From c1c9daa2121dfaca9901b3d9609d0910c2b70b98 Mon Sep 17 00:00:00 2001 From: Jamie Cameron Date: Sun, 8 Dec 2019 02:54:14 -0800 Subject: [PATCH] Fix perl warnings and add option to exit safe mode --- acl/edit_user.cgi | 17 ++++++++++++++--- acl/index.cgi | 2 +- acl/lang/en | 4 ++++ acl/save_user.cgi | 13 +++++++++++-- 4 files changed, 30 insertions(+), 6 deletions(-) diff --git a/acl/edit_user.cgi b/acl/edit_user.cgi index 7627246c9..13bb26f1b 100755 --- a/acl/edit_user.cgi +++ b/acl/edit_user.cgi @@ -9,7 +9,7 @@ our (%in, %text, %config, %access, $config_directory, $base_remote_user); &foreign_require("webmin", "webmin-lib.pl"); &ReadParse(); -my ($u, %user); +my ($u, %user, $safe); if ($in{'user'}) { # Editing an existing user &can_edit_user($in{'user'}) || &error($text{'edit_euser'}); @@ -163,6 +163,17 @@ if ($in{'user'}) { $text{'edit_proto_'.($user{'proto'} || '')}); } +# Safe or not? +my $smsg; +if ($in{'user'} && $safe) { + $smsg = &ui_radio("unsafe", 0, [ [ 0, $text{'edit_safe1'} ], + [ 1, $text{'edit_safe0'} ] ]); + } +else { + $smsg = $safe ? $text{'edit_safe1'} : $text{'edit_safe0'}; + } +print &ui_table_row($text{'edit_safe'}, $smsg); + print &ui_hidden_table_end("rights"); # Start of UI options section @@ -341,7 +352,7 @@ print &ui_hidden_table_start(@groups ? $text{'edit_modsg'} : $text{'edit_mods'}, "width=100%", 2, "mods"); # Build list of modules, based on safe mode -@allmods = &list_module_infos(); +my @allmods = &list_module_infos(); if ($safe) { @allmods = grep { $has{$_->{'dir'}} || &get_safe_acl($_->{'dir'}) } @allmods; @@ -402,7 +413,7 @@ print &ui_hidden_table_end("mods"); # Add global ACL section, but only if not set from the group my $groupglobal = $memg && -r "$config_directory/$memg->{'name'}.acl"; -if ($access{'acl'} && !$groupglobal && $in{'user'}) { +if ($access{'acl'} && !$groupglobal && $in{'user'} && !$safe) { print &ui_hidden_table_start($text{'edit_global'}, "width=100%", 2, "global", 0, [ "width=30%" ]); my %uaccess; diff --git a/acl/index.cgi b/acl/index.cgi index 8af8fec19..7f7ef2d1e 100755 --- a/acl/index.cgi +++ b/acl/index.cgi @@ -82,7 +82,7 @@ else { push(@rowlinks, &select_all_link("d", $form), &select_invert_link("d", $form)); push(@rowlinks, ui_link("edit_user.cgi", $text{'index_create'}), - ui_link("edit_user.cgi?safe=1", $text{'index_screate'}); + ui_link("edit_user.cgi?safe=1", $text{'index_screate'})) if ($access{'create'}); print &ui_links_row(\@rowlinks); diff --git a/acl/lang/en b/acl/lang/en index 472e5c683..4126d2c32 100644 --- a/acl/lang/en +++ b/acl/lang/en @@ -112,6 +112,10 @@ edit_proto_mysql=MySQL database edit_proto_postgresql=PostgreSQL database edit_proto_ldap=LDAP server edit_proto_=Local files +edit_safe=Privilege level +edit_safe0=Unrestricted +edit_safe1=Safe modules only +edit_unsafe=Reset to unrestricted save_err=Failed to save user save_ename='$1' is not a valid username diff --git a/acl/save_user.cgi b/acl/save_user.cgi index f39ee499c..3ee71765d 100755 --- a/acl/save_user.cgi +++ b/acl/save_user.cgi @@ -359,18 +359,27 @@ else { } } -if ($in{'old'} && $in{'acl_security_form'} && !$newgroup) { +my $aclfile = "$config_directory/$in{'name'}.acl"; +if ($in{'old'} && $in{'acl_security_form'} && !$newgroup && !$in{'safe'}) { # Update user's global ACL &foreign_require("", "acl_security.pl"); my %uaccess; &foreign_call("", "acl_security_save", \%uaccess, \%in); - my $aclfile = "$config_directory/$in{'name'}.acl"; &lock_file($aclfile); &save_module_acl(\%uaccess, $in{'name'}, "", 1); &set_ownership_permissions(undef, undef, 0640, $aclfile); &unlock_file($aclfile); } +# Clear safe setting +if ($in{'unsafe'}) { + &lock_file($aclfile); + my %uaccess = &get_module_acl($in{'name'}, "", 1, 1); + delete($uaccess{'_safe'}); + &save_module_acl(\%uaccess, $in{'name'}, "", 1); + &unlock_file($aclfile); + } + # If the user is in safe mode, set ACLs on all new modules if ($in{'safe'}) { foreach my $m ("", @mods) {