#!/usr/local/bin/perl # save_user.cgi # Updates an existing user across multiple servers require './cluster-useradmin-lib.pl'; require 'timelocal.pl'; &error_setup($text{'usave_err'}); &ReadParse(); &foreign_require("useradmin", "user-lib.pl"); # Strip out \n characters in inputs $in{'real'} =~ s/\r|\n//g; $in{'user'} =~ s/\r|\n//g; $in{'pass'} =~ s/\r|\n//g; $in{'encpass'} =~ s/\r|\n//g; $in{'home'} =~ s/\r|\n//g; $in{'gid'} =~ s/\r|\n//g; $in{'uid'} =~ s/\r|\n//g; $in{'othersh'} =~ s/\r|\n//g; # Validate username $user{'user'} = $in{'user'}; $in{'user'} =~ /^[^:\t]+$/ || &error(&text('usave_ebadname', $in{'user'})); $err = &useradmin::check_username_restrictions($in{'user'}); &error($err) if ($err); # Get host and old user @hosts = &list_useradmin_hosts(); @servers = &list_servers(); ($host) = grep { $_->{'id'} == $in{'id'} } @hosts; if ($in{'user'} ne $in{'olduser'}) { # Renaming .. check for clash foreach $h (@hosts) { local $ou = grep { $_->{'user'} eq $in{'olduser'} } @{$h->{'users'}}; local $nu = grep { $_->{'user'} eq $in{'user'} } @{$h->{'users'}}; local ($serv) = grep { $_->{'id'} == $h->{'id'} } @servers; &error(&text('usave_einuse', $serv->{'host'})) if ($ou && $nu) } } # Validate basic inputs $in{'uid_def'} || $in{'uid'} =~ /^[0-9]+$/ || &error(&text('usave_euid', $in{'uid'})); $in{'real_def'} || $in{'real'} =~ /^[^:]*$/ || &error(&text('usave_ereal', $in{'real'})); $in{'gid_def'} || defined(getgrnam($in{'gid'})) || &error(&text('usave_egid', $in{'gid'})); if ($uconfig{'extra_real'}) { $in{'office_def'} || $in{'office'} =~ /^[^:]*$/ || &error($text{'usave_eoffice'}); $in{'workph_def'} || $in{'workph'} =~ /^[^:]*$/ || &error($text{'usave_eworkph'}); $in{'homeph_def'} || $in{'homeph'} =~ /^[^:]*$/ || &error($text{'usave_ehomeph'}); } $in{'home_def'} || $in{'home'} =~ /^\// || &error(&text('usave_ehome', $in{'home'})); # Validate password if ($in{'passmode'} == 3) { local $err = &useradmin::check_password_restrictions( $in{'pass'}, $user{'user'}); &error($err) if ($err); } $pft = &foreign_call("useradmin", "passfiles_type"); if ($pft == 2) { # Validate shadow-password inputs if (!$in{'expire_def'} && $in{'expired'} ne "" && $in{'expirem'} ne "" && $in{'expirey'} ne "") { eval { $expire = timelocal(0, 0, 12, $in{'expired'}, $in{'expirem'}-1, $in{'expirey'}-1900); }; if ($@) { &error($text{'usave_eexpire'}); } $expire = int($expire / (60*60*24)); } else { $expire = ""; } $in{'min_def'} || $in{'min'} =~ /^[0-9]*$/ || &error(&text('usave_emin', $in{'min'})); $in{'max_def'} || $in{'max'} =~ /^[0-9]*$/ || &error(&text('usave_emax', $in{'max'})); $in{'warn_def'} || $in{'warn'} =~ /^[0-9]*$/ || &error(&text('usave_ewarn', $in{'warn'})); $in{'inactive_def'} || $in{'inactive'} =~ /^[0-9]*$/ || &error(&text('usave_einactive', $in{'inactive'})); } elsif ($pft == 1 || $pft == 6) { # Validate BSD password inputs if (!$in{'expire_def'} && $in{'expired'} ne "" && $in{'expirem'} ne "" && $in{'expirey'} ne "") { eval { $expire = timelocal(59, $in{'expiremi'}, $in{'expireh'}, $in{'expired'}, $in{'expirem'}-1, $in{'expirey'}-1900); }; if ($@) { &error($text{'usave_eexpire'}); } } else { $expire = ""; } if (!$in{'change_def'} && $in{'changed'} ne "" && $in{'changem'} ne "" && $in{'changey'} ne "") { eval { $change = timelocal(59, $in{'changemi'}, $in{'changeh'}, $in{'changed'}, $in{'changem'}-1, $in{'changey'}-1900); }; if ($@) { &error($text{'usave_echange'}); } } else { $change = ""; } $in{'class_def'} || $in{'class'} =~ /^([^: ]*)$/ || &error(&text('usave_eclass', $in{'class'})); } elsif ($pft == 4) { # Validate AIX password inputs if (!$in{'expire_def'} && $in{'expired'} ne "" && $in{'expirem'} ne "" && $in{'expirey'} ne "" ) { # Add a leading zero if only 1 digit long $in{'expirem'} =~ s/^(\d)$/0$1/; $in{'expired'} =~ s/^(\d)$/0$1/; $in{'expireh'} =~ s/^(\d)$/0$1/; $in{'expiremi'} =~ s/^(\d)$/0$1/; # Only use the last two digits of the year $in{'expirey'} =~ s/^\d\d(\d\d)$/$1/; # If the user didn't choose the hour and min make them 01 $in{'expireh'} = "01" if $in{'expireh'} eq ""; $in{'expiremi'} = "01" if $in{'expiremi'} eq ""; $expire="$in{'expirem'}$in{'expired'}$in{'expireh'}$in{'expiremi'}$in{'expirey'}"; } else { $expire = ""; } } # Validate groups foreach $h (@hosts) { map { $hasgroup{$_->{'group'}}++ } @{$h->{'groups'}}; } @check = $in{'sgid_def'} == 1 ? split(/\s+/, $in{'sgidadd'}) : $in{'sgid_def'} == 2 ? split(/\s+/, $in{'sgiddel'}) : ( ); foreach $c (@check) { $hasgroup{$c} || &error(&text('usave_esecgid', $c)); } # Setup error handler for down hosts sub mod_error { $mod_error_msg = join("", @_); } &remote_error_setup(\&mod_error); # Do the changes across all hosts &ui_print_header(undef, $text{'uedit_title'}, ""); $crypted = &foreign_call("useradmin", "encrypt_password", $in{'pass'}); foreach $host (@hosts) { $mod_error_msg = undef; ($user) = grep { $_->{'user'} eq $in{'olduser'} } @{$host->{'users'}}; next if (!$user); local ($serv) = grep { $_->{'id'} == $host->{'id'} } @servers; print "",&text('usave_uon', $serv->{'desc'} ? $serv->{'desc'} : $serv->{'host'}),"

\n"; print "

\n"; next; } local @ulist = &remote_foreign_call($serv->{'host'}, "useradmin", "list_users"); ($user) = grep { $_->{'user'} eq $in{'olduser'} } @ulist; if (!$user) { # No longer exists? print "$text{'usave_gone'}

\n"; print "\n"; next; } local %ouser = %$user; # Update changed fields $user->{'user'} = $in{'user'}; $user->{'olduser'} = $ouser{'user'}; $user->{'uid'} = $in{'uid'} if (!$in{'uid_def'}); if ($uconfig{'extra_real'}) { local @real = split(/,/, $user->{'real'}); $real[0] = $in{'real'} if (!$in{'real_def'}); $real[1] = $in{'office'} if (!$in{'office_def'}); $real[2] = $in{'workph'} if (!$in{'workph_def'}); $real[3] = $in{'homeph'} if (!$in{'homeph_def'}); $real[4] = $in{'extra'} if (!$in{'extra_def'}); $user->{'real'} = join(",", @real); } else { $user->{'real'} = $in{'real'} if (!$in{'real_def'}); } if ($in{'home_def'} == 2) { $user->{'home'} = &auto_home_dir($uconfig{'home_base'}, $in{'user'}); } elsif ($in{'home_def'} == 0) { $user->{'home'} = $in{'home'}; } $user->{'shell'} = $in{'shell'} if (!$in{'shell_def'}); if ($in{'passmode'} == 0) { $user->{'pass'} = ""; } elsif ($in{'passmode'} == 1) { $user->{'pass'} = $uconfig{'lock_string'}; } elsif ($in{'passmode'} == 2) { $user->{'pass'} = $in{'encpass'}; } elsif ($in{'passmode'} == 3) { $user->{'pass'} = $crypted; } $user->{'passmode'} = $in{'passmode'} < 0 ? 2 : $in{'passmode'}; $user->{'gid'} = getgrnam($in{'gid'}) if (!$in{'gid_def'}); if ($pft == 1 || $pft == 6) { # Save BSD password inputs $user->{'expire'} = $expire if (!$in{'expire_def'}); $user->{'change'} = $change if (!$in{'change_def'}); $user->{'class'} = $in{'class'} if (!$in{'class_def'}); } elsif ($pft == 2) { # Save shadow password inputs $user->{'min'} = $in{'min'} if (!$in{'min_def'}); $user->{'max'} = $in{'max'} if (!$in{'max_def'}); $user->{'warn'} = $in{'warn'} if (!$in{'warn_def'}); $user->{'inactive'} = $in{'inactive'} if (!$in{'inactive_def'}); $user->{'expire'} = $expire if (!$in{'expire_def'}); $user->{'change'} = 0 if ($in{'forcechange'}); } elsif ($pft == 4) { # Save AIX password inputs if (!$in{'flags_def'}) { $user->{'admin'} = $in{'flags'} =~ /admin/; $user->{'admchg'} = $in{'flags'} =~ /admchg/; $user->{'nocheck'} = $in{'flags'} =~ /nocheck/; } $user->{'expire'} = $expire if (!$in{'expire_def'}); $user->{'min'} = $in{'min'} if (!$in{'min_def'}); $user->{'max'} = $in{'max'} if (!$in{'max_def'}); $user->{'warn'} = $in{'warn'} if (!$in{'warn_def'}); } # Run the pre-change command $envpass = $in{'passmode'} == 3 ? $in{'pass'} : undef; &remote_eval($serv->{'host'}, "useradmin", <{'host'}, "useradmin", "making_changes"); if (defined($merr)) { print &text('usave_emaking', "$merr"),"

\n"; print "\n"; next; } # Update the user on the server print "$text{'usave_update'}
\n"; &remote_foreign_call($serv->{'host'}, "useradmin", "modify_user", \%ouser, $user); print "$text{'udel_done'}

\n"; # Make file changes if ($in{'servs'} || $host eq $hosts[0]) { if ($ouser{'home'} ne $user->{'home'} && $in{'movehome'}) { print "$text{'usave_move'}
\n"; &remote_eval($serv->{'host'}, "useradmin", "-d '$ouser{'home'}' && !-e '$user->{'home'}' && system(\"mv -f '$ouser{'home'}' '$user->{'home'}'\")"); print "$text{'udel_done'}

\n"; } if ($ouser{'gid'} ne $user->{'gid'}) { if ($in{'chgid'} == 1) { print "$text{'usave_gid'}
\n"; &remote_foreign_call( $serv->{'host'}, "useradmin", "recursive_change", $user->{'home'}, $ouser{'uid'}, $ouser{'gid'}, -1, $user->{'gid'}); print "$text{'udel_done'}

\n"; } else { print "$text{'usave_gid'}
\n"; &remote_foreign_call( $serv->{'host'}, "useradmin", "recursive_change", "/", $ouser{'uid'}, $ouser{'gid'}, -1, $user->{'gid'}); print "$text{'udel_done'}

\n"; } } if ($ouser{'uid'} ne $user->{'uid'}) { if ($in{'chuid'} == 1) { print "$text{'usave_uid'}
\n"; &remote_foreign_call( $serv->{'host'}, "useradmin", "recursive_change", $user->{'home'}, $ouser{'uid'}, -1, $user->{'uid'}, -1); print "$text{'udel_done'}

\n"; } else { print "$text{'usave_uid'}
\n"; &remote_foreign_call( $serv->{'host'}, "useradmin", "recursive_change", "/", $ouser{'uid'}, -1, $user->{'uid'}, -1); print "$text{'udel_done'}

\n"; } } } # Rename user in secondary groups local @glist; if ($in{'sgid_def'} || $user->{'user'} ne $ouser{'user'}) { @glist = &remote_foreign_call($serv->{'host'}, "useradmin", "list_groups"); } if ($user->{'user'} ne $ouser{'user'}) { print "$text{'usave_rgroups'}
\n"; foreach $group (@glist) { local @mems = split(/,/, $group->{'members'}); local $idx = &indexof($ouser{'user'}, @mems); if ($idx >= 0) { local %ogroup = %$group; $mems[$idx] = $user->{'user'}; $group->{'members'} = join(",", @mems); &remote_foreign_call($serv->{'host'}, "useradmin", "modify_group", \%ogroup, $group); } } print "$text{'udel_done'}

\n"; } # Save secondary group information if ($in{'sgid_def'} == 1) { # Add to some groups print "$text{'usave_groups'}
\n"; foreach $g (split(/\s+/, $in{'sgidadd'})) { local ($group) = grep { $_->{'group'} eq $g } @glist; if ($group) { local %ogroup = %$group; local @m = &unique(split(/,/, $group->{'members'}), $user->{'user'}); $group->{'members'} = join(",", @m); &remote_foreign_call($serv->{'host'}, "useradmin", "modify_group", \%ogroup, $group); } } print "$text{'udel_done'}

\n"; } elsif ($in{'sgid_def'} == 2) { # Remove from some groups print "$text{'udel_groups'}
\n"; foreach $g (split(/\s+/, $in{'sgiddel'})) { local ($group) = grep { $_->{'group'} eq $g } @glist; if ($group) { local %ogroup = %$group; local @m = grep { $_ ne $user->{'user'} } split(/,/, $group->{'members'}); $group->{'members'} = join(",", @m); &remote_foreign_call($serv->{'host'}, "useradmin", "modify_group", \%ogroup, $group); } } print "$text{'udel_done'}

\n"; } # Run post-change command &remote_foreign_call($serv->{'host'}, "useradmin", "made_changes"); if ($in{'others'}) { # Update the user in other modules print "$text{'usave_mothers'}
\n"; $user->{'passmode'} = $in{'passmode'}; if ($in{'passmode'} == 2 && $user->{'pass'} eq $ouser{'pass'}) { $user{'passmode'} = 4; } $user->{'plainpass'} = $in{'pass'} if ($in{'passmode'} == 3); &remote_foreign_call($serv->{'host'}, "useradmin", "other_modules", "useradmin_modify_user", $user, \%ouser); print "$text{'udel_done'}

\n"; } # Update in local list $host->{'users'} = \@ulist; if (@glist) { $host->{'groups'} = \@glist; } &save_useradmin_host($host); print "\n"; } &webmin_log("modify", "user", $user->{'user'}, $user); &ui_print_footer("", $text{'index_return'});