From cf81ebb3d1e37162a830145b3c04dffa5f35997b Mon Sep 17 00:00:00 2001
From: Jamie Cameron <jcameron@webmin.com>
Date: Sat, 24 Nov 2007 06:24:48 +0000
Subject: [PATCH] Partially complete UI re-write and support for includes

---
 pam/edit_inc.cgi |  55 ++++++++++++++++++
 pam/edit_mod.cgi |  79 +++++++++++++-------------
 pam/edit_pam.cgi | 141 +++++++++++++++++++++++++----------------------
 pam/lang/en      |  21 ++++++-
 pam/save_inc.cgi |  45 +++++++++++++++
 5 files changed, 236 insertions(+), 105 deletions(-)
 create mode 100644 pam/edit_inc.cgi
 create mode 100755 pam/save_inc.cgi

diff --git a/pam/edit_inc.cgi b/pam/edit_inc.cgi
new file mode 100644
index 000000000..4f3fa3041
--- /dev/null
+++ b/pam/edit_inc.cgi
@@ -0,0 +1,55 @@
+#!/usr/local/bin/perl
+# Edit a PAM include for some service
+
+require './pam-lib.pl';
+&ReadParse();
+
+@pam = &get_pam_config();
+$pam = $pam[$in{'idx'}];
+if ($in{'midx'} ne '') {
+	$mod = $pam->{'mods'}->[$in{'midx'}];
+	$inc = $mod->{'module'};
+	$type = $mod->{'type'};
+	&ui_print_header(undef, $text{'inc_edit'}, "");
+	}
+else {
+	&ui_print_header(undef, $text{'inc_create'}, "");
+	$type = $in{'type'};
+	}
+
+
+print &ui_form_start("save_mod.cgi");
+print &ui_hidden("idx", $in{'idx'});
+print &ui_hidden("midx", $in{'midx'});
+print &ui_hidden("_type", $in{'type'});
+print &ui_table_start($text{'inc_header'}, undef, 2, [ "width=30%" ]);
+
+# PAM service name
+$t = $text{'desc_'.$pam->{'name'}};
+print &ui_table_row($text{'mod_name'},
+		    "<tt>".&html_escape($pam->{'name'})."</tt> ".
+		    ($pam->{'desc'} ? "($pam->{'desc'})" : $t ? "($t)" : ""));
+
+# Authentication step
+print &ui_table_row($text{'mod_type'},
+		    $text{'mod_type_'.$type});
+
+# Included service
+print &ui_table_row($text{'inc_inc'},
+    &ui_select("inc", $inc,
+	[ map { [ $_->{'name'}, $text{'desc_'.$_->{'name'}} || $_->{'name'} ] }
+	      @pam ], 1, 0, $inc ? 1 : 0));
+
+print &ui_table_end();
+
+if ($in{'midx'} ne '') {
+	print &ui_form_end([ [ undef, $text{'save'} ],
+			     [ 'delete', $text{'delete'} ] ]);
+	}
+else {
+	print &ui_form_end([ [ undef, $text{'create'} ] ]);
+	}
+
+&ui_print_footer("edit_pam.cgi?idx=$in{'idx'}", $text{'edit_return'},
+		 "", $text{'index_return'});
+
diff --git a/pam/edit_mod.cgi b/pam/edit_mod.cgi
index b86068030..038dad184 100755
--- a/pam/edit_mod.cgi
+++ b/pam/edit_mod.cgi
@@ -4,6 +4,12 @@
 
 require './pam-lib.pl';
 &ReadParse();
+if ($in{'inc'}) {
+	# Redirect to include form
+	&redirect("edit_inc.cgi?idx=$in{'idx'}&type=$in{'type'}");
+	return;
+	}
+
 @pam = &get_pam_config();
 $pam = $pam[$in{'idx'}];
 if ($in{'midx'} ne '') {
@@ -20,42 +26,39 @@ else {
 	}
 
 
-print "<form action=save_mod.cgi>\n";
-print "<input type=hidden name=idx value='$in{'idx'}'>\n";
-print "<input type=hidden name=midx value='$in{'midx'}'>\n";
-print "<input type=hidden name=_module value='$in{'module'}'>\n";
-print "<input type=hidden name=_type value='$in{'type'}'>\n";
+print &ui_form_start("save_mod.cgi");
+print &ui_hidden("idx", $in{'idx'});
+print &ui_hidden("midx", $in{'midx'});
+print &ui_hidden("_module", $in{'module'});
+print &ui_hidden("_type", $in{'type'});
+print &ui_table_start($text{'mod_header'}, undef, 4);
 
-print "<table border width=100%>\n";
-print "<tr $tb> <td><b>$text{'mod_header'}</b></td> </tr>\n";
-print "<tr $cb> <td><table width=100%>\n";
-
-print "<tr> <td><b>$text{'mod_name'}</b></td>\n";
+# PAM service name
 $t = $text{'desc_'.$pam->{'name'}};
-print "<td><tt>",&html_escape($pam->{'name'}),"</tt> ",
-		$pam->{'desc'} ? "($pam->{'desc'})" :
-		$t ? "($t)" : "","</td>\n";
+print &ui_table_row($text{'mod_name'},
+		    "<tt>".&html_escape($pam->{'name'})."</tt> ".
+		    ($pam->{'desc'} ? "($pam->{'desc'})" : $t ? "($t)" : ""));
 
-print "<td><b>$text{'mod_mod'}</b></td>\n";
+# PAM module name
 $t = $text{$module};
-print "<td><tt>$module</tt> ",$t ? "($t)" : "","</td> </tr>\n";
+print &ui_table_row($text{'mod_mod'},
+		    "<tt>$module</tt> ".($t ? "($t)" : ""));
 
-print "<tr> <td><b>$text{'mod_type'}</b></td>\n";
-print "<td>",$text{'mod_type_'.$type},"</td>\n";
+print &ui_table_row($text{'mod_type'},
+		    $text{'mod_type_'.$type});
 
-print "<td><b>$text{'mod_control'}</b></td>\n";
-print "<td><select name=control>\n";
-foreach $c ('required', 'requisite', 'sufficient', 'optional') {
-	printf "<option value=%s %s>%s (%s)\n",
-		$c, $mod->{'control'} eq $c ? 'selected' : '',
-		$text{'control_'.$c}, $text{'control_desc_'.$c};
-	}
-print "</select></td> </tr>\n";
+# Control mode
+print &ui_table_row($text{'mod_control'},
+	    &ui_select("control", $mod->{'control'},
+		[ map { [ $_, $text{'control_'.$_}." (".
+			      $text{'control_desc_'.$_}.")" ] }
+		      ('required', 'requisite', 'sufficient', 'optional') ],
+		1, 0, $in{'midx'} eq '' ? 0 : 1));
 
 if (-r "./$module.pl") {
 	do "./$module.pl";
 	if (!$module_has_no_args) {
-		print "<tr> <td colspan=4><hr></td> </tr>\n";
+		print &ui_table_hr();
 		foreach $a (split(/\s+/, $mod->{'args'})) {
 			if ($a =~ /^([^\s=]+)=(\S*)$/) {
 				$args{$1} = $2;
@@ -68,22 +71,22 @@ if (-r "./$module.pl") {
 		}
 	}
 else {
-	print "<tr> <td colspan=4><hr></td> </tr>\n";
-	print "<tr> <td><b>$text{'mod_args'}</b></td>\n";
-	print "<td colspan=3><input name=args size=50 ",
-	      "value='$mod->{'args'}'></td> </tr>\n";
+	# Text-only args
+	print &ui_table_hr();
+	print &ui_table_row($text{'mod_args'},
+			    &ui_textbox("args", $mod->{'args'}, 60), 3);
 	}
 
-print "</table></td></tr></table>\n";
-print "<table width=100%><tr>\n";
-print "<td><input type=submit value='$text{'save'}'></td>\n";
+print &ui_table_end();
+
 if ($in{'midx'} ne '') {
-	print "<td align=right><input type=submit name=delete ",
-	      "value='$text{'delete'}'></td>\n";
+	print &ui_form_end([ [ undef, $text{'save'} ],
+			     [ 'delete', $text{'delete'} ] ]);
+	}
+else {
+	print &ui_form_end([ [ undef, $text{'create'} ] ]);
 	}
-print "</tr></table>\n";
-print "</form>\n";
 
 &ui_print_footer("edit_pam.cgi?idx=$in{'idx'}", $text{'edit_return'},
-	"", $text{'index_return'});
+		 "", $text{'index_return'});
 
diff --git a/pam/edit_pam.cgi b/pam/edit_pam.cgi
index 24d37f266..ef2f005cb 100755
--- a/pam/edit_pam.cgi
+++ b/pam/edit_pam.cgi
@@ -9,82 +9,91 @@ require './pam-lib.pl';
 @pams = &get_pam_config();
 $pam = $pams[$in{'idx'}];
 
-print "<table border width=100%>\n";
-print "<tr $tb> <td><b>$text{'edit_header'}</b></td> </tr>\n";
-print "<tr $cb> <td><table width=100%>\n";
+print &ui_table_start($text{'edit_header'}, "width=100%", 2);
 
-print "<tr> <td width=10%><b>$text{'edit_name'}</b></td>\n";
 $t = $text{'desc_'.$pam->{'name'}};
-print "<td><tt>",&html_escape($pam->{'name'}),"</tt> ",
-		$pam->{'desc'} ? "($pam->{'desc'})" :
-		$t ? "($t)" : "","</td>\n";
-print "</tr>\n";
+print &ui_table_row($text{'edit_name'},
+	"<tt>".&html_escape($pam->{'name'})."</tt> ".
+        ($pam->{'desc'} ? "($pam->{'desc'})" : $t ? "($t)" : ""));
 
 foreach $t ('auth', 'account', 'session', 'password') {
-	print "<tr> <td colspan=2>\n";
-	print "<form action=edit_mod.cgi><table border width=100%>\n";
-	print "<tr $tb> <td><b>",$text{"edit_header_$t"},"</b></td> </tr>\n";
-	print "<tr $cb> <td>\n";
-
+	my $ptable;
+	$ptable .= &ui_form_start("edit_mod.cgi");
 	local @mods = grep { $_->{'type'} eq $t } @{$pam->{'mods'}};
-	print "<table width=100%>\n";
 	if (@mods) {
-		print "<tr $cb> <td width=20%><b>$text{'edit_mod'}</b></td> ",
-		      "<td width=35%><b>$text{'edit_desc'}</b></td> ",
-		      "<td width=20%><b>$text{'edit_control'}</b></td> ",
-		      "<td width=20%><b>$text{'edit_args'}</b></td> ",
-		      "<td width=5%><b>$text{'edit_move'}</b></td> </tr>\n";
+		@tds = ( "width=20%", "width=35%", "width=20%",
+			 "width=20%", "width=5%" );
+		$ptable .= &ui_columns_start([ $text{'edit_mod'},
+					       $text{'edit_desc'},
+					       $text{'edit_control'},
+					       $text{'edit_args'},
+					       $text{'edit_move'} ], \@tds);
+		foreach $m (@mods) {
+			local $mn = $m->{'module'};
+			$mn =~ s/^.*\///;
+			local @cols;
+			if ($m->{'control'} eq 'include') {
+				# Including some other file
+				push(@cols, "<a href='edit_inc.cgi?".
+				    "idx=$pam->{'index'}&midx=$m->{'index'}'>".
+				    &text('edit_inc', "<tt>$mn</tt>")."</a>");
+				@rtds = ( "colspan=4", "width=5%" );
+				}
+			else {
+				# Regular PAM module
+				push(@cols, "<a href='edit_mod.cgi?".
+				    "idx=$pam->{'index'}&midx=$m->{'index'}'>".
+				    "$mn</a>");
+				push(@cols, $text{$mn});
+				push(@cols, $text{'control_'.$m->{'control'}});
+				push(@cols, $m->{'args'});
+				@rtds = @tds;
+				}
+			local $mv;
+			if ($m eq $mods[$#mods]) {
+				$mv .= "<img src=images/gap.gif>";
+				}
+			else {
+				$mv .= "<a href='move.cgi?idx=$pam->{'index'}&".
+				       "midx=$m->{'index'}&down=1'><img ".
+				       "src=images/down.gif border=0></a>";
+				}
+			if ($m eq $mods[0]) {
+				$mv .= "<img src=images/gap.gif>";
+				}
+			else {
+				$mv .= "<a href='move.cgi?idx=$pam->{'index'}&".
+				       "midx=$m->{'index'}&up=1'><img ".
+				       "src=images/up.gif border=0></a>";
+				}
+			push(@cols, $mv);
+			$ptable .= &ui_columns_row(\@cols, \@rtds);
+			}
+		$ptable .= &ui_columns_end();
 		}
 	else {
-		print "<tr> <td colspan=5><b>$text{'edit_none'}",
-		      "</b></td> </tr>\n";
+		$ptable .= "<b>$text{'edit_none'}</b><p>\n";
 		}
-	foreach $m (@mods) {
-		local $mn = $m->{'module'};
-		$mn =~ s/^.*\///;
-		print "<tr $cb>\n";
-		print "<td><a href='edit_mod.cgi?idx=$pam->{'index'}&",
-		      "midx=$m->{'index'}'>$mn</a></td>\n";
-		print "<td>",$text{$mn} ? $text{$mn} : "<br>","</td>\n";
-		print "<td>",$text{'control_'.$m->{'control'}},"</td>\n";
-		print "<td>",$m->{'args'} ? $m->{'args'} : "<br>","</td>\n";
-		print "<td>";
-		if ($m eq $mods[$#mods]) {
-			print "<img src=images/gap.gif>";
-			}
-		else {
-			print "<a href='move.cgi?idx=$pam->{'index'}&",
-			      "midx=$m->{'index'}&down=1'><img ",
-			      "src=images/down.gif border=0></a>";
-			}
-		if ($m eq $mods[0]) {
-			print "<img src=images/gap.gif>";
-			}
-		else {
-			print "<a href='move.cgi?idx=$pam->{'index'}&",
-			      "midx=$m->{'index'}&up=1'><img ",
-			      "src=images/up.gif border=0></a>";
-			}
-		print "</tr>\n";
-		}
-	print "</table>\n";
-	print "<input type=hidden name=idx value='$in{'idx'}'>\n";
-	print "<input type=hidden name=type value='$t'>\n";
-	print "<input type=submit value='$text{'edit_addmod'}'>\n";
-	print "<select name=module>\n";
-	foreach $m (sort { $a cmp $b } &list_modules()) {
-		printf "<option value=%s>%s\n",
-			$m, $text{$m} ? "$m ($text{$m})" : $m;
-		}
-	print "</select></td> </tr>\n";
-	print "</table></form></td></tr>\n";
-	}
 
-print "<form action=delete_pam.cgi>\n";
-print "</table></td></tr></table>\n";
-print "<input type=hidden name=idx value='$in{'idx'}'>\n";
-print "<input type=submit value='$text{'edit_delete'}'>\n";
-print "</form>\n";
+	# Form to add module
+	$ptable .= &ui_hidden("idx", $in{'idx'});
+	$ptable .= &ui_hidden("type", $t);
+	$ptable .= &ui_submit($text{'edit_addmod'}),"\n";
+	$ptable .= &ui_select("module", undef,
+		[ map { [ $_, $text{$_} ? "$_ ($text{$_})" : $_ ] }
+		      &list_modules() ]);
+	$ptable .= "&nbsp;";
+	$ptable .= &ui_submit($text{'edit_addinc'}, "inc");
+	$ptable .= &ui_form_end();
+
+	print &ui_table_row($text{"edit_header_$t"}, $ptable);
+	}
+print &ui_table_end();
+
+# Delete whole service form
+print &ui_form_start("delete_pam.cgi");
+print &ui_hidden("idx", $in{'idx'});
+print &ui_form_end([ [ undef, $text{'edit_delete'} ] ]);
 
 &ui_print_footer("", $text{'index_return'});
 
diff --git a/pam/lang/en b/pam/lang/en
index 035c345e7..971012e9f 100644
--- a/pam/lang/en
+++ b/pam/lang/en
@@ -6,6 +6,7 @@ index_return=service list
 index_none=No PAM configuration files were found on your system in the directory $1. Maybe PAM is not supported, or your <a href='$2'>module configuration</a> is incorrect.
 
 desc_su=Switch user
+desc_su-l=Switch user (with login)
 desc_login=Local or remote login
 desc_samba=Samba Windows file server
 desc_imap=IMAP mail server
@@ -69,6 +70,17 @@ desc_proftpd=ProFTPd file transfer server
 desc_qpopper=$desc_qpop
 desc_dovecot=POP / IMAP mail server
 desc_cron=Scheduled commands daemon
+desc_runuser=Run command as user
+desc_runuser-l=Run command as user (with login)
+desc_postgresql=PostgreSQL database
+desc_crond=Cron daemon
+desc_smtp=SMTP authentication
+desc_smtp.postfix=Postfix SMTP authentication
+desc_smtp.sendmail=Sendmail SMTP authentication
+desc_config-util=Configuration utilities
+desc_newrole=SELinux new role
+desc_radius=RADIUS dialup login
+desc_pptpconfig=Point-to-point tunneling protocol
 
 edit_title=Edit PAM Service
 edit_header=PAM service details
@@ -81,11 +93,13 @@ edit_mod=PAM module
 edit_desc=Description
 edit_args=Parameters
 edit_addmod=Add step for:
+edit_addinc=Add included service
 edit_control=Failure level
-edit_none=No PAM modules specified for this step
+edit_none=No PAM modules specified for this step.
 edit_delete=Delete PAM service
 edit_move=Move
 edit_return=PAM service
+edit_inc=Include service $1
 
 pam_pwdb.so=Unix password authentication
 pam_securetty.so=Secure TTY check for root
@@ -248,3 +262,8 @@ log_mod_delete=Deleted PAM module $1 in service $2
 log_mod_move=Swapped PAM modules in service $3
 log_mod_move_l=Swapped PAM modules $1 and $2 in service $3
 
+inc_edit=Edit Included Service
+inc_create=Create Included Service
+inc_header=Included PAM service details
+inc_inc=Included PAM service
+
diff --git a/pam/save_inc.cgi b/pam/save_inc.cgi
new file mode 100755
index 000000000..b919e7a89
--- /dev/null
+++ b/pam/save_inc.cgi
@@ -0,0 +1,45 @@
+#!/usr/local/bin/perl
+# Update an include for a service
+
+require './pam-lib.pl';
+&ReadParse();
+&error_setup($text{'inc_err'});
+@pam = &get_pam_config();
+$pam = $pam[$in{'idx'}];
+
+&lock_file($pam->{'file'});
+if ($in{'delete'}) {
+	# Deleting an include
+	$mod = $pam->{'mods'}->[$in{'midx'}];
+	&delete_module($pam->{'name'}, $mod);
+	}
+else {
+	if ($in{'_module'}) {
+		# Adding a new include
+		$mod = { 'type' => $in{'_type'},
+			 'module' => $in{'_module'} };
+		$module = $in{'_module'};
+		}
+	else {
+		# Existing module entry
+		# XXX
+		$mod = $pam->{'mods'}->[$in{'midx'}];
+		$module = $mod->{'module'};
+		$module =~ s/^.*\///;
+		}
+
+	if ($in{'_module'}) {
+		# Add the PAM include entry
+		&create_module($pam->{'name'}, $mod);
+		}
+	else {
+		# Update the existing include
+		&modify_module($pam->{'name'}, $mod);
+		}
+	}
+&unlock_file($pam->{'file'});
+&webmin_log($in{'delete'} ? "delete" : $in{'_module'} ? "create" : "modify",
+	    "inc", $pam->{'name'}, $mod);
+&redirect("edit_pam.cgi?idx=$in{'idx'}");
+
+