Start of work on remote user / group database

acl/acl-lib.pl

@@ -1168,5 +1168,32 @@ $miniserv{'anonymous'} = join(" ", @anon);
 &reload_miniserv();
 }
 
+# split_userdb_string(string)
+# Converts a string like mysql://user:pass@host/db into separate parts
+sub split_userdb_string
+{
+my ($str) = @_;
+if ($str =~ /^([a-z]+):\/\/([^:]+):([^\@]+)\@([a-z0-9\.\-\_]+)\/([^\?]+)(\?(.*))?$/) {
+	my ($proto, $user, $pass, $host, $prefix, $argstr) =
+		($1, $2, $3, $3, $5, $7);
+	my %args = map { split(/=/, $_, 2) } split(/\&/, $argstr);
+	return ($proto, $user, $pass, $host, $prefix, \%args);
+	}
+return ( );
+}
+
+# join_userdb_string(proto, user, pass, host, prefix, &args)
+# Creates a string in the format accepted by split_userdb_string
+sub join_userdb_string
+{
+my ($proto, $user, $pass, $host, $prefix, $args) = @_;
+return "" if (!$proto);
+my $argstr;
+if (keys %$args) {
+	$argstr = "?".map { $_."=".$args->{$_} } (keys %$args);
+	}
+return $proto."://".$user.":".$pass."\@".$host."/".$prefix.$argstr;
+}
+
 1;
 

acl/acl_security.pl

@@ -149,6 +149,18 @@ printf "<input type=radio name=times value=1 %s> $text{'yes'}\n",
 printf "<input type=radio name=times value=0 %s> $text{'no'}</td>\n",
 	$o->{'times'} ? '' : 'checked';
 
+print "<td><b>$text{'acl_pass'}</b></td> <td>\n";
+printf "<input type=radio name=pass value=1 %s> $text{'yes'}\n",
+	$o->{'pass'} ? 'checked' : '';
+printf "<input type=radio name=pass value=0 %s> $text{'no'}</td> </tr>\n",
+	$o->{'pass'} ? '' : 'checked';
+
+print "<tr> <td><b>$text{'acl_sqls'}</b></td> <td>\n";
+printf "<input type=radio name=sqls value=1 %s> $text{'yes'}\n",
+	$o->{'sqls'} ? 'checked' : '';
+printf "<input type=radio name=sqls value=0 %s> $text{'no'}</td>\n",
+	$o->{'sqls'} ? '' : 'checked';
+
 print "</tr>\n";
 
 print "<tr> <td colspan=4><hr></td> </tr>\n";
@@ -211,5 +223,7 @@ $_[0]->{'cats'} = $in{'cats'};
 $_[0]->{'theme'} = $in{'theme'};
 $_[0]->{'ips'} = $in{'ips'};
 $_[0]->{'times'} = $in{'times'};
+$_[0]->{'pass'} = $in{'pass'};
+$_[0]->{'sql'} = $in{'sql'};
 }
 

acl/defaultacl

@@ -23,3 +23,5 @@ logouttime=1
 times=1
 minsize=1
 nochange=1
+pass=1
+sql=1

acl/edit_pass.cgi

@@ -2,6 +2,7 @@
 # Show password quality and change restrictions
 
 require './acl-lib.pl';
+$access{'pass'} || &error($text{'pass_ecannot'});
 &ui_print_header(undef, $text{'pass_title'}, "");
 &get_miniserv_config(\%miniserv);
 

acl/index.cgi

@@ -186,13 +186,20 @@ if ($access{'rbacenable'}) {
 	push(@links, "edit_rbac.cgi");
 	push(@titles, $text{'index_rbac'});
 	}
-push(@icons, "images/pass.gif");
-push(@links, "edit_pass.cgi");
-push(@titles, $text{'pass_title'});
+if ($access{'pass'}) {
+	push(@icons, "images/pass.gif");
+	push(@links, "edit_pass.cgi");
+	push(@titles, $text{'pass_title'});
+	}
+if ($access{'sql'}) {
+	push(@icons, "images/sql.gif");
+	push(@links, "edit_sql.cgi");
+	push(@titles, $text{'sql_title'});
+	}
 
 if (@icons) {
 	print &ui_hr();
-	&icons_table(\@links, \@titles, \@icons, scalar(@links));
+	&icons_table(\@links, \@titles, \@icons);
 	}
 
 &ui_print_footer("/", $text{'index'});

acl/lang/en

@@ -3,7 +3,7 @@ index_user=User
 index_modules=Modules
 index_create=Create a new Webmin user.
 index_rcreate=Create a new risk-level user.
-index_convert=Convert Unix to Webmin users
+index_convert=Convert Unix to Webmin Users
 index_cert=Request an SSL certificate
 index_certmsg=Click this button to request an SSL certificate that will allow you to securely login to Webmin without having to enter a username and password.
 index_return=user list
@@ -18,9 +18,9 @@ index_nogroups=No Webmin groups defined.
 index_gcreate=Create a new Webmin group.
 index_members=Members
 index_modgroups=Modules from group $1
-index_sync=Configure Unix user synchronization
-index_unix=Configure Unix user authentication
-index_sessions=View login sessions
+index_sync=Configure Unix user Synchronization
+index_unix=Configure Unix user Authentication
+index_sessions=View Login Sessions
 index_rbac=Setup RBAC
 index_delete=Delete Selected
 
@@ -197,6 +197,8 @@ acl_theme=Can change personal theme?
 acl_ips=Can change IP access control?
 acl_switch=Can switch to other users?
 acl_times=Can change allowed login times?
+acl_pass=Can change password restrictions?
+acl_sql=Can configure user and group database?
 
 log_modify=Modified Webmin user $1
 log_rename=Renamed Webmin user $1 to $2
@@ -344,6 +346,7 @@ gdeletes_users=Selected groups: $1
 gdeletes_ok=Delete Groups
 
 pass_title=Password Restrictions
+pass_ecannot=You are not allowed to edit password restrictions
 pass_header=Webmin password enforcement options
 pass_minsize=Minimum password length
 pass_nominsize=No minimum
@@ -372,3 +375,18 @@ cpass_name=Contains the username
 cpass_dict=Is a dictionary word
 cpass_spellcmd=Neither the $1 or $2 commands needed to check for dictionary words is installed
 cpass_old=Old passwords cannot be re-used
+
+sql_title=User and Group Database
+sql_ecannot=You are not allowed to configure the user and group database
+sql_header=Options for database backend for users and groups
+sql_host=Hostname
+sql_user=Username
+sql_pass=Password
+sql_db=Database name
+sql_none=Use only local files to store users and groups
+sql_mysql=Use MySQL database
+sql_postgresql=Use PostgreSQL database
+sql_ldap=Use LDAP server
+sql_prefix=Create under DN
+sql_addto0=Add new users to database selected above
+sql_addto1=Add new users to local files

acl/negativeacl

@@ -0,0 +1,2 @@
+pass=0
+sql=0

acl/save_pass.cgi

@@ -2,6 +2,7 @@
 # Save password quality and change restrictions
 
 require './acl-lib.pl';
+$access{'pass'} || &error($text{'pass_ecannot'});
 &get_miniserv_config(\%miniserv);
 &ReadParse();
 &error_setup($text{'pass_err'});