itsecur-firewall/save_user.cgi

   1 #!/usr/bin/perl
   2 # save_user.cgi
   3 # Create, update or delete a Webmin user
   4
   5 require './itsecur-lib.pl';
   6 &foreign_require("acl", "acl-lib.pl");
   7 &can_edit_error("users");
   8 &ReadParse();
   9 &lock_itsecur_files();
  10 @users = &acl::list_users();
  11 if (!$in{'new'}) {
  12         ($user) = grep { $_->{'name'} eq $in{'old'} } @users;
  13         }
  14
  15 if ($in{'delete'}) {
  16         # Delete him
  17         &automatic_backup();
  18         &acl::delete_user($user->{'name'});
  19         }
  20 else {
  21         # Validate and store inputs
  22         &error_setup($text{'user_err'});
  23         $in{'name'} || &error($text{'user_ename'});
  24         $in{'name'} =~ /^[A-z0-9\-\_\.]+$/ ||
  25                 &error(&acl::text('save_ename', $in{'name'}));
  26         $in{'name'} eq 'webmin' && &error($acl::text{'save_enamewebmin'});
  27         if (!$in{'old'} || $in{'old'} ne $in{'name'}) {
  28                 foreach $u (@users, &acl::list_groups()) {
  29                         if ($u->{'name'} eq $in{'name'}) {
  30                                 &error(&acl::text('save_edup', $in{'name'}));
  31                                 }
  32                         }
  33                 }
  34         $user->{'name'} = $in{'name'};
  35         if (!$in{'same'}) {
  36                 if (defined(&acl::encrypt_password)) {
  37                         $user->{'pass'} = &acl::encrypt_password($in{'pass'});
  38                         }
  39                 else {
  40                         $salt = substr(time(), -8);
  41                         $user->{'pass'} = crypt($in{'pass'}, $salt);
  42                         }
  43                 }
  44         $locked = ($user->{'pass'} =~ /^\*LK\*/);
  45         if ($in{'enabled'} && $locked) {
  46                 $user->{'pass'} = substr($user->{'pass'}, 4);
  47                 }
  48         elsif (!$in{'enabled'} && !$locked) {
  49                 $user->{'pass'} = "*LK*".$user->{'pass'};
  50                 }
  51
  52         # Validate and save IPs
  53         if ($in{'ipmode'}) {
  54                 @hosts = split(/\s+/, $in{"ips"});
  55                 if (!@hosts) { &error($acl::text{'save_enone'}); }
  56                 foreach $h (@hosts) {
  57                         if ($h =~ /^([0-9\.]+)\/([0-9\.]+)$/) {
  58                                 &check_ipaddress($1) ||
  59                                         &error(&acl::text('save_enet', $1));
  60                                 &check_ipaddress($2) ||
  61                                         &error(&acl::text('save_emask', $2));
  62                                 $i = $h;
  63                                 }
  64                         elsif ($h =~ /^[0-9\.]+$/) {
  65                                 &check_ipaddress($h) ||
  66                                         &error(&acl::text('save_eip', $h));
  67                                 $i = $h;
  68                                 }
  69                         elsif ($h =~ /^\*\.(\S+)$/) {
  70                                 $i = $h;
  71                                 }
  72                         elsif ($h eq 'LOCAL') {
  73                                 $i = 'LOCAL';
  74                                 }
  75                         elsif (!($i = join('.',unpack("CCCC",inet_aton($h))))) {
  76                                 &error(&acl::text('save_ehost', $h));
  77                                 }
  78                         push(@ips, $i);
  79                         }
  80                 }
  81         delete($user->{'allow'});
  82         delete($user->{'deny'});
  83         if ($in{'ipmode'} == 1) {
  84                 $user->{'allow'} = join(" ", @ips);
  85                 }
  86         elsif ($in{'ipmode'} == 2) {
  87                 $user->{'deny'} = join(" ", @ips);
  88                 }
  89
  90         &automatic_backup();
  91
  92         $user->{'modules'} = [ split(/\0/, $in{'mods'}) ];
  93         if ($in{'new'}) {
  94                 # Create the user
  95                 &acl::create_user($user);
  96                 }
  97         else {
  98                 # Modify the user
  99                 &acl::modify_user($in{'old'}, $user);
 100                 }
 101
 102         # Update his ACL
 103         require "./acl_security.pl";
 104         %uaccess = &get_module_acl($in{'name'});
 105         &acl_security_save(\%uaccess);
 106         if ($in{'new'}) {
 107                 $uaccess{'noconfig'} = 1;
 108                 }
 109         &save_module_acl(\%uaccess, $in{'name'});
 110         }
 111 &acl::restart_miniserv();
 112 &unlock_itsecur_files();
 113 &remote_webmin_log($in{'delete'} ? "delete" : $in{'new'} ? "create" : "update",
 114             "user", $user->{'name'}, $user);
 115 &redirect("list_users.cgi");
 116