Group restriction by GID range

diff --git a/quota/CHANGELOG b/quota/CHANGELOG
index 2176561..33e3223 100644 (file)
--- a/quota/CHANGELOG
+++ b/quota/CHANGELOG
@@ -37,3 +37,5 @@ Email to users and groups who are over quota on some filesystem can also be Cc'd
 ---- Changes since 1.440 ----
 Converted all pages to use the new Webmin UI library, for a more consistent look. Also split the Filesystem Quotas page into tabs.
 Converted commands in the module's API file to POD format, and added more details about each function.
+---- Changes since 1.480 ----
+Added a module access control option to restrict allowed groups by GID range.

diff --git a/quota/acl_security.pl b/quota/acl_security.pl
index 1bbf8f1..017aeb7 100644 (file)
--- a/quota/acl_security.pl
+++ b/quota/acl_security.pl
@@ -100,6 +100,11 @@ if ($groups) {
                    &ui_textbox("gcannot",
                        $_[0]->{'gmode'} == 2 ? $_[0]->{'groups'} : "", 40)." ".
                    &group_chooser_button("gcannot", 1) ],
+                 [ 4, $text{'acl_ggid'},
+                   &ui_textbox("gmin",
+                       $_[0]->{'gmode'} == 4 ? $_[0]->{'gmin'} : "", 6)." - ".
+                   &ui_textbox("gmax",
+                       $_[0]->{'gmode'} == 4 ? $_[0]->{'gmax'} : "", 6) ]
                ]), 3);
        }
 }
@@ -124,7 +129,10 @@ $_[0]->{'umin'} = $in{'umin'};
 $_[0]->{'umax'} = $in{'umax'};
 $_[0]->{'gmode'} = $in{'gmode'};
 $_[0]->{'groups'} = $in{'gmode'} == 0 ? "" :
-                   $in{'gmode'} == 1 ? $in{'gcan'} : $in{'gcannot'};
+                   $in{'gmode'} == 1 ? $in{'gcan'} :
+                   $in{'gmode'} == 2 ? $in{'gcannot'} : "";
+$_[0]->{'gmin'} = $in{'gmin'};
+$_[0]->{'gmax'} = $in{'gmax'};
 $_[0]->{'enable'} = $in{'enable'};
 $_[0]->{'default'} = $in{'default'};
 $_[0]->{'email'} = $in{'email'};

diff --git a/quota/lang/en b/quota/lang/en
index d93164a..292835b 100644 (file)
--- a/quota/lang/en
+++ b/quota/lang/en
@@ -20,6 +20,7 @@ acl_gnone= No groups
 acl_gonly= Only groups
 acl_gexcept= All except groups
 acl_uuid=Users with UID in range
+acl_ggid=Groups with GID in range
 acl_maxblocks=Maximum grantable block quota
 acl_maxfiles=Maximum grantable file quota
 acl_unlimited=Unlimited

diff --git a/quota/quota-lib.pl b/quota/quota-lib.pl
index bd90c55..a7675e6 100755 (executable)
--- a/quota/quota-lib.pl
+++ b/quota/quota-lib.pl
@@ -409,8 +409,7 @@ elsif ($access{'umode'} == 4) {
               (!$access{'umax'} || $u[2] <= $access{'umax'});
        }
 else {
-       local ($u, %ucan);
-       map { $ucan{$_}++ } split(/\s+/, $access{'users'});
+       local %ucan = map { $_, 1 } split(/\s+/, $access{'users'});
        return $access{'umode'} == 1 && $ucan{$_[0]} ||
               $access{'umode'} == 2 && !$ucan{$_[0]};
        }
@@ -423,12 +422,22 @@ Returns 1 if the current Webmin user can manage quotas for some Unix group.
 =cut
 sub can_edit_group
 {
-return 1 if ($access{'gmode'} == 0);
-return 0 if ($access{'gmode'} == 3);
-local ($g, %gcan);
-map { $gcan{$_}++ } split(/\s+/, $access{'groups'});
-return $access{'gmode'} == 1 && $gcan{$_[0]} ||
-       $access{'gmode'} == 2 && !$gcan{$_[0]};
+if ($access{'gmode'} == 0) {
+       return 1;
+       }
+elsif ($access{'gmode'} == 3) {
+       return 0;
+       }
+elsif ($access{'gmode'} == 4) {
+       local @g = getgrnam($_[0]);
+       return (!$access{'gmin'} || $g[2] >= $access{'gmin'}) &&
+              (!$access{'gmax'} || $g[2] <= $access{'gmax'});
+       }
+else {
+       local %gcan = map { $_, 1 } split(/\s+/, $access{'groups'});
+       return $access{'gmode'} == 1 && $gcan{$_[0]} ||
+              $access{'gmode'} == 2 && !$gcan{$_[0]};
+       }
 }
 
 =head2 filesystem_info(filesystem, &hash, count, [blocksize])