2 # Execute create/modify/delete group commands in a batch file
4 require './user-lib.pl';
5 $access{'batch'} || &error($text{'gbatch_ecannot'});
6 if ($ENV{'REQUEST_METHOD'} eq 'GET') {
12 if ($in{'source'} == 0) {
14 $data =~ /\S/ || &error($text{'batch_efile'});
16 elsif ($in{'source'} == 1) {
17 open(LOCAL, $in{'local'}) || &error($text{'batch_elocal'});
23 elsif ($in{'source'} == 2) {
25 $data =~ /\S/ || &error($text{'batch_etext'});
28 &ui_print_unbuffered_header(undef, $text{'gbatch_title'}, "");
30 # Force defaults for save options
31 $in{'chgid'} = 1 if (!$access{'chgid'});
33 # Work out a good base GID for new groups
34 &build_group_used(\%gused, \%gtaken);
35 $newgid = int($config{'base_gid'} > $access{'lowgid'} ?
36 $config{'base_gid'} : $access{'lowgid'});
39 &batch_start() if ($in{'batch'});
41 $lnum = $created = $modified = $deleted = 0;
43 $pft = &passfiles_type();
44 foreach $line (split(/[\r\n]+/, $data)) {
46 $line =~ s/^\s*#.*$//;
47 next if ($line !~ /\S/);
48 local @line = split(/:/, $line, -1);
50 if ($line[0] eq 'create') {
51 # Creating a new group
55 print &text('batch_eline', $lnum),"\n";
59 print &text('batch_elen', $lnum, 5),"\n";
62 if ($line[1] !~ /^[^:\t]+$/) {
63 print &text('gbatch_egroupname', $lnum),"\n";
66 $group{'group'} = $line[1];
68 if ($gtaken{$group{'group'}}) {
69 print &text('gbatch_egroup', $lnum,
70 $group{'group'}),"\n";
73 if ($line[3] !~ /^\d+$/) {
75 while($gused{$newgid}) {
78 $group{'gid'} = $newgid;
82 if ($gused{$line[3]} && !$access{'gmultiple'}) {
83 print &text('gbatch_ecaccess', $lnum,
84 $text{'gsave_egidused2'}),"\n";
87 $group{'gid'} = $line[3];
89 $gused{$group{'gid'}}++;
90 $group{'members'} = $line[4];
92 # Check access control restrictions
93 if (!$access{'gcreate'}) {
94 print &text('gbatch_ecaccess', $lnum,
95 $text{'gsave_ecreate'});
98 local $ch = &check_group(\%group);
100 print &text('gbatch_ecaccess', $lnum, $ch),"\n";
104 if ($line[2] eq '') {
107 $group{'passmode'} = 0;
111 $group{'pass'} = &encrypt_password($line[2]);
112 $group{'passmode'} = 3;
113 $group{'plainpass'} = $line[2];
116 # Run the before command
117 &set_user_envs(\%group, 'CREATE_GROUP');
118 $merr = &making_changes();
119 &error(&text('gsave_emaking', "<tt>$merr</tt>"))
123 &create_group(\%group);
128 # Call other modules, ignoring any failures
131 &other_modules("useradmin_create_group", \%group)
132 if ($access{'cothers'} == 1 && $in{'others'} ||
133 $access{'cothers'} == 0);
138 print "<b>",&text('gbatch_created', $group{'group'}),"</b>\n";
139 print "<b><i>",&text('batch_eother', $other_err),"</i></b>\n"
143 elsif ($line[0] eq 'delete') {
144 # Deleting an existing group
146 print &text('batch_elen', $lnum, 2),"\n";
149 local @glist = &list_groups();
150 local ($group) = grep { $_->{'group'} eq $line[1] } @glist;
152 print &text('gbatch_enogroup', $lnum, $line[1]),"\n";
156 # Check if deletion is allowed
157 if (!&can_edit_group(\%access, $group)) {
158 print &text('gbatch_edaccess', $lnum,
159 $text{'gdel_egroup'}),"\n";
162 if (!$config{'delete_root'} && $group->{'gid'} <= 10) {
163 print &text('gbatch_edaccess', $lnum,
164 $text{'gdel_egroup'}),"\n";
168 # Check if has primary members
170 foreach $u (&list_users()) {
171 if ($u->{'gid'} == $group->{'gid'}) {
177 print &text('gbatch_eprimary', $lnum,
178 $prim->{'user'}),"\n";
182 # Run the before command
183 &set_user_envs($group, 'DELETE_GROUP');
184 $merr = &making_changes();
185 &error(&text('usave_emaking', "<tt>$merr</tt>"))
188 # Delete from other modules, ignoring errors
191 &other_modules("useradmin_delete_group", $group)
192 if ($access{'dothers'} == 1 && $in{'others'} ||
193 $access{'dothers'} == 0);
198 # Delete the user entry
199 &delete_group($group);
203 print "<b>",&text('gbatch_deleted',$group->{'group'}),"</b>\n";
204 print "<b><i>",&text('batch_eother', $other_err),"</i></b>\n"
208 elsif ($line[0] eq 'modify') {
209 # Modifying an existing group
211 print &text('batch_elen', $lnum, 6),"\n";
214 local @glist = &list_groups();
215 local ($group) = grep { $_->{'group'} eq $line[1] } @glist;
217 print &text('gbatch_enogroup', $lnum, $line[1]),"\n";
220 %oldgroup = %group = %$group;
221 $user{'olduser'} = $user->{'user'};
222 if (!&can_edit_group(\%access, \%group)) {
223 print &text('gbatch_emaccess', $lnum,
224 $text{'gsave_eedit'}),"\n";
228 # Update supplied fields
229 if ($line[2] ne '') {
230 if (!$access{'grename'}) {
231 print &text('gbatch_erename',
232 $lnum, $line[1]),"\n";
234 $group{'group'} = $line[2];
236 if ($line[3] ne '') {
237 # New normal password
238 $group{'pass'} = &encrypt_password($line[3]);
239 $group{'passmode'} = 3;
240 $group{'plainpass'} = $line[3];
244 $group{'passmode'} = 4;
246 $group{'gid'} = $line[4] if ($line[4] ne '');
247 if ($line[5] =~ /^\s+$/ || $line[5] eq 'NONE') {
249 $group{'members'} = '';
252 $group{'members'} = $line[5];
255 # Check access control restrictions
256 local $ch = &check_group(\%group, \%oldgroup);
258 print &text('gbatch_emaccess', $lnum, $ch),"\n";
262 # Run the before command
263 &set_user_envs(\%group, 'MODIFY_GROUP');
264 $merr = &making_changes();
265 &error(&text('usave_emaking', "<tt>$merr</tt>"))
269 if ($oldgroup{'gid'} != $group{'gid'} && $in{'chgid'}) {
270 if ($in{'chgid'} == 1) {
271 # Do all the home directories of members
272 &change_all_home_groups(
273 $oldgroup{'gid'}, $group{'gid'},
274 [ split(/,/, $group{'members'}) ]);
277 # Do all files in this group from the root dir
278 &recursive_change("/", -1, $oldgroup{'gid'},
283 # Actually modify the group
284 &modify_group(\%oldgroup, \%group);
287 # Modify in other modules, ignoring errors
290 &other_modules("groupadmin_modify_group",
292 if ($access{'mothers'} == 1 && $in{'others'} ||
293 $access{'mothers'} == 0);
298 print "<b>",&text('batch_modified',$oldgroup{'group'}),"</b>\n";
299 print "<b><i>",&text('batch_eother', $other_err),"</i></b>\n"
304 print &text('batch_eaction', $lnum, $line[0]),"\n";
309 &batch_end() if ($in{'batch'});
310 &unlock_user_files();
311 &webmin_log("gbatch", undef, $in{'source'} == 1 ? $in{'local'} : undef,
312 { 'created' => $created, 'modified' => $modified,
313 'deleted' => $deleted, 'lnum' => $lnum } );
315 &ui_print_footer("gbatch_form.cgi", $text{'batch_return'},
316 "index.cgi?mode=groups", $text{'index_return'});
318 # check_group(\%group, [\%oldgroup])
319 # Check access control restrictions for a group
322 # check if gid is within range
323 if ($access{'lowgid'} && $_[0]->{'gid'} < $access{'lowgid'}) {
324 return &text('usave_elowgid', $access{'lowuid'});
326 if ($access{'hiuid'} && $_[0]->{'uid'} > $access{'hiuid'}) {
327 return &text('usave_ehiuid', $access{'hiuid'});
329 if ($_[1] && !$access{'ggid'} && $_[1]->{'gid'} != $_[0]->{'gid'}) {
330 return $text{'gsave_eggid'};