From ccbe7369dd938be9bde0be6d95456875427b17d0 Mon Sep 17 00:00:00 2001 From: Jamie Cameron Date: Sat, 16 May 2026 12:02:58 -0700 Subject: [PATCH] Delete all RBAC-related code from the Webmin Users module, since this is a niche unsupported feature --- acl/acl-lib.pl | 6 ------ acl/defaultacl | 1 - acl/edit_acl.cgi | 9 --------- acl/edit_rbac.cgi | 32 -------------------------------- acl/edit_user.cgi | 10 +--------- acl/images/rbac.gif | Bin 579 -> 0 bytes acl/index.cgi | 5 ----- acl/lang/en | 13 ------------- acl/save_acl.cgi | 7 +------ acl/save_user.cgi | 5 ----- 10 files changed, 2 insertions(+), 86 deletions(-) delete mode 100755 acl/edit_rbac.cgi delete mode 100644 acl/images/rbac.gif diff --git a/acl/acl-lib.pl b/acl/acl-lib.pl index 07a1b4614..765286004 100755 --- a/acl/acl-lib.pl +++ b/acl/acl-lib.pl @@ -92,7 +92,6 @@ while(my $l = <$fh>) { $user{'locale'} = $gconfig{"locale_$user[0]"}; $user{'dateformat'} = $gconfig{"dateformat_$user[0]"}; $user{'notabs'} = $gconfig{"notabs_$user[0]"}; - $user{'rbacdeny'} = $gconfig{"rbacdeny_$user[0]"}; if ($gconfig{"theme_$user[0]"}) { ($user{'theme'}, $user{'overlay'}) = split(/\s+/, $gconfig{"theme_$user[0]"}); @@ -501,8 +500,6 @@ else { $gconfig{"lang_".$user->{'name'}} = $user->{'lang'} if ($user->{'lang'}); delete($gconfig{"notabs_".$user->{'name'}}); $gconfig{"notabs_".$user->{'name'}} = $user->{'notabs'} if ($user->{'notabs'}); - delete($gconfig{"rbacdeny_".$user->{'name'}}); - $gconfig{"rbacdeny_".$user->{'name'}} = $user->{'rbacdeny'} if ($user->{'rbacdeny'}); delete($gconfig{"ownmods_".$user->{'name'}}); $gconfig{"ownmods_".$user->{'name'}} = join(" ", @{$user->{'ownmods'}}) if ($user->{'ownmods'} && @{$user->{'ownmods'}}); @@ -722,9 +719,6 @@ else { delete($gconfig{"notabs_".$username}); $gconfig{"notabs_".$user->{'name'}} = $user->{'notabs'} if ($user->{'notabs'}); - delete($gconfig{"rbacdeny_".$username}); - $gconfig{"rbacdeny_".$user->{'name'}} = $user->{'rbacdeny'} - if ($user->{'rbacdeny'}); delete($gconfig{"ownmods_".$username}); $gconfig{"ownmods_".$user->{'name'}} = join(" ", @{$user->{'ownmods'}}) if ($user->{'ownmods'} && @{$user->{'ownmods'}}); diff --git a/acl/defaultacl b/acl/defaultacl index fad9e29b5..1198e9206 100644 --- a/acl/defaultacl +++ b/acl/defaultacl @@ -19,7 +19,6 @@ sessions=1 cats=1 ips=1 switch=1 -rbacenable=1 logouttime=1 times=1 minsize=1 diff --git a/acl/edit_acl.cgi b/acl/edit_acl.cgi index b36930482..b84ab981e 100755 --- a/acl/edit_acl.cgi +++ b/acl/edit_acl.cgi @@ -48,15 +48,6 @@ else { } print &ui_table_start(&text('acl_options', $minfo{'desc'}), "width=100%", 4); -if ($in{'mod'} && $in{'user'} && &supports_rbac($in{'mod'}) && - !$gconfig{'rbacdeny_'.$who}) { - # Show RBAC option - print &ui_table_row($text{'acl_rbac'}, - &ui_radio("rbac", $maccess{'rbac'} ? 1 : 0, - [ [ 1, $text{'acl_rbacyes'} ], - [ 0, $text{'no'} ] ]), 3); - } - # Load custom ACL library my $mdir = &module_root_directory($in{'mod'}); if (-r "$mdir/acl_security.pl") { diff --git a/acl/edit_rbac.cgi b/acl/edit_rbac.cgi deleted file mode 100755 index ad35224ae..000000000 --- a/acl/edit_rbac.cgi +++ /dev/null @@ -1,32 +0,0 @@ -#!/usr/local/bin/perl -# Show RBAC status - -use strict; -use warnings; -no warnings 'redefine'; -no warnings 'uninitialized'; -require './acl-lib.pl'; -our (%in, %text, %gconfig, %access, $module_name, $module_root_directory); -$access{'rbacenable'} || &error($text{'rbac_ecannot'}); -&ui_print_header(undef, $text{'rbac_title'}, ""); - -print "$text{'rbac_desc'}

\n"; -if ($gconfig{'os_type'} ne 'solaris') { - print &text('rbac_esolaris', $gconfig{'real_os_type'}),"

\n"; - } -elsif (!&supports_rbac()) { - if (&foreign_available("cpan")) { - print &text('rbac_eperl', "Authen::SolarisRBAC", - "../cpan/download.cgi?source=0&local=$module_root_directory/Authen-SolarisRBAC-0.1.tar.gz&mode=2&return=/$module_name/&returndesc=".&urlize($text{'index_return'})),"

\n"; - } - else { - print &text('rbac_ecpan', "Authen::SolarisRBAC"), - "

\n"; - } - } -else { - print "$text{'rbac_ok'}

\n"; - } - -&ui_print_footer("", $text{'index_return'}); - diff --git a/acl/edit_user.cgi b/acl/edit_user.cgi index a59f89ea1..7f840f8a5 100755 --- a/acl/edit_user.cgi +++ b/acl/edit_user.cgi @@ -280,7 +280,7 @@ if ($showui) { # Start of security options section my $showsecurity = $access{'logouttime'} || $access{'ips'} || $access{'minsize'} || - &supports_rbac() && $access{'mode'} == 0 || $access{'times'}; + $access{'times'}; if ($showsecurity) { print &ui_hidden_table_start($text{'edit_security'}, "width=100%", 2, "security", 0, [ "width=30%" ]); @@ -321,14 +321,6 @@ if ($access{'ips'}) { 4, 30)); } -if (&supports_rbac() && $access{'mode'} == 0) { - # Deny access to modules not managed by RBAC? - print &ui_table_row($text{'edit_rbacdeny'}, - &ui_radio("rbacdeny", $user{'rbacdeny'} ? 1 : 0, - [ [ 0, $text{'edit_rbacdeny0'} ], - [ 1, $text{'edit_rbacdeny1'} ] ])); - } - if ($access{'times'}) { # Show allowed days of the week my %days = map { $_, 1 } split(/,/, $user{'days'} || ''); diff --git a/acl/images/rbac.gif b/acl/images/rbac.gif deleted file mode 100644 index 30f81eda9d8cb43e8eb26eaee5d09cec779e8a5c..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 579 zcmV-J0=)f4Nk%w1VK4wN0OJ4v|Ns900012w9aU9T$H&L2s;Z8Tj^pFwa&mGxIXVCT z|NsC0|NsC0|NsC0|NsC0A^sIZa%Ew3Wn>_CX>@2HRA^-&M@dak03rDV0RR9104x9i z001xmFaQ7q{t!qIs=ZYVGJC<`V07dJp4Cu(=p`IwXAN{+U#gecwP3w5i6tl*SU3|_ zZe>9bheSZ4;!LK9hRm}P1!MzDfHDe=m4jm|n9L2HV`)jebf_e@fi9v_(5-_;0V8g0 zXj*<@69j>YBo+mbk&%Hwel1j8mlp^yBrKW2&}!MdUlqYmE&Cm9;wm9DN3X+Vjzh+K#v|mI6odroCqM$Er|yV3}97i zz%z>27~p}sO?1R&ik5$sgbe-xvzx*2O7Pkd=(JWUkNSJ${5 zf(=c26B%9!OzEk^_LpCatzxVeE<&opO=Tq(i5S%oQY?{JyL^ep0x=0*c`-#bTB0qH zq@tb%z?JMG3BFM-do49~wr89_t3s7fv=nOq2Q2=U@)g~Y4yxrLm~>$sZ^$HM6Xl4) RId6qK4+3rZqhN^$06Szr_aFcO diff --git a/acl/index.cgi b/acl/index.cgi index a517cf090..917e33025 100755 --- a/acl/index.cgi +++ b/acl/index.cgi @@ -206,11 +206,6 @@ if (uc($ENV{'HTTPS'}) eq "ON" && $miniserv{'ca'}) { push(@icons, "images/twofactor.gif"); push(@links, "twofactor_form.cgi"); push(@titles, $text{'index_twofactor'}); -if ($access{'rbacenable'} && $gconfig{'os_type'} eq 'solaris') { - push(@icons, "images/rbac.gif"); - push(@links, "edit_rbac.cgi"); - push(@titles, $text{'index_rbac'}); - } if ($access{'pass'}) { push(@icons, "images/pass.gif"); push(@links, "edit_pass.cgi"); diff --git a/acl/lang/en b/acl/lang/en index e4a017fdf..738406dba 100644 --- a/acl/lang/en +++ b/acl/lang/en @@ -23,7 +23,6 @@ index_modgroups=Modules from group $1 index_sync=Configure Unix User Synchronization index_unix=Configure Unix User Authentication index_sessions=View Login Sessions -index_rbac=Setup RBAC index_delete=Delete Selected index_joingroup=Add To Group: index_eulist=Failed to list users : $1 @@ -95,9 +94,6 @@ edit_switch=Switch to User edit_forgot=Send Password Reset Link edit_return=Webmin user edit_return2=Webmin group -edit_rbacdeny=RBAC access mode -edit_rbacdeny0=RBAC only controls selected module ACLs -edit_rbacdeny1=RBAC controls all modules and ACLs edit_global=Permissions for all modules edit_templock=Temporarily locked edit_temppass=Force change at next login @@ -185,8 +181,6 @@ acl_title3=For group $1 in $2 acl_options=$1 access control options acl_config=Can edit module configuration? acl_reset=Reset To Full Access -acl_rbac=Get access control settings from RBAC? -acl_rbacyes=Yes (overrides settings below) acl_uall=All users acl_uthis=This user @@ -382,13 +376,6 @@ hide_clone=(Clone $1) switch_euser=You are not allowed to switch to this user switch_eold=Existing session not found! -rbac_title=Setup RBAC -rbac_desc=Webmin's RBAC integration provides a way for user module and ACL permissions to be determined from an RBAC (Role Based Access Control) database, rather than Webmin's own configuration files. Once RBAC support is enabled, any user for whom the RBAC controls all modules and ACLs option is selected will have his capabilities determined by RBAC rather than Webmin's own access control settings. -rbac_esolaris=RBAC is only supported on Solaris at the moment, and so cannot be used on this $1 system. -rbac_eperl=The Perl module $1 needed for RBAC integration is not installed. Click here to have it installed now. -rbac_ecpan=You do not have access to Webmin's Perl Modules page in order to install the necessary $1 module for RBAC integration. -rbac_ok=RBAC integration is available on this system, and can be enabled on a per-user basis on the Edit Webmin User page. - udeletes_err=Failed to delete users udeletes_jerr=Failed to add users to group udeletes_enone=None selected diff --git a/acl/save_acl.cgi b/acl/save_acl.cgi index 3dff5f637..0aef1496a 100755 --- a/acl/save_acl.cgi +++ b/acl/save_acl.cgi @@ -54,13 +54,8 @@ else { if (defined($in{'noconfig'})) { $maccess{'noconfig'} = $in{'noconfig'}; } - if ($in{'rbac'}) { - # RBAC overrides everything - $maccess{'rbac'} = 1; - } - elsif (-r "../$in{'_acl_mod'}/acl_security.pl") { + if (-r "../$in{'_acl_mod'}/acl_security.pl") { # Use user inputs - $maccess{'rbac'} = 0 if (defined($in{'rbac'})); &foreign_require($in{'_acl_mod'}, "acl_security.pl"); &foreign_call($in{'_acl_mod'}, "acl_security_save", \%maccess, \%in); diff --git a/acl/save_user.cgi b/acl/save_user.cgi index ec9799463..62de632c7 100755 --- a/acl/save_user.cgi +++ b/acl/save_user.cgi @@ -105,11 +105,6 @@ foreach my $u (@ulist) { # Find the current group my $oldgroup = $in{'old'} ? &get_users_group($in{'old'}) : undef; -if (&supports_rbac()) { - # Save RBAC mode - $user{'rbacdeny'} = $in{'rbacdeny'}; - } - my $newgroup; if (defined($in{'group'})) { # Check if group is allowed