From 8401372451d3c0d1908c09253122d0caa5e9e9f6 Mon Sep 17 00:00:00 2001 From: Jamie Cameron Date: Mon, 6 Sep 2010 15:13:21 -0700 Subject: [PATCH] Start of work on remote user / group database --- acl/acl-lib.pl | 27 +++++++++++++++++++++++++++ acl/acl_security.pl | 14 ++++++++++++++ acl/defaultacl | 2 ++ acl/edit_pass.cgi | 1 + acl/images/sql.gif | Bin 0 -> 1378 bytes acl/index.cgi | 15 +++++++++++---- acl/lang/en | 26 ++++++++++++++++++++++---- acl/negativeacl | 2 ++ acl/save_pass.cgi | 1 + 9 files changed, 80 insertions(+), 8 deletions(-) create mode 100644 acl/images/sql.gif create mode 100644 acl/negativeacl diff --git a/acl/acl-lib.pl b/acl/acl-lib.pl index dcd51f132..a76a3e31b 100755 --- a/acl/acl-lib.pl +++ b/acl/acl-lib.pl @@ -1168,5 +1168,32 @@ $miniserv{'anonymous'} = join(" ", @anon); &reload_miniserv(); } +# split_userdb_string(string) +# Converts a string like mysql://user:pass@host/db into separate parts +sub split_userdb_string +{ +my ($str) = @_; +if ($str =~ /^([a-z]+):\/\/([^:]+):([^\@]+)\@([a-z0-9\.\-\_]+)\/([^\?]+)(\?(.*))?$/) { + my ($proto, $user, $pass, $host, $prefix, $argstr) = + ($1, $2, $3, $3, $5, $7); + my %args = map { split(/=/, $_, 2) } split(/\&/, $argstr); + return ($proto, $user, $pass, $host, $prefix, \%args); + } +return ( ); +} + +# join_userdb_string(proto, user, pass, host, prefix, &args) +# Creates a string in the format accepted by split_userdb_string +sub join_userdb_string +{ +my ($proto, $user, $pass, $host, $prefix, $args) = @_; +return "" if (!$proto); +my $argstr; +if (keys %$args) { + $argstr = "?".map { $_."=".$args->{$_} } (keys %$args); + } +return $proto."://".$user.":".$pass."\@".$host."/".$prefix.$argstr; +} + 1; diff --git a/acl/acl_security.pl b/acl/acl_security.pl index af6f6fe37..6d8f785b8 100755 --- a/acl/acl_security.pl +++ b/acl/acl_security.pl @@ -149,6 +149,18 @@ printf " $text{'yes'}\n", printf " $text{'no'}\n", $o->{'times'} ? '' : 'checked'; +print "$text{'acl_pass'} \n"; +printf " $text{'yes'}\n", + $o->{'pass'} ? 'checked' : ''; +printf " $text{'no'} \n", + $o->{'pass'} ? '' : 'checked'; + +print " $text{'acl_sqls'} \n"; +printf " $text{'yes'}\n", + $o->{'sqls'} ? 'checked' : ''; +printf " $text{'no'}\n", + $o->{'sqls'} ? '' : 'checked'; + print "\n"; print "
\n"; @@ -211,5 +223,7 @@ $_[0]->{'cats'} = $in{'cats'}; $_[0]->{'theme'} = $in{'theme'}; $_[0]->{'ips'} = $in{'ips'}; $_[0]->{'times'} = $in{'times'}; +$_[0]->{'pass'} = $in{'pass'}; +$_[0]->{'sql'} = $in{'sql'}; } diff --git a/acl/defaultacl b/acl/defaultacl index f1d6a44e5..022c14a20 100644 --- a/acl/defaultacl +++ b/acl/defaultacl @@ -23,3 +23,5 @@ logouttime=1 times=1 minsize=1 nochange=1 +pass=1 +sql=1 diff --git a/acl/edit_pass.cgi b/acl/edit_pass.cgi index af0f04526..179a1bf4b 100755 --- a/acl/edit_pass.cgi +++ b/acl/edit_pass.cgi @@ -2,6 +2,7 @@ # Show password quality and change restrictions require './acl-lib.pl'; +$access{'pass'} || &error($text{'pass_ecannot'}); &ui_print_header(undef, $text{'pass_title'}, ""); &get_miniserv_config(\%miniserv); diff --git a/acl/images/sql.gif b/acl/images/sql.gif new file mode 100644 index 0000000000000000000000000000000000000000..7de1ebb27cc14364d30d950200c7a9042cd6be17 GIT binary patch literal 1378 zcmV-o1)cgwNk%w1VK4wN0OtSz|NsB&^Y-5B@BaS&`1|`zlB!pkuSJfh&Ee z|N8v>R+z8r^Y+i;=u(!gN|C8im94(l;L_viVV|`9{{Hg!`SbYs*5>SQsJr#~`h&E@ z%HQVT?C^)S#+Sg(Ns+1U^!L)_>U*!i`TP8##?nuetNHx={Qdr2oU-oq_js+pgtW!S z-Q;knyY%?_HH4qx?eWp$>4mk$lfKM=vcsIi(8Sy0?DY0Bf}V}J$=BxW!rJ1++~j_+ z!jHSkr^?l`(ArU!t?2ReFMyoO-{$G@^jn;t1tG@U8`{M2K^Z5Gj_V}N~(RHi6GlQP{{Qb<}=M!*`y4BtfZH?sa@(OB;`Rvi^ zx>e+8g9`RmQw>F!34r>M%-0Az*)W{7O1xqPp|Zl}5pY>e;q_Z4xF@b>rZ#&Y19 z1n9Iz>A6zu!D#p8z~P+`Cw!POf}I9viQ4GxXrs6P{{8vw((~G*^3|F0)tBe6KH!=M zj=ISMW{04~(p;Re3~P+?)Rgz;!r`0^^Vp#D+NAN(j`{1);hqucw@>f&_y}o=ki5zR zW{6*&vnYI-@b&iZ%6;s@Y2&3L;hqxv^4{ydVClF}?#OuJpA_Pt7UH29{rK%Cp?u1C3=|l`TO?bxs18VH-(^H zowLs2=>Px!A^8LW00000EC2ui05AYB000R7009UbNU)&6g9sBUT*$DY!-o(fN}Ncs zqQ#3CGiuz(v7^V2AUy^UFd*bY0tE~lK#)Lz$%6|RG;r_$LIepeUlN=^p@M}A7#L*G zpp)PR4jnuIsPF+qh@t{Ti~vAFpn?)6PC!MGLPfz9ET95t;iBLR7%`yAm|>7c4X8G5 z7{rm|LQx$%c=Raf<3~{-L4+_UID|+MokorzNus3S5++BQymayeN)#yur%(t|l*)|? z1gluNf(1j-EGP(S*}??}02f`bcp13Bz?TCS5`qaMW{mGKWXhO1;~PyHHEY$}`YJBh4k#P*aU5)?9;4HrkjGXrO9r!%a6I2;|K-;D8oR5<^rV z&J5#}N{*l9n4_vW=b!^XIzj5J!%jQwnBvYm@Wdm}s^-i?4=@ZBQO~gT*mDm)`80$_ kFzo1K(LOLl3j;s>_#@V}*k-Hkw%m5>?YH2DYf(S|J6Y2ejQ{`u literal 0 HcmV?d00001 diff --git a/acl/index.cgi b/acl/index.cgi index 00237e385..59abd035f 100755 --- a/acl/index.cgi +++ b/acl/index.cgi @@ -186,13 +186,20 @@ if ($access{'rbacenable'}) { push(@links, "edit_rbac.cgi"); push(@titles, $text{'index_rbac'}); } -push(@icons, "images/pass.gif"); -push(@links, "edit_pass.cgi"); -push(@titles, $text{'pass_title'}); +if ($access{'pass'}) { + push(@icons, "images/pass.gif"); + push(@links, "edit_pass.cgi"); + push(@titles, $text{'pass_title'}); + } +if ($access{'sql'}) { + push(@icons, "images/sql.gif"); + push(@links, "edit_sql.cgi"); + push(@titles, $text{'sql_title'}); + } if (@icons) { print &ui_hr(); - &icons_table(\@links, \@titles, \@icons, scalar(@links)); + &icons_table(\@links, \@titles, \@icons); } &ui_print_footer("/", $text{'index'}); diff --git a/acl/lang/en b/acl/lang/en index a1eeb2567..956c1d5ef 100644 --- a/acl/lang/en +++ b/acl/lang/en @@ -3,7 +3,7 @@ index_user=User index_modules=Modules index_create=Create a new Webmin user. index_rcreate=Create a new risk-level user. -index_convert=Convert Unix to Webmin users +index_convert=Convert Unix to Webmin Users index_cert=Request an SSL certificate index_certmsg=Click this button to request an SSL certificate that will allow you to securely login to Webmin without having to enter a username and password. index_return=user list @@ -18,9 +18,9 @@ index_nogroups=No Webmin groups defined. index_gcreate=Create a new Webmin group. index_members=Members index_modgroups=Modules from group $1 -index_sync=Configure Unix user synchronization -index_unix=Configure Unix user authentication -index_sessions=View login sessions +index_sync=Configure Unix user Synchronization +index_unix=Configure Unix user Authentication +index_sessions=View Login Sessions index_rbac=Setup RBAC index_delete=Delete Selected @@ -197,6 +197,8 @@ acl_theme=Can change personal theme? acl_ips=Can change IP access control? acl_switch=Can switch to other users? acl_times=Can change allowed login times? +acl_pass=Can change password restrictions? +acl_sql=Can configure user and group database? log_modify=Modified Webmin user $1 log_rename=Renamed Webmin user $1 to $2 @@ -344,6 +346,7 @@ gdeletes_users=Selected groups: $1 gdeletes_ok=Delete Groups pass_title=Password Restrictions +pass_ecannot=You are not allowed to edit password restrictions pass_header=Webmin password enforcement options pass_minsize=Minimum password length pass_nominsize=No minimum @@ -372,3 +375,18 @@ cpass_name=Contains the username cpass_dict=Is a dictionary word cpass_spellcmd=Neither the $1 or $2 commands needed to check for dictionary words is installed cpass_old=Old passwords cannot be re-used + +sql_title=User and Group Database +sql_ecannot=You are not allowed to configure the user and group database +sql_header=Options for database backend for users and groups +sql_host=Hostname +sql_user=Username +sql_pass=Password +sql_db=Database name +sql_none=Use only local files to store users and groups +sql_mysql=Use MySQL database +sql_postgresql=Use PostgreSQL database +sql_ldap=Use LDAP server +sql_prefix=Create under DN +sql_addto0=Add new users to database selected above +sql_addto1=Add new users to local files diff --git a/acl/negativeacl b/acl/negativeacl new file mode 100644 index 000000000..3969481c1 --- /dev/null +++ b/acl/negativeacl @@ -0,0 +1,2 @@ +pass=0 +sql=0 diff --git a/acl/save_pass.cgi b/acl/save_pass.cgi index 6fac13c4a..c383385b2 100755 --- a/acl/save_pass.cgi +++ b/acl/save_pass.cgi @@ -2,6 +2,7 @@ # Save password quality and change restrictions require './acl-lib.pl'; +$access{'pass'} || &error($text{'pass_ecannot'}); &get_miniserv_config(\%miniserv); &ReadParse(); &error_setup($text{'pass_err'});