---- Changes since 1.380 ----
Re-wrote the user interface to use the new UI library functions, for a more consistent look.
-Added support for PAM includes, as used in modern Linux distributions.
+Added support for two types of PAM includes, as used in modern Linux distributions.
local $mn = $m->{'module'};
$mn =~ s/^.*\///;
local @cols;
- if ($m->{'control'} eq 'include') {
- # Including some other file
- push(@cols, "<a href='edit_inc.cgi?".
+ if ($m->{'include'}) {
+ # Second type of include, using @
+ push(@cols, "<a href='edit_atinc.cgi?".
"idx=$pam->{'index'}&midx=$m->{'index'}'>".
- &text('edit_inc', "<tt>$mn</tt>")."</a>");
+ &text('edit_inc',
+ "<tt>$m->{'include'}</tt>")."</a>");
@rtds = ( "colspan=4", "width=5%" );
}
else {
[ map { [ $_, $text{$_} ? "$_ ($text{$_})" : $_ ] }
&list_modules() ]);
$ptable .= " ";
- $ptable .= &ui_submit($text{'edit_addinc'}, "inc");
+ if (&include_style(\@pams) == 2) {
+ $ptable .= &ui_submit($text{'edit_addinc'}, "inc");
+ }
print &ui_table_row(undef, $ptable, 2);
print &ui_hidden_table_end();
print &ui_form_end();
}
+# Show section for other includes
+if (&include_style(\@pams) == 3) {
+ @incs = grep { $_->{'include'} } @{$pam->{'mods'}};
+ %inced = map { $_->{'include'}, 1 } @incs;
+ print &ui_form_start("save_incs.cgi");
+ print &ui_hidden("idx", $in{'idx'});
+ print &ui_hidden_table_start($text{'edit_iheader'}, "width=100%", 2,
+ "incs", @incs ? 1 : 0);
+ @grid = ( );
+ foreach $p (sort { $a->{'name'} cmp $b->{'name'} } @pams) {
+ $desc = $p->{'name'}." ".
+ ($p->{'desc'} || $text{'desc_'.$p->{'name'}});
+ push(@grid, &ui_checkbox("inc", $p->{'name'}, $desc,
+ $inced{$p->{'name'}}));
+ }
+ print &ui_table_row(undef, &ui_grid_table(\@grid, 2), 2);
+ print &ui_hidden_table_end();
+ print &ui_form_end([ [ undef, $text{'save'} ] ]);
+ }
+
# Delete whole service form
print "<hr>\n";
print &ui_form_start("delete_pam.cgi");
index_title=PAM Authentication
index_name=Service
index_desc=Description
-index_add=Add a new PAM service
+index_add=Add a new PAM service.
index_return=service list
index_none=No PAM configuration files were found on your system in the directory $1. Maybe PAM is not supported, or your <a href='$2'>module configuration</a> is incorrect.
edit_move=Move
edit_return=PAM service
edit_inc=Include service $1
+edit_iheader=Included PAM services
pam_pwdb.so=Unix password authentication
pam_securetty.so=Secure TTY check for root
log_inc_create=Added include $1 for service $2
log_inc_modify=Modified include $1 for service $2
log_inc_delete=Deleted include $1 for service $2
+log_incs=Updated includes for service $1
inc_edit=Edit Included Service
inc_create=Create Included Service
return &text("log_inc_$action", &html_escape($p->{'module'}),
&html_escape($object));
}
+elsif ($type eq 'incs') {
+ return &text('log_incs', &html_escape($p->{'module'}));
+ }
else {
return undef;
}
$serv->{'desc'} = $1;
}
s/#.*$//g;
- if (/^\s*(\S+)\s+(\S+)\s+(\S+)\s*(.*)$/) {
+ if (/^\s*\@include\s+(\S+)/) {
+ # Special include line
+ local $mod = { 'include' => $1,
+ 'line' => $lnum,
+ 'index' => @{$serv->{'mods'}}+0 };
+ push(@{$serv->{'mods'}}, $mod);
+ }
+ elsif (/^\s*(\S+)\s+\[([^\]*\]\s+(\S+)\s*(.*)$/) {
+ # Line with special rules .. ignore for now
+ }
+ elsif (/^\s*(\S+)\s+(\S+)\s+(\S+)\s*(.*)$/) {
+ # Regular line
local $mod = { 'type' => $1, 'control' => $2,
'module' => $3, 'args' => $4,
'line' => $lnum,
# Returns text for a PAM module line
sub module_line
{
-local $l = join("\t", $_[0]->{'type'}, $_[0]->{'control'}, $_[0]->{'module'});
-$l .= "\t$_[0]->{'args'}" if ($_[0]->{'args'});
-return $l;
+if ($_[0]->{'include'}) {
+ # Special include line
+ return "\@include ".$_[0]->{'include'};
+ }
+else {
+ # A regular module
+ local $l = join("\t", $_[0]->{'type'}, $_[0]->{'control'},
+ $_[0]->{'module'});
+ $l .= "\t$_[0]->{'args'}" if ($_[0]->{'args'});
+ return $l;
+ }
}
# list_modules()
return &unique(@rv);
}
+# include_style(&pam)
+# Returns 1 if includes are done with pam_stack.so, 2 if done with include
+# lines, 3 if done with @include, 0 if not supported
+sub include_style
+{
+local ($pam) = @_;
+local @allmods = map { @{$_->{'mods'}} } @$pam;
+local ($atinc) = grep { $_->{'include'} } @allmods;
+local ($inc) = grep { $_->{'control'} eq 'include' } @allmods;
+local ($stack) = grep { $_ eq "pam_stack.so" } &list_modules();
+return $atinc ? 3 : $inc ? 2 : $stack ? 1 : 0;
+}
+
1;
--- /dev/null
+#!/usr/local/bin/perl
+# Update the @includes for some service
+
+require './pam-lib.pl';
+&error_setup($text{'incs_err'});
+&ReadParse();
+@pams = &get_pam_config();
+$pam = $pams[$in{'idx'}];
+&lock_file($pam->{'file'});
+
+# Add to, update or remove existing includes
+@oldincs = grep { $_->{'include'} } @{$pam->{'mods'}};
+@newincs = split(/\0/, $in{'inc'});
+for($i=0; $i<@oldincs || $i<@newincs; $i++) {
+ if ($oldincs[$i] && $newincs[$i]) {
+ # Just update
+ $oldincs[$i]->{'include'} = $newincs[$i];
+ &modify_module($pam->{'name'}, $oldincs[$i]);
+ }
+ elsif ($newincs[$i]) {
+ # Add to file
+ &create_module($pam->{'name'}, { 'include' => $newincs[$i] });
+ }
+ elsif ($oldincs[$i]) {
+ # Remove from file
+ &delete_module($pam->{'name'}, $oldincs[$i]);
+ }
+ }
+
+&unlock_file($pam->{'file'});
+&webmin_log("modify", "incs", $pam->{'name'});
+&redirect("");
+