cluster-webmin/save_acl.cgi

   1 #!/usr/local/bin/perl
   2 # save_acl.cgi
   3 # Save the ACL for a module for a user or group
   4
   5 require './cluster-webmin-lib.pl';
   6 &ReadParse();
   7 $who = $in{'_acl_user'} ? $in{'_acl_user'} : $in{'_acl_group'};
   8
   9 # Validate and parse inputs
  10 &error_setup($text{'acl_err'});
  11 $maccess{'noconfig'} = $in{'noconfig'};
  12 if (-r "../$in{'_acl_mod'}/acl_security.pl") {
  13         &foreign_require($in{'_acl_mod'}, "acl_security.pl");
  14         &foreign_call($in{'_acl_mod'}, "acl_security_save", \%maccess, \%in);
  15         }
  16
  17 # Setup error handler for down hosts
  18 sub user_error
  19 {
  20 $user_error_msg = join("", @_);
  21 }
  22 &remote_error_setup(\&user_error);
  23
  24 # Write out on all hosts, or just one host
  25 &ui_print_header(undef, $text{'acl_title'}, "");
  26 @allhosts = &list_webmin_hosts();
  27 @servers = &list_servers();
  28 if ($in{'all'}) {
  29         # Doing on all hosts that the user has the module on
  30         foreach $h (@allhosts) {
  31                 local $w;
  32                 if ($in{'_acl_user'}) {
  33                         ($w) = grep { $_->{'name'} eq $in{'_acl_user'} }
  34                                     @{$h->{'users'}};
  35                         }
  36                 else {
  37                         ($w) = grep { $_->{'name'} eq $in{'_acl_group'} }
  38                                     @{$h->{'groups'}};
  39                         }
  40                 next if (!$w);
  41                 local %ingroup;
  42                 foreach $g (@{$h->{'groups'}}) {
  43                         map { $ingroup{$_}++ } @{$g->{'members'}};
  44                         }
  45                 local @m = $ingroup{$w->{'name'}} ? @{$w->{'ownmods'}}
  46                                                   : @{$w->{'modules'}};
  47                 push(@hosts, $h) if (&indexof($in{'_acl_mod'}, @m) >= 0 ||
  48                                      !$in{'_acl_mod'});
  49                 }
  50         print "<b>",&text('acl_doing', $who),"</b><p>\n";
  51         }
  52 else {
  53         # Doing on just one host
  54         @hosts = grep { $_->{'id'} == $in{'_acl_host'} } @allhosts;
  55         local ($s) = grep { $_->{'id'} == $hosts[0]->{'id'} } @servers;
  56         print "<b>",&text('acl_doing2', $who, &server_name($s)),"</b><p>\n";
  57         }
  58 $p = 0;
  59 foreach $h (@hosts) {
  60         local ($s) = grep { $_->{'id'} == $h->{'id'} } @servers;
  61         local ($rh = "READ$p", $wh = "WRITE$p");
  62         pipe($rh, $wh);
  63         if (!fork()) {
  64                 close($rh);
  65                 &remote_foreign_require($s->{'host'}, "acl", "acl-lib.pl");
  66                 if ($user_error_msg) {
  67                         # Host is down
  68                         print $wh &serialise_variable([ 0, $user_error_msg ]);
  69                         exit;
  70                         }
  71
  72                 # Save the .acl file
  73                 local $cd = &remote_eval($s->{'host'}, "acl",
  74                                          '$config_directory');
  75                 $sfx = $in{'_acl_user'} ? "acl" : "gacl";
  76                 &remote_foreign_call($s->{'host'}, "acl", "write_file",
  77                         "$cd/$in{'_acl_mod'}/$who.$sfx", \%maccess);
  78
  79                 # Recursively update the ACL for all member users and groups
  80                 if ($in{'_acl_group'}) {
  81                         local ($group) = grep { $_->{'name'} eq $in{'_acl_group'} }
  82                                               @{$h->{'groups'}};
  83                         &remote_foreign_call($s->{'host'}, "acl", "set_acl_files",
  84                                 $h->{'users'}, $h->{'groups'}, $in{'_acl_mod'},
  85                                 $group->{'members'}, \%maccess);
  86                         }
  87
  88                 print $wh &serialise_variable([ 1 ]);
  89                 exit;
  90                 }
  91         close($wh);
  92         $p++;
  93         }
  94
  95 # Read back the results
  96 $p = 0;
  97 foreach $h (@hosts) {
  98         local ($s) = grep { $_->{'id'} == $h->{'id'} } @servers;
  99         local $d = &server_name($s);
 100         local $rh = "READ$p";
 101         local $line = <$rh>;
 102         local $rv = &unserialise_variable($line);
 103         close($rh);
 104
 105         if ($rv && $rv->[0] == 1) {
 106                 # It worked
 107                 print &text('acl_success', $d),"<br>\n";
 108                 }
 109         else {
 110                 # Something went wrong
 111                 print &text('acl_failed', $d, $rv->[1]),"<br>\n";
 112                 }
 113         $p++;
 114         }
 115
 116 print "<p><b>$text{'acl_done'}</b><p>\n";
 117
 118 &remote_finished();
 119 &ui_print_footer("", $text{'index_return'},
 120         $in{'_acl_user'} ? ( "edit_user.cgi?user=$in{'_acl_user'}&host=$in{'_acl_host'}", $text{'user_return'} ) : ( "edit_group.cgi?group=$in{'_acl_group'}&host=$in{'_acl_host'}", $text{'group_return'} ));
 121