mirror of
https://github.com/webmin/webmin.git
synced 2026-05-04 22:30:33 +01:00
More work on editing ACLs for users and groups in the DB
This commit is contained in:
Jamie Cameron
@@ -1124,16 +1124,13 @@ The parameters are :
|
||||
sub copy_acl_files
|
||||
{
|
||||
my ($from, $to, $mods) = @_;
|
||||
my ($dbh, $fromid, $toid);
|
||||
my ($proto, $user, $pass, $host, $prefix, $args);
|
||||
my ($dbh, $proto, $fromid, $toid);
|
||||
|
||||
# Check if the user is in a DB
|
||||
&get_miniserv_config(\%miniserv);
|
||||
if ($miniserv{'userdb'}) {
|
||||
$dbh = &connect_userdb($miniserv{'userdb'});
|
||||
my $userdb = &get_userdb_string();
|
||||
if ($userdb) {
|
||||
($dbh, $proto) = &connect_userdb($userdb);
|
||||
&error($dbh) if (!ref($dbh));
|
||||
($proto, $user, $pass, $host, $prefix, $args) =
|
||||
&split_userdb_string($miniserv{'userdb'});
|
||||
if ($proto eq "mysql" || $proto eq "postgresql") {
|
||||
# Search in SQL DB
|
||||
my $cmd = $dbh->prepare(
|
||||
@@ -1154,10 +1151,12 @@ if ($miniserv{'userdb'}) {
|
||||
if (defined($fromid) && defined($toid)) {
|
||||
# Copy from database to database
|
||||
if ($proto eq "mysql" || $proto eq "postgresql") {
|
||||
my $cmd = $dbh->prepare("insert into webmin_user_acl select ?,module,attr,value from webmin_user_acl where id = ?");
|
||||
$cmd && $cmd->execute($toid, $fromid) ||
|
||||
&error("Failed to copy ACLs : ".$dbh->errstr);
|
||||
$cmd->finish();
|
||||
my $cmd = $dbh->prepare("insert into webmin_user_acl select ?,module,attr,value from webmin_user_acl where id = ? and module = ?");
|
||||
foreach my $m (@$mods) {
|
||||
$cmd && $cmd->execute($toid, $fromid, $m) ||
|
||||
&error("Failed to copy ACLs : ".$dbh->errstr);
|
||||
$cmd->finish();
|
||||
}
|
||||
}
|
||||
elsif ($proto eq "ldap") {
|
||||
# XXX
|
||||
@@ -1175,10 +1174,15 @@ elsif (!defined($fromid) && !defined($toid)) {
|
||||
}
|
||||
else {
|
||||
# Source and dest use different storage types
|
||||
# XXX
|
||||
foreach my $m (@$mods) {
|
||||
my %caccess = &get_module_acl($from, $m, 1, 1);
|
||||
if (%caccess) {
|
||||
&save_module_acl(\%caccess, $to, $m, 1);
|
||||
}
|
||||
}
|
||||
}
|
||||
if ($dbh) {
|
||||
&disconnect_userdb($miniserv{'userdb'}, $dbh);
|
||||
&disconnect_userdb($userdb, $dbh);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1219,6 +1223,7 @@ are :
|
||||
=cut
|
||||
sub copy_group_user_acl_files
|
||||
{
|
||||
# XXX deal with user DB!
|
||||
local $m;
|
||||
foreach $m (@{$_[2]}) {
|
||||
&unlink_file("$config_directory/$m/$_[1].acl");
|
||||
@@ -1247,32 +1252,33 @@ detailed access control settings from the group down to users. Parameters are :
|
||||
=cut
|
||||
sub set_acl_files
|
||||
{
|
||||
local $m;
|
||||
foreach $m (@{$_[3]}) {
|
||||
my ($allusers, $allgroups, $mod, $members, $access) = @_;
|
||||
foreach my $m (@$members) {
|
||||
if ($m !~ /^\@(.*)$/) {
|
||||
# Member is a user
|
||||
local ($u) = grep { $_->{'name'} eq $m } @{$_[0]};
|
||||
local ($u) = grep { $_->{'name'} eq $m } @$allusers;
|
||||
if ($u) {
|
||||
local $aclfile =
|
||||
"$config_directory/$_[2]/$u->{'name'}.acl";
|
||||
"$config_directory/$mod/$u->{'name'}.acl";
|
||||
&lock_file($aclfile);
|
||||
&write_file($aclfile, $_[4]);
|
||||
chmod(0640, $aclfile);
|
||||
&save_module_acl($access, $u->{'name'}, $mod, 1);
|
||||
chmod(0640, $aclfile) if (-r $aclfile);
|
||||
&unlock_file($aclfile);
|
||||
}
|
||||
}
|
||||
else {
|
||||
# Member is a group
|
||||
local $gname = substr($m, 1);
|
||||
local ($g) = grep { $_->{'name'} eq $gname } @{$_[1]};
|
||||
local ($g) = grep { $_->{'name'} eq $gname } @$allgroups;
|
||||
if ($g) {
|
||||
local $aclfile =
|
||||
"$config_directory/$_[2]/$g->{'name'}.gacl";
|
||||
"$config_directory/$mod/$g->{'name'}.gacl";
|
||||
&lock_file($aclfile);
|
||||
&write_file($aclfile, $_[4]);
|
||||
chmod(0640, $aclfile);
|
||||
&save_group_module_acl($access, $g->{'name'}, $mod, 1);
|
||||
chmod(0640, $aclfile) if (-r $aclfile);
|
||||
&unlock_file($aclfile);
|
||||
&set_acl_files($_[0], $_[1], $_[2], $g->{'members'}, $_[4]);
|
||||
&set_acl_files($allusers, $allgroups, $mod,
|
||||
$g->{'members'}, $access);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -76,14 +76,14 @@ if ($in{'group'}) {
|
||||
# Storage type
|
||||
if ($in{'group'}) {
|
||||
print &ui_table_row($text{'edit_proto'},
|
||||
$text{'edit_proto'.$user{'proto'}});
|
||||
$text{'edit_proto_'.$group{'proto'}});
|
||||
}
|
||||
|
||||
print &ui_hidden_table_end("basic");
|
||||
|
||||
# Start of modules section
|
||||
print &ui_hidden_table_start(@groups ? $text{'edit_modsg'} : $text{'edit_mods'},
|
||||
"width=100%", 2, "mods", 1);
|
||||
"width=100%", 2, "mods");
|
||||
|
||||
# Show available modules, under categories
|
||||
@mlist = &list_module_infos();
|
||||
|
||||
@@ -148,7 +148,7 @@ print &ui_table_row($text{'edit_real'},
|
||||
# Storage type
|
||||
if ($in{'user'}) {
|
||||
print &ui_table_row($text{'edit_proto'},
|
||||
$text{'edit_proto'.$user{'proto'}});
|
||||
$text{'edit_proto_'.$user{'proto'}});
|
||||
}
|
||||
|
||||
print &ui_hidden_table_end("rights");
|
||||
@@ -309,7 +309,7 @@ map { $has{$_} = 0 } $group ? @{$group->{'modules'}} : ();
|
||||
|
||||
# Start of modules section
|
||||
print &ui_hidden_table_start(@groups ? $text{'edit_modsg'} : $text{'edit_mods'},
|
||||
"width=100%", 2, "mods", 1);
|
||||
"width=100%", 2, "mods");
|
||||
|
||||
# Show available modules, under categories
|
||||
@mlist = grep { $access{'others'} || $has{$_->{'dir'}} || $mcan{$_->{'dir'}} }
|
||||
|
||||
@@ -99,9 +99,10 @@ edit_security=Security and limits options
|
||||
edit_mods=Available Webmin modules
|
||||
edit_modsg=Available Webmin modules (in addition to those from group)
|
||||
edit_proto=Storage type
|
||||
edit_protomysql=MySQL database
|
||||
edit_protopostgresql=PostgreSQL database
|
||||
edit_protoldap=LDAP server
|
||||
edit_proto_mysql=MySQL database
|
||||
edit_proto_postgresql=PostgreSQL database
|
||||
edit_proto_ldap=LDAP server
|
||||
edit_proto_=Local files
|
||||
|
||||
save_err=Failed to save user
|
||||
save_ename='$1' is not a valid username
|
||||
|
||||
@@ -126,8 +126,8 @@ if ($in{'old'} && $in{'acl_security_form'}) {
|
||||
&foreign_call("", "acl_security_save", \%uaccess, \%in);
|
||||
$aclfile = "$config_directory/$in{'name'}.gacl";
|
||||
&lock_file($aclfile);
|
||||
&write_file($aclfile, \%uaccess);
|
||||
chmod(0640, $aclfile);
|
||||
&save_group_module_acl(\%uaccess, $in{'name'}, "", 1);
|
||||
chmod(0640, $aclfile) if (-r $aclfile);
|
||||
&unlock_file($aclfile);
|
||||
}
|
||||
|
||||
|
||||
@@ -348,8 +348,6 @@ else {
|
||||
$access{'users'} .= " ".$in{'name'};
|
||||
&save_module_acl(\%access);
|
||||
}
|
||||
#%aclacl = &get_module_acl();
|
||||
#&save_module_acl(\%aclacl, $in{'name'});
|
||||
}
|
||||
|
||||
if ($in{'old'} && $in{'acl_security_form'} && !$group) {
|
||||
@@ -358,8 +356,8 @@ if ($in{'old'} && $in{'acl_security_form'} && !$group) {
|
||||
&foreign_call("", "acl_security_save", \%uaccess, \%in);
|
||||
$aclfile = "$config_directory/$in{'name'}.acl";
|
||||
&lock_file($aclfile);
|
||||
&write_file($aclfile, \%uaccess);
|
||||
chmod(0640, $aclfile);
|
||||
&save_module_acl(\%uaccess, $in{'name'}, "", 1);
|
||||
chmod(0640, $aclfile) if (-r $aclfile);
|
||||
&unlock_file($aclfile);
|
||||
}
|
||||
|
||||
|
||||
@@ -3381,7 +3381,46 @@ my $m = defined($_[1]) ? $_[1] : &get_module_name();
|
||||
my $mdir = &module_root_directory($m);
|
||||
my %rv;
|
||||
&read_file_cached("$mdir/defaultacl", \%rv);
|
||||
&read_file_cached("$config_directory/$m/$g.gacl", \%rv);
|
||||
|
||||
my $userdb = &get_userdb_string();
|
||||
my $foundindb = 0;
|
||||
if ($userdb) {
|
||||
# Look for this group in the user/group DB
|
||||
my ($dbh, $proto) = &connect_userdb($userdb);
|
||||
ref($dbh) || &error(&text('egroupdbacl', $dbh));
|
||||
if ($proto eq "mysql" || $proto eq "postgresql") {
|
||||
# Find the group in the SQL DB
|
||||
my $cmd = $dbh->prepare(
|
||||
"select id from webmin_group where name = ?");
|
||||
$cmd && $cmd->execute($g) ||
|
||||
&error(&text('egroupdbacl', $dbh->errstr));
|
||||
my ($id) = $cmd->fetchrow();
|
||||
$foundindb = 1 if (defined($id));
|
||||
$cmd->finish();
|
||||
|
||||
# Fetch ACLs with SQL
|
||||
if ($foundindb) {
|
||||
my $cmd = $dbh->prepare(
|
||||
"select attr,value from webmin_group_acl ".
|
||||
"where id = ? and module = ?");
|
||||
$cmd && $cmd->execute($id, $m) ||
|
||||
&error(&text('egroupdbacl', $dbh->errstr));
|
||||
while(my ($a, $v) = $cmd->fetchrow()) {
|
||||
$rv{$a} = $v;
|
||||
}
|
||||
$cmd->finish();
|
||||
}
|
||||
}
|
||||
elsif ($proto eq "ldap") {
|
||||
# Fetch ACLs from LDAP
|
||||
# XXX
|
||||
}
|
||||
&disconnect_userdb($userdb, $dbh);
|
||||
}
|
||||
if (!$foundindb) {
|
||||
# Read from local files
|
||||
&read_file_cached("$config_directory/$m/$g.gacl", \%rv);
|
||||
}
|
||||
if (defined(&theme_get_module_acl)) {
|
||||
%rv = &theme_get_module_acl($g, $m, \%rv);
|
||||
}
|
||||
@@ -3525,7 +3564,7 @@ if ($userdb) {
|
||||
# Find the group in the SQL DB
|
||||
my $cmd = $dbh->prepare(
|
||||
"select id from webmin_group where name = ?");
|
||||
$cmd && $cmd->execute($u) ||
|
||||
$cmd && $cmd->execute($g) ||
|
||||
&error(&text('egroupdbacl2', $dbh->errstr));
|
||||
my ($id) = $cmd->fetchrow();
|
||||
$foundindb = 1 if (defined($id));
|
||||
@@ -3560,8 +3599,6 @@ if ($userdb) {
|
||||
&disconnect_userdb($userdb, $dbh);
|
||||
}
|
||||
|
||||
|
||||
|
||||
if (!$foundindb) {
|
||||
# Save ACL to local file
|
||||
if (!-d "$config_directory/$m") {
|
||||
|
||||
Reference in New Issue
Block a user