Skip to content
This repository has been archived by the owner on Aug 9, 2021. It is now read-only.

Commit

Permalink
fix(agent): machine account creation
Browse files Browse the repository at this point in the history 
Must hack to workaround a security check in GLPI
This check should probably move elsewhere, a PR shjould be submitted for GLPI
Until then, this hack must be in place!

Signed-off-by: Thierry Bugier <tbugier@teclib.com>
  • Loading branch information
@btry @DIOHz0r
btry authored and DIOHz0r committed Jul 9, 2018
1 parent ac74bc1 commit 1f8e11f
Showing 1 changed file with 12 additions and 9 deletions.
21 changes: 12 additions & 9 deletions inc/agent.class.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1312,34 +1312,37 @@ protected function enrollByInvitationToken($input) {
'users_id' => $userId,
]);

// Awful hack because the current user profile does not
// have more rights than the profile of the agent.
// @see User::post_addItem()
// @see Profle::currentUserHaveMoreRightThan()
// @see Profile::getUnderActiveProfileRestrictRequest()
$backupProfileRight = $_SESSION['glpiactiveprofile']['profile'];
$_SESSION['glpiactiveprofile']['profile'] = $_SESSION['glpiactiveprofile']['profile'] | CREATE;

//create agent user account
$agentAccount = new User();
$agentAccount->add([
'usercategories_id' => $config['agentusercategories_id'],
'name' => 'flyvemdm-' . PluginFlyvemdmCommon::generateUUID(),
'realname' => $serial,
'profiles_id' => $config['agent_profiles_id'],
'_profiles_id' => $config['agent_profiles_id'],
'profiles_id' => $config['agent_profiles_id'], // Default profile when user logs in
'_entities_id' => $entityId,
'_is_recursive' => 0,
'authtype' => Auth::DB_GLPI,
]);

// End of awful hack !
$_SESSION['glpiactiveprofile']['profile'] = $backupProfileRight;

if ($agentAccount->isNewItem()) {
$event = __('Cannot create a user account for the agent', 'flyvemdm');
$this->filterMessages($event);
$this->logInvitationEvent($invitation, $event);
return false;
}

// Awful hack because the current user profile does not
// have more rights than the profile of the agent.
// @see User::post_addItem
$profileId = $config['agent_profiles_id'];
$agentUserId = $agentAccount->getID();
$DB->query("UPDATE `glpi_profiles_users` SET `profiles_id` = '$profileId'
WHERE `users_id` = '$agentUserId'");

$agentToken = User::getToken($agentAccount->getID(), 'api_token');
if ($agentToken === false) {
$event = __('Cannot create the API token for the agent', 'flyvemdm');
Expand Down

0 comments on commit 1f8e11f

Please sign in to comment.