gs_log(GS_LOG_NOTICE, $errmsg ? $errmsg : 'LDAP lookup: Error'); exit(1); } function _not_found($errmsg = '') { @header('HTTP/1.0 404 Not Found', true, 404); @header('Status: 404 Not Found', true, 404); @header('Content-Type: text/plain; charset=utf-8'); echo '/* ', $errmsg ? $errmsg : 'Not found.', ' */'; gs_log(GS_LOG_DEBUG, $errmsg ? $errmsg : 'LDAP lookup: User not found'); exit(1); } if (!is_array($_SESSION) || !@array_key_exists('sudo_user', @$_SESSION) || !@array_key_exists('info', @$_SESSION['sudo_user']) || !@array_key_exists('id', @$_SESSION['sudo_user']['info'])) { _not_allowed(); } if ($_SESSION['real_user']['name'] !== 'sysadmin' && !gs_user_is_admin(@$_SESSION['real_user']['name'])) { _not_allowed(); } if (!array_key_exists('u', $_REQUEST)) { _not_found('Username not specified.'); } $user = $_REQUEST['u']; include_once GS_DIR . 'inc/gs-fns/gs_ldap_user_search.php'; $user_info = gs_ldap_user_search($user); if (isGsError($user_info)) { _server_error($user_info->getMsg()); } if (!is_array($user_info)) { _server_error('Failed to look up user "' . $user . '" in LDAP.'); } require_once GS_DIR . 'lib/utf8-normalize/gs_utf_normal.php';
} } echo '<div class="nobr fr">', "\n"; echo ' ', __('Rolle'), ':', "\n"; echo '<select name="boi_role" tabindex="101" onchange="this.form.submit();">', "\n"; foreach ($roles as $role => $title) { echo '<option value="', $role, '"'; if ($role === $_SESSION['sudo_user']['boi_role']) { echo ' selected="selected"'; } echo '>', $title, '</option>', "\n"; } echo '</select>', "\n"; echo '</div>', "\n"; echo '<div class="nobr fr">', "\n"; if ($_SESSION['real_user']['name'] === 'sysadmin' || gs_user_is_admin(@$_SESSION['real_user']['name'])) { $query = '(SELECT 0 `id`, \'' . $DB->escape(__('Zentrale')) . '\' `comment`, 0 `ord` ) UNION (SELECT `id`, `comment`, 1 `ord` FROM `hosts` WHERE `is_foreign`=1 ) ORDER BY `ord`, `comment`'; } else { if (!$_SESSION['real_user']['info']['host_is_foreign']) { $query = '(SELECT 0 `id`, \'' . $DB->escape(__('Zentrale')) . '\' `comment`, 0 `ord` ) UNION (SELECT `h`.`id`, `h`.`comment`, 1 `ord` FROM
$_SESSION['sudo_user']['boi_session'] = null; } } # check if user is allowed to sudo as sudo_user # $sudo_allowed = false; if ($_SESSION['sudo_user']['name'] == $_SESSION['real_user']['name']) { # allow to edit own account //echo "IT'S *YOUR* ACCOUNT"; $sudo_allowed = true; } else { if ($_SESSION['real_user']['name'] === 'sysadmin') { # allow sysadmin to edit any account //echo "YOU ARE A SYSADMIN"; $sudo_allowed = true; } elseif (gs_user_is_admin(@$_SESSION['real_user']['name'])) { # allow admins to edit any account //echo "YOU ARE AN ADMIN"; $sudo_allowed = true; } else { if (GS_GUI_SUDO_EXTENDED) { include_once GS_HTDOCS_DIR . 'inc/permissions.php'; if (function_exists('gui_sudo_allowed')) { # allow/disallow depending on gui_sudo_allowed() $sudo_allowed = gui_sudo_allowed($_SESSION['real_user']['name'], $_SESSION['sudo_user']['name']); //echo "gui_sudo_allowed() returned ", (int)$sudo_allowed; } } } } if (!$sudo_allowed) {