Delete all RBAC-related code from the Webmin Users module, since this is a niche unsupported feature

acl/acl-lib.pl

@@ -92,7 +92,6 @@ while(my $l = <$fh>) {
 		$user{'locale'} = $gconfig{"locale_$user[0]"};
 		$user{'dateformat'} = $gconfig{"dateformat_$user[0]"};
 		$user{'notabs'} = $gconfig{"notabs_$user[0]"};
-		$user{'rbacdeny'} = $gconfig{"rbacdeny_$user[0]"};
 		if ($gconfig{"theme_$user[0]"}) {
 			($user{'theme'}, $user{'overlay'}) =
 				split(/\s+/, $gconfig{"theme_$user[0]"});
@@ -501,8 +500,6 @@ else {
 	$gconfig{"lang_".$user->{'name'}} = $user->{'lang'} if ($user->{'lang'});
 	delete($gconfig{"notabs_".$user->{'name'}});
 	$gconfig{"notabs_".$user->{'name'}} = $user->{'notabs'} if ($user->{'notabs'});
-	delete($gconfig{"rbacdeny_".$user->{'name'}});
-	$gconfig{"rbacdeny_".$user->{'name'}} = $user->{'rbacdeny'} if ($user->{'rbacdeny'});
 	delete($gconfig{"ownmods_".$user->{'name'}});
 	$gconfig{"ownmods_".$user->{'name'}} = join(" ", @{$user->{'ownmods'}})
 		if ($user->{'ownmods'} && @{$user->{'ownmods'}});
@@ -722,9 +719,6 @@ else {
 	delete($gconfig{"notabs_".$username});
 	$gconfig{"notabs_".$user->{'name'}} = $user->{'notabs'}
 		if ($user->{'notabs'});
-	delete($gconfig{"rbacdeny_".$username});
-	$gconfig{"rbacdeny_".$user->{'name'}} = $user->{'rbacdeny'}
-		if ($user->{'rbacdeny'});
 	delete($gconfig{"ownmods_".$username});
 	$gconfig{"ownmods_".$user->{'name'}} = join(" ", @{$user->{'ownmods'}})
 		if ($user->{'ownmods'} && @{$user->{'ownmods'}});

acl/defaultacl

@@ -19,7 +19,6 @@ sessions=1
 cats=1
 ips=1
 switch=1
-rbacenable=1
 logouttime=1
 times=1
 minsize=1

acl/edit_acl.cgi

@@ -48,15 +48,6 @@ else {
 	}
 print &ui_table_start(&text('acl_options', $minfo{'desc'}), "width=100%", 4);
 
-if ($in{'mod'} && $in{'user'} && &supports_rbac($in{'mod'}) &&
-    !$gconfig{'rbacdeny_'.$who}) {
-	# Show RBAC option
-	print &ui_table_row($text{'acl_rbac'},
-		&ui_radio("rbac", $maccess{'rbac'} ? 1 : 0,
-			[ [ 1, $text{'acl_rbacyes'} ],
-			  [ 0, $text{'no'} ] ]), 3);
-	}
-
 # Load custom ACL library
 my $mdir = &module_root_directory($in{'mod'});
 if (-r "$mdir/acl_security.pl") {

acl/edit_rbac.cgi

@@ -1,32 +0,0 @@
-#!/usr/local/bin/perl
-# Show RBAC status
-
-use strict;
-use warnings;
-no warnings 'redefine';
-no warnings 'uninitialized';
-require './acl-lib.pl';
-our (%in, %text, %gconfig, %access, $module_name, $module_root_directory);
-$access{'rbacenable'} || &error($text{'rbac_ecannot'});
-&ui_print_header(undef, $text{'rbac_title'}, "");
-
-print "$text{'rbac_desc'}<p>\n";
-if ($gconfig{'os_type'} ne 'solaris') {
-	print &text('rbac_esolaris', $gconfig{'real_os_type'}),"<p>\n";
-	}
-elsif (!&supports_rbac()) {
-	if (&foreign_available("cpan")) {
-		print &text('rbac_eperl', "<tt>Authen::SolarisRBAC</tt>",
-			    "../cpan/download.cgi?source=0&local=$module_root_directory/Authen-SolarisRBAC-0.1.tar.gz&mode=2&return=/$module_name/&returndesc=".&urlize($text{'index_return'})),"<p>\n";
-		}
-	else {
-		print &text('rbac_ecpan', "<tt>Authen::SolarisRBAC</tt>"),
-		      "<p>\n";
-		}
-	}
-else {
-	print "$text{'rbac_ok'}<p>\n";
-	}
-
-&ui_print_footer("", $text{'index_return'});
-

acl/edit_user.cgi

@@ -280,7 +280,7 @@ if ($showui) {
 # Start of security options section
 my $showsecurity = $access{'logouttime'} || $access{'ips'} ||
 		   $access{'minsize'} ||
-		   &supports_rbac() && $access{'mode'} == 0 || $access{'times'};
+		   $access{'times'};
 if ($showsecurity) {
 	print &ui_hidden_table_start($text{'edit_security'}, "width=100%", 2,
 				     "security", 0, [ "width=30%" ]);
@@ -321,14 +321,6 @@ if ($access{'ips'}) {
 		    4, 30));
 	}
 
-if (&supports_rbac() && $access{'mode'} == 0) {
-	# Deny access to modules not managed by RBAC?
-	print &ui_table_row($text{'edit_rbacdeny'},
-		&ui_radio("rbacdeny", $user{'rbacdeny'} ? 1 : 0,
-			  [ [ 0, $text{'edit_rbacdeny0'} ],
-			    [ 1, $text{'edit_rbacdeny1'} ] ]));
-	}
-
 if ($access{'times'}) {
 	# Show allowed days of the week
 	my %days = map { $_, 1 } split(/,/, $user{'days'} || '');

acl/index.cgi

@@ -206,11 +206,6 @@ if (uc($ENV{'HTTPS'}) eq "ON" && $miniserv{'ca'}) {
 push(@icons, "images/twofactor.gif");
 push(@links, "twofactor_form.cgi");
 push(@titles, $text{'index_twofactor'});
-if ($access{'rbacenable'} && $gconfig{'os_type'} eq 'solaris') {
-	push(@icons, "images/rbac.gif");
-	push(@links, "edit_rbac.cgi");
-	push(@titles, $text{'index_rbac'});
-	}
 if ($access{'pass'}) {
 	push(@icons, "images/pass.gif");
 	push(@links, "edit_pass.cgi");

acl/lang/en

@@ -23,7 +23,6 @@ index_modgroups=Modules from group $1
 index_sync=Configure Unix User Synchronization
 index_unix=Configure Unix User Authentication
 index_sessions=View Login Sessions
-index_rbac=Setup RBAC
 index_delete=Delete Selected
 index_joingroup=Add To Group:
 index_eulist=Failed to list users : $1
@@ -95,9 +94,6 @@ edit_switch=Switch to User
 edit_forgot=Send Password Reset Link
 edit_return=Webmin user
 edit_return2=Webmin group
-edit_rbacdeny=RBAC access mode
-edit_rbacdeny0=RBAC only controls selected module ACLs
-edit_rbacdeny1=RBAC controls all modules and ACLs
 edit_global=Permissions for all modules
 edit_templock=Temporarily locked
 edit_temppass=Force change at next login
@@ -185,8 +181,6 @@ acl_title3=For group $1 in $2
 acl_options=$1 access control options
 acl_config=Can edit module configuration?
 acl_reset=Reset To Full Access
-acl_rbac=Get access control settings from RBAC?
-acl_rbacyes=Yes (overrides settings below)
 
 acl_uall=All users
 acl_uthis=This user
@@ -382,13 +376,6 @@ hide_clone=(Clone $1)
 switch_euser=You are not allowed to switch to this user
 switch_eold=Existing session not found!
 
-rbac_title=Setup RBAC
-rbac_desc=Webmin's RBAC integration provides a way for user module and ACL permissions to be determined from an RBAC (Role Based Access Control) database, rather than Webmin's own configuration files. Once RBAC support is enabled, any user for whom the <b>RBAC controls all modules and ACLs</b> option is selected will have his capabilities determined by RBAC rather than Webmin's own access control settings.
-rbac_esolaris=RBAC is only supported on Solaris at the moment, and so cannot be used on this $1 system.
-rbac_eperl=The Perl module $1 needed for RBAC integration is not installed. <a href='$2'>Click here</a> to have it installed now.
-rbac_ecpan=You do not have access to Webmin's Perl Modules page in order to install the necessary $1 module for RBAC integration.
-rbac_ok=RBAC integration is available on this system, and can be enabled on a per-user basis on the Edit Webmin User page.
-
 udeletes_err=Failed to delete users
 udeletes_jerr=Failed to add users to group
 udeletes_enone=None selected

acl/save_acl.cgi

@@ -54,13 +54,8 @@ else {
 	if (defined($in{'noconfig'})) {
 		$maccess{'noconfig'} = $in{'noconfig'};
 		}
-	if ($in{'rbac'}) {
-		# RBAC overrides everything
-		$maccess{'rbac'} = 1;
-		}
-	elsif (-r "../$in{'_acl_mod'}/acl_security.pl") {
+	if (-r "../$in{'_acl_mod'}/acl_security.pl") {
 		# Use user inputs
-		$maccess{'rbac'} = 0 if (defined($in{'rbac'}));
 		&foreign_require($in{'_acl_mod'}, "acl_security.pl");
 		&foreign_call($in{'_acl_mod'}, "acl_security_save",
 			      \%maccess, \%in);

acl/save_user.cgi

@@ -105,11 +105,6 @@ foreach my $u (@ulist) {
 # Find the current group
 my $oldgroup = $in{'old'} ? &get_users_group($in{'old'}) : undef;
 
-if (&supports_rbac()) {
-	# Save RBAC mode
-	$user{'rbacdeny'} = $in{'rbacdeny'};
-	}
-
 my $newgroup;
 if (defined($in{'group'})) {
 	# Check if group is allowed