Add support to edit FirewallD config files manually

Introduced with: https://github.com/webmin/webmin/commit/f46cc45

bind8/bind8-lib.pl

@@ -376,9 +376,22 @@ return @rv ? wantarray ? @rv : $rv[0]
 sub find_value
 {
 my @v = &find($_[0], $_[1]);
-if (!@v) { return undef; }
-elsif (wantarray) { return map { $_->{'value'} } @v; }
-else { return $v[0]->{'value'}; }
+if (!@v) {
+	return undef;
+	}
+elsif (wantarray) {
+	return map { &extract_value($_) } @v;
+	}
+else {
+	return &extract_value($v[0]);
+	}
+}
+
+sub extract_value
+{
+my ($dir) = @_;
+return defined($dir->{'value'}) ? $dir->{'value'} :
+       @{$dir->{'values'}} ? $dir->{'values'}->[0] : undef;
 }
 
 # base_directory([&config], [no-cache])
@@ -500,9 +513,8 @@ for(my $i=0; $i<@oldv || $i<@newv; $i++) {
 sub recursive_set_value
 {
 my ($dir) = @_;
-if ($dir->{'values'}) {
-	my @v = @{$dir->{'values'}};
-	$dir->{'value'} = @v ? $v[0] : undef;
+if (!defined($dir->{'value'})) {
+	$dir->{'value'} = &extract_value($dir);
 	}
 if ($dir->{'type'} && $dir->{'type'} == 1 && $dir->{'members'}) {
 	foreach my $m (@{$dir->{'members'}}) {

firewalld/config

@@ -1,2 +1,3 @@
 firewall_cmd=firewall-cmd
 init_name=firewalld
+config_dir=/etc/firewalld

firewalld/config.info

@@ -1,2 +1,3 @@
 firewall_cmd=Full path to firewall-cmd program,0
 init_name=FirewallD init script name,0
+config_dir=FirewallD configuration directory,0

firewalld/edit_manual.cgi

@@ -0,0 +1,28 @@
+#!/usr/local/bin/perl
+# Show a page for manually editing FirewallD config files
+
+require './firewalld-lib.pl';
+&ui_print_header(undef, $text{'manual_title'}, "");
+&ReadParse();
+my @files = &unique(&get_config_files());
+my $file = $in{'file'} || $files[0];
+&indexof($file, @files) >= 0 || &error($text{'manual_efile'});
+
+# Show the file selector
+print &ui_form_start("edit_manual.cgi");
+print "<b>$text{'manual_editsel'}</b>\n";
+print &ui_select("file", $file, \@files),"\n";
+print &ui_submit($text{'manual_ok'});
+print &ui_form_end();
+
+# Show the file contents
+print &ui_form_start("save_manual.cgi", "form-data");
+print &ui_hidden("file", $file);
+print &ui_table_start(undef, undef, 2);
+$data = &read_file_contents($file);
+print &ui_table_row(undef, ui_textarea("data", $data, 20, 80), 2);
+print &ui_table_end();
+print &ui_form_end([ [ "save", $text{'save'} ] ]);
+
+&ui_print_footer("", $text{'index_return'});
+

firewalld/firewalld-lib.pl

@@ -495,4 +495,21 @@ $out = &backquote_logged(&$get_cmd('permanent')." 2>&1 </dev/null");
 return $? ? $out : undef;
 }
 
+sub get_config_files
+{
+my $conf_dir = $config{'config_dir'} || '/etc/firewalld';
+my @conf_files;
+my @dirpath = ($conf_dir);
+eval "use File::Find;";
+if (!$@) {
+	find(sub {
+		my $file = $File::Find::name;
+		push(@conf_files, $file)
+			if (-f $file && $file =~ /\.(conf|xml)$/);
+		}, @dirpath);
+	}
+push(@conf_files, "$conf_dir/direct.xml");
+return @conf_files;
+}
+
 1;

firewalld/index.cgi

@@ -76,6 +76,7 @@ if ($ok) {
 	                       $text{'index_sadd'}),
 		      &ui_link("edit_forward.cgi?new=1&zone=".&urlize($zone->{'name'}),
 	                       $text{'index_fadd'}),
+		      &ui_link("edit_manual.cgi", $text{'index_manual'}),
 		    );
 	if (@{$zone->{'services'}} || @{$zone->{'ports'}}) {
 		my @tds = ( "width=5" );

firewalld/lang/en

@@ -38,6 +38,14 @@ index_restart_firewalld=Reload FirewallD
 index_restart_firewallddesc=Reload the FirewallD server and apply the rules that were permanently created.
 index_listrules_restartdesc=List details about existing rich and direct FirewallD rules in $1 zone.
 index_dependent=Failed to restart $1 dependent service
+index_manual=Edit Config Files.
+
+manual_title=Edit Config Files
+manual_editsel=Edit FirewallD configuration file
+manual_err=Failed to save config file
+manual_efile=Selected configuration file is not valid
+manual_ok=Edit
+
 
 port_edit=Edit Port
 port_create=Add Port

firewalld/save_manual.cgi

@@ -0,0 +1,19 @@
+#!/usr/local/bin/perl
+# Update the manually edited FirewallD config file
+
+require './firewalld-lib.pl';
+&ReadParseMime();
+&error_setup($text{'manual_err'});
+my @files = &unique(&get_config_files());
+my $file = $in{'file'};
+&indexof($file, @files) >= 0 || &error($text{'manual_efile'});
+
+$in{'data'} =~ s/\r//g;
+
+&open_lock_tempfile(my $data, ">$file");
+&print_tempfile($data, $in{'data'});
+&close_tempfile($data);
+
+&webmin_log("manual", undef, $file);
+&redirect("");
+

miniserv.pl

@@ -1205,9 +1205,10 @@ while(1) {
 					# This must be the password .. try it
 					# and send back the results
 					local ($vu, $expired, $nonexist) =
-						&validate_user($conv->{'user'},
-							       $answer,
-							       $conf->{'host'});
+						&validate_user_caseless(
+							$conv->{'user'},
+							$answer,
+							$conf->{'host'});
 					local $ok = $vu ? 1 : 0;
 					print $outfd "2 $conv->{'user'} $ok $expired $notexist\n";
 					&end_pam_conversation($conv);
@@ -1717,8 +1718,8 @@ if (!$validated && !$deny_authentication && !$config{'session'} &&
 	($authuser, $authpass) = split(/:/, &b64decode($1), 2);
 	print DEBUG "handle_request: doing basic auth check authuser=$authuser authpass=$authpass\n";
 	local ($vu, $expired, $nonexist, $wvu) =
-		&validate_user($authuser, $authpass, $host,
-			       $acptip, $port);
+		&validate_user_caseless($authuser, $authpass, $host,
+				        $acptip, $port);
 	print DEBUG "handle_request: vu=$vu expired=$expired nonexist=$nonexist\n";
 	if ($vu && (!$expired || $config{'passwd_mode'} == 1)) {
 		$authuser = $vu;
@@ -1813,8 +1814,8 @@ if ($config{'session'} && !$deny_authentication &&
 			}
 
 		local ($vu, $expired, $nonexist, $wvu) =
-			&validate_user($in{'user'}, $in{'pass'}, $host,
-				       $acptip, $port);
+			&validate_user_caseless($in{'user'}, $in{'pass'}, $host,
+					        $acptip, $port);
 		if ($vu && $wvu) {
 			my $uinfo = &get_user_details($wvu, $vu);
 			if ($uinfo && $uinfo->{'twofactor_provider'}) {
@@ -3579,6 +3580,20 @@ sub urlize {
   return $tmp2;
 }
 
+# validate_user_caseless(username, password, host, remote-ip, webmin-port)
+# Calls validate_user, but also checks the lower case name if the given login
+# is mixed case
+sub validate_user_caseless
+{
+my @args = @_;
+my @rv = &validate_user(@args);
+if (!$rv[0] && $args[0] ne lc($args[0])) {
+	$args[0] = lc($args[0]);
+	@rv = &validate_user(@args);
+	}
+return @rv;
+}
+
 # validate_user(username, password, host, remote-ip, webmin-port)
 # Checks if some username and password are valid. Returns the modified username,
 # the expired / temp pass flag, the non-existence flag, and the underlying
@@ -3748,7 +3763,7 @@ elsif ($config{'passwd_file'}) {
 					local $day = time()/(24*60*60);
 					print DEBUG "validate_unix_user: c=$c m=$m day=$day\n";
 					$m ||= 0;
-					if ($c =~ /^\d+/ && $day - $c > $m) {
+					if ($c =~ /^\d+/ && $m =~ /^\d+/ && $day - $c > $m) {
 						# Yep, it has ..
 						$rv = 2;
 						}

mysql/mysql-lib.pl

@@ -1217,8 +1217,8 @@ local $file = @old ? $old[0]->{'file'} :
 local $lref = &read_file_lines($file);
 
 for(my $i=0; $i<@old || $i<@$values; $i++) {
-	local $old = $old[$i];
-	local $line = $values->[$i] eq "" ? $name :
+	local $old = $i < @old ? $old[$i] : undef;
+	local $line = $i < @$values || $values->[$i] eq "" ? $name :
 			"$name = $values->[$i]";
 	if ($old && defined($values->[$i])) {
 		# Updating

samba/samba-lib.pl

@@ -646,7 +646,7 @@ if ($has_pdbedit) {
 	local $out = &backquote_logged(
 		"cd / && $config{'pdbedit'} -a -s $config{'smb_conf'} -t -u ".
 		quotemeta($user->{'name'}).
-		($config{'sync_gid'} ? " -G $config{'sync_gid'}" : "").
+		($config{'sync_gid'} ? " -g $config{'sync_gid'}" : "").
 		" -c '[".join("", @opts)."]' $ws <$temp 2>&1");
 	$? && &error("$config{'pdbedit'} failed : <pre>$out</pre>");
 	}

useradmin/edit_user.cgi

@@ -201,9 +201,11 @@ $passmode = $pass eq "" && $random_password eq "" ? 0 :
 	    $pass && $pass ne $config{'lock_string'} &&
 		$random_password eq "" ? 2 : -1;
 $pffunc = $config{'passwd_stars'} ? \&ui_password : \&ui_textbox;
-print &ui_table_row(&hlink($text{'pass'}, "pass"),
-	&ui_radio_table("passmode", $passmode,
-	  [ [ 0, $config{'empty_mode'} ? $text{'none1'} : $text{'none2'} ],
+my $modes = [];
+if ($passmode eq '0' || $config{'empty_mode'}) {
+	push(@{$modes}, [ 0, $config{'empty_mode'} ? $text{'none1'} : $text{'none2'} ]);
+	}
+push(@{$modes}, 
 	    [ 1, $text{'nologin'} ],
 	    [ 3, $text{'clear'},
 	      &$pffunc("pass", $config{'random_password'} && $n eq "" ?
@@ -212,8 +214,9 @@ print &ui_table_row(&hlink($text{'pass'}, "pass"),
 		( [ 2, $text{'nochange'},
 		    &ui_hidden("encpass", $pass) ] ) :
 		( [ 2, $text{'encrypted'},
-		    &ui_textbox("encpass", $passmode == 2 ? $pass : "", 60) ] )
-	  ]).
+		    &ui_textbox("encpass", $passmode == 2 ? $pass : "", 60) ] ));
+print &ui_table_row(&hlink($text{'pass'}, "pass"),
+	&ui_radio_table("passmode", $passmode, $modes).
 	  ($can_disable ? "  ".&ui_checkbox("disable", 1,
 				$text{'uedit_disabled'}, $disabled) : "")
 	  );

web-lib-funcs.pl

@@ -327,7 +327,8 @@ my $tmp_base = $gconfig{'tempdir_'.&get_module_name()} ?
 		  $ENV{'TMP'} && $ENV{'TMP'} ne "/tmp" ? $ENV{'TMP'} :
 		  -d "c:/temp" ? "c:/temp" : "/tmp/.webmin";
 my $tmp_dir;
-if (@remote_user_info && -d $remote_user_info[7] && !$gconfig{'nohometemp'}) {
+if (@remote_user_info && -d $remote_user_info[7] &&
+    -w $remote_user_info[7] && !$gconfig{'nohometemp'}) {
 	$tmp_dir = "$remote_user_info[7]/.tmp";
 	}
 elsif (@remote_user_info) {
@@ -1995,14 +1996,21 @@ if (!$@) {
 	my $opts = ref($only) ? $only : {};
 	my $locale_default = &get_default_system_locale();
 	my $locale_auto = &parse_accepted_language();
-	my $locale_name = $opts->{'locale'} || $gconfig{'locale_'.$remote_user} || $locale_auto || $gconfig{'locale'} || &get_default_system_locale();
+	my $locale_name = $opts->{'locale'} || $gconfig{'locale_'.$remote_user} ||
+	   $locale_auto || $gconfig{'locale'} || &get_default_system_locale();
 	my $tz = $opts->{'tz'};
 	if (!$tz) {
 		eval {
-	        $tz = DateTime::TimeZone->new( name => 'local' )->name();  # Asia/Nicosia
+			$tz =
+			  DateTime::TimeZone->new(name => strftime("%z", localtime()))->name(); # +0200
 			};
 		if ($@) {
-			$tz = DateTime::TimeZone->new( name => 'UTC' )->name();    # UTC
+			eval {
+				$tz = DateTime::TimeZone->new(name => 'local')->name();  # Asia/Nicosia
+				};
+			if ($@) {
+				$tz = DateTime::TimeZone->new(name => 'UTC')->name();    # UTC
+				}
 			}
 		}
 	my $locale = DateTime::Locale->load($locale_name);