acl/edit_user.cgi

   1 #!/usr/local/bin/perl
   2 # edit_user.cgi
   3 # Edit a new or existing webmin user
   4
   5 require './acl-lib.pl';
   6 &foreign_require("webmin", "webmin-lib.pl");
   7
   8 &ReadParse();
   9 if ($in{'user'}) {
  10         # Editing an existing user
  11         &can_edit_user($in{'user'}) || &error($text{'edit_euser'});
  12         &ui_print_header(undef, $text{'edit_title'}, "");
  13         $u = &get_user($in{'user'});
  14         $u || &error($text{'edit_egone'});
  15         %user = %$u;
  16         }
  17 else {
  18         # Creating a new user
  19         $access{'create'} || &error($text{'edit_ecreate'});
  20         &ui_print_header(undef, $text{'edit_title2'}, "");
  21         if ($in{'clone'}) {
  22                 # Initial settings come from clone
  23                 $u = &get_user($in{'clone'});
  24                 %user = %$u;
  25                 delete($user{'name'});
  26                 }
  27         else {
  28                 %user = ( );
  29                 }
  30         $user{'skill'} = $user{'risk'} = 'high' if ($in{'risk'});
  31         }
  32 $me = &get_user($base_remote_user);
  33
  34 # Give up if readonly
  35 if ($user{'readonly'} && !$in{'readwrite'}) {
  36         %minfo = &get_module_info($user{'readonly'});
  37         print &text('edit_readonly', $minfo{'desc'},
  38                     "edit_user.cgi?user=$in{'user'}&readwrite=1"),"<p>\n";
  39         &ui_print_footer("", $text{'index_return'});
  40         exit;
  41         }
  42
  43 print &ui_form_start("save_user.cgi", "post");
  44 if ($in{'user'}) {
  45         print &ui_hidden("old", $user{'name'});
  46         print &ui_hidden("oldpass", $user{'pass'});
  47         }
  48 if ($in{'clone'}) {
  49         print &ui_hidden("clone", $in{'clone'});
  50         }
  51 print &ui_hidden_table_start($text{'edit_rights'}, "width=100%", 2, "rights",
  52                              1, [ "width=30%" ]);
  53
  54 # Username
  55 print &ui_table_row($text{'edit_user'},
  56         $access{'rename'} || !$in{'user'} ?
  57                 &ui_textbox("name", $user{'name'}, 30,
  58                             0, undef, "autocomplete=off") : $user{'name'});
  59
  60 # Source user for clone
  61 if ($in{'clone'}) {
  62         print &ui_table_row($text{'edit_cloneof'}, "<tt>$in{'clone'}</tt>");
  63         }
  64
  65 # Find and show parent group
  66 @glist = &list_groups();
  67 @mcan = $access{'gassign'} eq '*' ?
  68                 ( ( map { $_->{'name'} } @glist ), '_none' ) :
  69                 split(/\s+/, $access{'gassign'});
  70 map { $gcan{$_}++ } @mcan;
  71 if (@glist && %gcan && !$in{'risk'} && !$user{'risk'}) {
  72         @opts = ( );
  73         if ($gcan{'_none'}) {
  74                 push(@opts, [ undef, "&lt;$text{'edit_none'}&gt;" ]);
  75                 }
  76         $memg = undef;
  77         foreach $g (@glist) {
  78                 if (&indexof($user{'name'}, @{$g->{'members'}}) >= 0 ||
  79                     $in{'clone'} &&
  80                      &indexof($in{'clone'}, @{$g->{'members'}}) >= 0) {
  81                         $memg = $g;
  82                         }
  83                 next if (!$gcan{$g->{'name'}} && $memg ne $g);
  84                 push(@opts, [ $g->{'name'} ]);
  85                 }
  86         print &ui_table_row($text{'edit_group'},
  87                 &ui_select("group", $memg->{'name'}, \@opts));
  88         }
  89
  90 # Show password type menu and current password
  91 $passmode = !$in{'user'} ? 0 :
  92             $user{'pass'} eq 'x' ? 3 :
  93             $user{'sync'} ? 2 :
  94             $user{'pass'} eq 'e' ? 5 :
  95             $user{'pass'} eq '*LK*' ? 4 : 1;
  96 &get_miniserv_config(\%miniserv);
  97 @opts = ( [ 0, "$text{'edit_set'} .." ] );
  98 if ($in{'user'}) {
  99         push(@opts, [ 1, $text{'edit_dont'} ]);
 100         }
 101 push(@opts, [ 3, $text{'edit_unix'} ]);
 102 if ($user{'sync'}) {
 103         push(@opts, [ 2, $text{'edit_same'} ]);
 104         }
 105 if ($miniserv{'extauth'}) {
 106         push(@opts, [ 5, $text{'edit_extauth'} ]);
 107         }
 108 push(@opts, [ 4, $text{'edit_lock'} ]);
 109 if ($passmode == 1) {
 110         $lockbox = &ui_checkbox("lock", 1, $text{'edit_templock'},
 111                                        $user{'pass'} =~ /^\!/ ? 1 : 0);
 112         }
 113 if ($passmode != 3 && $passmode != 4) {
 114         $tempbox = &ui_checkbox("temp", 1, $text{'edit_temppass'},
 115                                 $user{'temppass'});
 116         }
 117 if ($user{'lastchange'} && $miniserv{'pass_maxdays'}) {
 118         $daysold = int((time() - $user{'lastchange'})/(24*60*60));
 119         if ($miniserv{'pass_lockdays'} &&
 120             $daysold > $miniserv{'pass_lockdays'}) {
 121                 $expmsg = "<br>"."<font color=#ff0000>".
 122                           &text('edit_passlocked', $daysold)."</font>";
 123                 }
 124         elsif ($daysold > $miniserv{'pass_maxdays'}) {
 125                 $expmsg = "<br>"."<font color=#ffaa00>".
 126                           &text('edit_passmax', $daysold)."</font>";
 127                 }
 128         elsif ($daysold) {
 129                 $expmsg = "<br>".&text('edit_passold', $daysold);
 130                 }
 131         else {
 132                 $expmsg = "<br>".$text{'edit_passtoday'};
 133                 }
 134         }
 135 $js = "onChange='form.pass.disabled = value != 0;'";
 136 print &ui_table_row($text{'edit_pass'},
 137         &ui_select("pass_def", $passmode, \@opts, 1, 0, 0, 0, $js)." ".
 138         &ui_password("pass", undef, 25, $passmode != 0, undef,
 139                      "autocomplete=off").
 140         ($lockbox || $tempbox ? "<br>" : "").$lockbox.$tempbox.$expmsg);
 141
 142 # Real name
 143 print &ui_table_row($text{'edit_real'},
 144         &ui_textbox("real", $user{'real'}, 60));
 145
 146 # Storage type
 147 if ($in{'user'}) {
 148         print &ui_table_row($text{'edit_proto'},
 149                 $text{'edit_proto_'.$user{'proto'}});
 150         }
 151
 152 print &ui_hidden_table_end("rights");
 153
 154 # Start of UI options section
 155 $showui = $access{'chcert'} || $access{'lang'} ||
 156           $access{'cats'} || $access{'theme'};
 157 if ($showui) {
 158         print &ui_hidden_table_start($text{'edit_ui'}, "width=100%", 2, "ui",
 159                                      0, [ "width=30%" ]);
 160         }
 161
 162 if ($access{'chcert'}) {
 163         # SSL certificate name
 164         print &ui_table_row($text{'edit_cert'},
 165                 &ui_opt_textbox("cert", $user{'cert'}, 50, $text{'edit_none'}));
 166         }
 167
 168 if ($access{'lang'}) {
 169         # Current language
 170         print &ui_table_row($text{'edit_lang'},
 171                 &ui_radio("lang_def", $user{'lang'} ? 0 : 1,
 172                   [ [ 1, $text{'default'} ],
 173                     [ 0, &ui_select("lang", $user{'lang'},
 174                             [ map { [ $_->{'lang'}, $_->{'desc'}." (".
 175                                         uc($_->{'lang'}).")" ] }
 176                                   &list_languages() ]) ]
 177                   ]));
 178         }
 179
 180 if ($access{'cats'}) {
 181         # Show categorized modules?
 182         print &ui_table_row($text{'edit_notabs'},
 183                 &ui_radio("notabs", int($user{'notabs'}),
 184                           [ [ 1, $text{'yes'} ],
 185                             [ 2, $text{'no'} ],
 186                             [ 0, $text{'default'} ] ]));
 187         }
 188
 189 if ($access{'theme'}) {
 190         @all = &webmin::list_themes();
 191         @themes = grep { !$_->{'overlay'} } @all;
 192         @overlays = grep { $_->{'overlay'} } @all;
 193
 194         # Current theme
 195         @topts = ( );
 196         push(@topts, [ "", $text{'edit_themedef'} ]);
 197         foreach $t (@themes) {
 198                 push(@topts, [ $t->{'dir'}, $t->{'desc'} ]);
 199                 }
 200         print &ui_table_row($text{'edit_theme'},
 201                 &ui_radio("theme_def", defined($user{'theme'}) ? 0 : 1,
 202                   [ [ 1, $text{'edit_themeglobal'} ],
 203                     [ 0, &ui_select("theme", $user{'theme'}, \@topts) ] ]));
 204         }
 205
 206 if ($access{'theme'} && @overlays) {
 207         # Overlay theme, if any
 208         print &ui_table_row($text{'edit_overlay'},
 209                 &ui_radio("overlay_def", defined($user{'overlay'}) ? 0 : 1,
 210                   [ [ 1, $text{'edit_overlayglobal'} ],
 211                     [ 0, &ui_select("overlay", $user{'overlay'},
 212                            [ map { [ $_->{'dir'}, $_->{'desc'} ] } @overlays ]
 213                                     ) ] ]));
 214         }
 215
 216 if ($showui) {
 217         print &ui_hidden_table_end("ui");
 218         }
 219
 220 # Start of security options section
 221 $showsecurity = $access{'logouttime'} || $access{'ips'} || $access{'minsize'} ||
 222                 &supports_rbac() && $access{'mode'} == 0 || $access{'times'};
 223 if ($showsecurity) {
 224         print &ui_hidden_table_start($text{'edit_security'}, "width=100%", 2,
 225                                      "security", 0, [ "width=30%" ]);
 226         }
 227
 228 if ($access{'logouttime'}) {
 229         # Show logout time
 230         print &ui_table_row($text{'edit_logout'},
 231                 &ui_opt_textbox("logouttime", $user{'logouttime'}, 5,
 232                                 $text{'default'})." ".$text{'edit_mins'});
 233         }
 234
 235 if ($access{'minsize'}) {
 236         # Show minimum password length, for just this user
 237         print &ui_table_row($text{'edit_minsize'},
 238                 &ui_opt_textbox("minsize", $user{'minsize'}, 5,
 239                                 $text{'default'})." ".$text{'edit_chars'});
 240         }
 241
 242 if ($access{'nochange'} && $miniserv{'pass_maxdays'}) {
 243         # Opt out of forced password change, for this user
 244         print &ui_table_row($text{'edit_nochange'},
 245                 &ui_radio("nochange", $user{'nochange'}, [ [ 0, $text{'yes'} ],
 246                                                            [ 1, $text{'no'} ] ]));
 247         }
 248
 249 if ($access{'ips'}) {
 250         # Allowed IP addresses
 251         print &ui_table_row(&hlink("<b>$text{'edit_ips'}</b>", "ips"),
 252                 &ui_radio("ipmode", $user{'allow'} ? 1 :
 253                                     $user{'deny'} ? 2 : 0,
 254                           [ [ 0, $text{'edit_all'}."<br>" ],
 255                             [ 1, $text{'edit_allow'}."<br>" ],
 256                             [ 2, $text{'edit_deny'}."<br>" ] ]).
 257                 &ui_textarea("ips",
 258                     join("\n", split(/\s+/, $user{'allow'} ? $user{'allow'}
 259                                                            : $user{'deny'})),
 260                     4, 30));
 261         }
 262
 263 if (&supports_rbac() && $access{'mode'} == 0) {
 264         # Deny access to modules not managed by RBAC?
 265         print &ui_table_row($text{'edit_rbacdeny'},
 266                 &ui_radio("rbacdeny", $user{'rbacdeny'} ? 1 : 0,
 267                           [ [ 0, $text{'edit_rbacdeny0'} ],
 268                             [ 1, $text{'edit_rbacdeny1'} ] ]));
 269         }
 270
 271 if ($access{'times'}) {
 272         # Show allowed days of the week
 273         %days = map { $_, 1 } split(/,/, $user{'days'});
 274         $daysels = "";
 275         for(my $i=0; $i<7; $i++) {
 276                 $daysels .= &ui_checkbox("days", $i, $text{'day_'.$i},
 277                                          $days{$i});
 278                 }
 279         print &ui_table_row($text{'edit_days'},
 280                 &ui_radio("days_def", $user{'days'} eq '' ? 1 : 0,
 281                           [ [ 1, $text{'edit_alldays'} ],
 282                             [ 0, $text{'edit_seldays'} ] ])."<br>".
 283                 $daysels);
 284
 285         # Show allow hour/minute range
 286         ($hf, $mf) = split(/\./, $user{'hoursfrom'});
 287         ($ht, $mt) = split(/\./, $user{'hoursto'});
 288         print &ui_table_row($text{'edit_hours'},
 289                 &ui_radio("hours_def", $user{'hoursfrom'} eq '' ? 1 : 0,
 290                         [ [ 1, $text{'edit_allhours'} ],
 291                           [ 0, &text('edit_selhours',
 292                                 &ui_textbox("hours_hfrom", $hf, 2),
 293                                 &ui_textbox("hours_mfrom", $mf, 2),
 294                                 &ui_textbox("hours_hto", $ht, 2),
 295                                 &ui_textbox("hours_mto", $mt, 2)) ] ]));
 296         }
 297
 298 print &ui_hidden_table_end("security");
 299
 300 # Work out which modules can be selected
 301 @mcan = $access{'mode'} == 1 ? @{$me->{'modules'}} :
 302         $access{'mode'} == 2 ? split(/\s+/, $access{'mods'}) :
 303                                &list_modules();
 304 map { $mcan{$_}++ } @mcan;
 305 map { $has{$_}++ } @{$user{'modules'}};
 306 map { $has{$_} = 0 } $group ? @{$group->{'modules'}} : ();
 307
 308 # Start of modules section
 309 print &ui_hidden_table_start(@groups ? $text{'edit_modsg'} : $text{'edit_mods'},
 310                              "width=100%", 2, "mods");
 311
 312 # Show available modules, under categories
 313 @mlist = grep { $access{'others'} || $has{$_->{'dir'}} || $mcan{$_->{'dir'}} }
 314               &list_module_infos();
 315 @links = ( &select_all_link("mod", 0, $text{'edit_selall'}),
 316            &select_invert_link("mod", 0, $text{'edit_invert'}) );
 317 @cats = &unique(map { $_->{'category'} } @mlist);
 318 &read_file("$config_directory/webmin.catnames", \%catnames);
 319 $grids = "";
 320 foreach $c (sort { $b cmp $a } @cats) {
 321         @cmlist = grep { $_->{'category'} eq $c } @mlist;
 322         $grids .= "<b>".($catnames{$c} || $text{'category_'.$c})."</b><br>\n";
 323         @grid = ( );
 324         $sw = 0;
 325         foreach $m (@cmlist) {
 326                 local $md = $m->{'dir'};
 327                 $fromgroup = $memg && &indexof($md, @{$memg->{'modules'}}) >= 0;
 328                 if ($mcan{$md} && $fromgroup) {
 329                         # Module comes from group
 330                         push(@grid, (sprintf "<img src=images/%s.gif> %s\n",
 331                                 $has{$md} ? 'tick' : 'empty', $m->{'desc'}).
 332                                 ($has{$md} ? &ui_hidden("mod", $md) : ""));
 333                         }
 334                 elsif ($mcan{$md}) {
 335                         $label = "";
 336                         if ($access{'acl'} && $in{'user'}) {
 337                                 # Show link for editing ACL
 338                                 $label = sprintf "<a href='edit_acl.cgi?".
 339                                                  "mod=%s&%s=%s'>%s</a>\n",
 340                                         &urlize($m->{'dir'}),
 341                                         "user", &urlize($in{'user'}),
 342                                         $m->{'desc'};
 343                                 }
 344                         else {
 345                                 # No privileges to edit ACL
 346                                 $label = $m->{'desc'};
 347                                 }
 348                         push(@grid, &ui_checkbox("mod", $md, $label,$has{$md}));
 349                         }
 350                 else {
 351                         push(@grid, (sprintf "<img src=images/%s.gif> %s\n",
 352                                 $has{$md} ? 'tick' : 'empty', $m->{'desc'}));
 353                         }
 354                 }
 355         $grids .= &ui_grid_table(\@grid, 2, 100, [ "width=50%", "width=50%" ]);
 356         }
 357
 358 print &ui_table_row(undef, &ui_links_row(\@links).
 359                            $grids.
 360                            &ui_links_row(\@links), 2);
 361 print &ui_hidden_table_end("mods");
 362
 363 # Add global ACL section, but only if not set from the group
 364 $groupglobal = $memg && -r "$config_directory/$memg->{'name'}.acl";
 365 if ($access{'acl'} && !$groupglobal && $in{'user'}) {
 366         print &ui_hidden_table_start($text{'edit_global'}, "width=100%", 2,
 367                                      "global", 0, [ "width=30%" ]);
 368         %uaccess = &get_module_acl($in{'user'}, "", 1);
 369         print &ui_hidden("acl_security_form", 1);
 370         &foreign_require("", "acl_security.pl");
 371         &foreign_call("", "acl_security_form", \%uaccess);
 372         print &ui_hidden_table_end("global");
 373         }
 374
 375 # Generate form end buttons
 376 @buts = ( );
 377 push(@buts, [ undef, $in{'user'} ? $text{'save'} : $text{'create'} ]);
 378 if ($in{'user'}) {
 379         if ($access{'create'} && !$group) {
 380                 push(@buts, [ "but_clone", $text{'edit_clone'} ]);
 381                 }
 382         if (&foreign_available("webminlog")) {
 383                 push(@buts, [ "but_log", $text{'edit_log'} ]);
 384                 }
 385         if ($access{'switch'} && $main::session_id) {
 386                 push(@buts, [ "but_switch", $text{'edit_switch'} ]);
 387                 }
 388         if ($access{'delete'}) {
 389                 push(@buts, [ "but_delete", $text{'delete'} ]);
 390                 }
 391         }
 392 print &ui_form_end(\@buts);
 393
 394 &ui_print_footer("", $text{'index_return'});
 395