "12)";
        doQuery($query, 101);
    }
    // make image group available at new node
    $adds = array('available', 'administer');
    if ($vmware) {
        updateResourcePrivs("image/newvmimages-{$ownerdata['login']}-{$ownerid}", $newnode, $adds, array());
    } else {
        updateResourcePrivs("image/newimages-{$ownerdata['login']}-{$ownerid}", $newnode, $adds, array());
    }
    // add image to image group
    $query = "INSERT INTO resourcegroupmembers " . "(resourceid, resourcegroupid) " . "VALUES ({$resourceid}, {$resourcegroupid})";
    doQuery($query, 101);
    return $imageid;
}
Exemplo n.º 3
0
function AJsubmitAddResourcePriv()
{
    global $user;
    $node = processInputVar("activeNode", ARG_NUMERIC);
    if (!checkUserHasPriv("resourceGrant", $user["id"], $node)) {
        $text = "You do not have rights to add new resource groups at this node.";
        print "addResourceGroupPaneHide(); ";
        print "alert('{$text}');";
        return;
    }
    $newgroupid = processInputVar("newgroupid", ARG_NUMERIC);
    $privs = array("computerAdmin", "mgmtNodeAdmin", "imageAdmin", "scheduleAdmin", "serverProfileAdmin");
    $resourcegroups = getUserResources($privs, array("manageGroup"), 1);
    $groupdata = getResourceGroups('', $newgroupid);
    if (empty($groupdata)) {
        $text = "Invalid resource group submitted.";
        print "addResourceGroupPaneHide(); ";
        print "alert('{$text}');";
        return;
    }
    list($newtype, $tmp) = explode('/', $groupdata[$newgroupid]['name']);
    if (!array_key_exists($newgroupid, $resourcegroups[$newtype])) {
        $text = "You do not have rights to manage the specified resource group.";
        print "addResourceGroupPaneHide(); ";
        print "alert('{$text}');";
        return;
    }
    $perms = explode(':', processInputVar('perms', ARG_STRING));
    $privtypes = getResourcePrivs();
    $newgroupprivs = array();
    foreach ($privtypes as $type) {
        if (in_array($type, $perms)) {
            array_push($newgroupprivs, $type);
        }
    }
    if (empty($newgroupprivs) || count($newgroupprivs) == 1 && in_array("cascade", $newgroupprivs)) {
        $text = "<font color=red>No resource group privileges were specified</font>";
        print setAttribute('addResourceGroupPrivStatus', 'innerHTML', $text);
        return;
    }
    updateResourcePrivs($newgroupid, $node, $newgroupprivs, array());
    clearPrivCache();
    print "refreshPerms(); ";
    print "addResourceGroupPaneHide(); ";
}
Exemplo n.º 4
0
function AJsubmitAddResourcePriv()
{
    global $user;
    $node = processInputVar("activeNode", ARG_NUMERIC);
    if (!checkUserHasPriv("resourceGrant", $user["id"], $node)) {
        $text = "You do not have rights to add new resource groups at this node.";
        print "addUserGroupPaneHide(); ";
        print "alert('{$text}');";
        dbDisconnect();
        exit;
    }
    $newgroupid = processInputVar("newgroupid", ARG_NUMERIC);
    # FIXME validate newgroupid
    $perms = explode(':', processInputVar('perms', ARG_STRING));
    $privtypes = array("block", "cascade", "available", "administer", "manageGroup");
    $newgroupprivs = array();
    foreach ($privtypes as $type) {
        if (in_array($type, $perms)) {
            array_push($newgroupprivs, $type);
        }
    }
    if (empty($newgroupprivs) || count($newgroupprivs) == 1 && in_array("cascade", $newgroupprivs)) {
        $text = "<font color=red>No resource group privileges were specified</font>";
        print setAttribute('addResourceGroupPrivStatus', 'innerHTML', $text);
        dbDisconnect();
        exit;
    }
    updateResourcePrivs($newgroupid, $node, $newgroupprivs, array());
    clearPrivCache();
    print "addResourceGroupPaneHide(); ";
    print "refreshPerms(); ";
    dbDisconnect();
    exit;
}
Exemplo n.º 5
0
function _XMLRPCchangeResourceGroupPriv_sub($mode, $name, $type, $nodeid, $permissions)
{
    require_once ".ht-inc/privileges.php";
    global $user;
    if (!is_numeric($nodeid)) {
        return array('status' => 'error', 'errorcode' => 78, 'errormsg' => 'Invalid nodeid specified');
    }
    if (!checkUserHasPriv("resourceGrant", $user['id'], $nodeid)) {
        return array('status' => 'error', 'errorcode' => 61, 'errormsg' => 'Unable to remove resource group privileges on this node');
    }
    $resourcetypes = getTypes('resources');
    if (!in_array($type, $resourcetypes['resources'])) {
        return array('status' => 'error', 'errorcode' => 71, 'errormsg' => 'Invalid resource type');
    }
    $groupid = getResourceGroupID("{$type}/{$name}");
    if (is_null($groupid)) {
        return array('status' => 'error', 'errorcode' => 74, 'errormsg' => 'resource group does not exist');
    }
    $changeperms = explode(':', $permissions);
    $allperms = getResourcePrivs();
    $diff = array_diff($changeperms, $allperms);
    if (count($diff)) {
        return array('status' => 'error', 'errorcode' => 66, 'errormsg' => 'Invalid or missing permissions list supplied');
    }
    $nocheckperms = array('block', 'cascade', 'available');
    $checkperms = array_diff($changeperms, $nocheckperms);
    $groupdata = getResourceGroups($type, $groupid);
    if (count($checkperms) && !array_key_exists($groupdata[$groupid]["ownerid"], $user["groups"])) {
        return array('status' => 'error', 'errorcode' => 79, 'errormsg' => 'Unable to modify privilege set for resource group');
    }
    $key = "{$type}/{$name}/{$groupid}";
    $cnp = getNodeCascadePrivileges($nodeid, "resources");
    $np = getNodePrivileges($nodeid, 'resources');
    if (array_key_exists($key, $cnp['resources']) && (!array_key_exists($key, $np['resources']) || !in_array('block', $np['resources'][$key]))) {
        $intersect = array_intersect($cnp['resources'][$key], $changeperms);
        if (count($intersect)) {
            return array('status' => 'error', 'errorcode' => 80, 'errormsg' => 'Unable to modify privileges cascaded to this node');
        }
    }
    if ($mode == 'remove') {
        $diff = array_diff($np['resources'][$key], $changeperms);
        if (count($diff) == 1 && in_array("cascade", $diff)) {
            $changeperms[] = 'cascade';
        }
    }
    if ($mode == 'add') {
        updateResourcePrivs("{$groupid}", $nodeid, $changeperms, array());
    } elseif ($mode == 'remove') {
        updateResourcePrivs("{$groupid}", $nodeid, array(), $changeperms);
    }
    return array('status' => 'success');
}