--- /dev/null
+#!/usr/local/bin/perl
+# Edit a PAM include for some service
+
+require './pam-lib.pl';
+&ReadParse();
+
+@pam = &get_pam_config();
+$pam = $pam[$in{'idx'}];
+if ($in{'midx'} ne '') {
+ $mod = $pam->{'mods'}->[$in{'midx'}];
+ $inc = $mod->{'module'};
+ $type = $mod->{'type'};
+ &ui_print_header(undef, $text{'inc_edit'}, "");
+ }
+else {
+ &ui_print_header(undef, $text{'inc_create'}, "");
+ $type = $in{'type'};
+ }
+
+
+print &ui_form_start("save_mod.cgi");
+print &ui_hidden("idx", $in{'idx'});
+print &ui_hidden("midx", $in{'midx'});
+print &ui_hidden("_type", $in{'type'});
+print &ui_table_start($text{'inc_header'}, undef, 2, [ "width=30%" ]);
+
+# PAM service name
+$t = $text{'desc_'.$pam->{'name'}};
+print &ui_table_row($text{'mod_name'},
+ "<tt>".&html_escape($pam->{'name'})."</tt> ".
+ ($pam->{'desc'} ? "($pam->{'desc'})" : $t ? "($t)" : ""));
+
+# Authentication step
+print &ui_table_row($text{'mod_type'},
+ $text{'mod_type_'.$type});
+
+# Included service
+print &ui_table_row($text{'inc_inc'},
+ &ui_select("inc", $inc,
+ [ map { [ $_->{'name'}, $text{'desc_'.$_->{'name'}} || $_->{'name'} ] }
+ @pam ], 1, 0, $inc ? 1 : 0));
+
+print &ui_table_end();
+
+if ($in{'midx'} ne '') {
+ print &ui_form_end([ [ undef, $text{'save'} ],
+ [ 'delete', $text{'delete'} ] ]);
+ }
+else {
+ print &ui_form_end([ [ undef, $text{'create'} ] ]);
+ }
+
+&ui_print_footer("edit_pam.cgi?idx=$in{'idx'}", $text{'edit_return'},
+ "", $text{'index_return'});
+
require './pam-lib.pl';
&ReadParse();
+if ($in{'inc'}) {
+ # Redirect to include form
+ &redirect("edit_inc.cgi?idx=$in{'idx'}&type=$in{'type'}");
+ return;
+ }
+
@pam = &get_pam_config();
$pam = $pam[$in{'idx'}];
if ($in{'midx'} ne '') {
}
-print "<form action=save_mod.cgi>\n";
-print "<input type=hidden name=idx value='$in{'idx'}'>\n";
-print "<input type=hidden name=midx value='$in{'midx'}'>\n";
-print "<input type=hidden name=_module value='$in{'module'}'>\n";
-print "<input type=hidden name=_type value='$in{'type'}'>\n";
+print &ui_form_start("save_mod.cgi");
+print &ui_hidden("idx", $in{'idx'});
+print &ui_hidden("midx", $in{'midx'});
+print &ui_hidden("_module", $in{'module'});
+print &ui_hidden("_type", $in{'type'});
+print &ui_table_start($text{'mod_header'}, undef, 4);
-print "<table border width=100%>\n";
-print "<tr $tb> <td><b>$text{'mod_header'}</b></td> </tr>\n";
-print "<tr $cb> <td><table width=100%>\n";
-
-print "<tr> <td><b>$text{'mod_name'}</b></td>\n";
+# PAM service name
$t = $text{'desc_'.$pam->{'name'}};
-print "<td><tt>",&html_escape($pam->{'name'}),"</tt> ",
- $pam->{'desc'} ? "($pam->{'desc'})" :
- $t ? "($t)" : "","</td>\n";
+print &ui_table_row($text{'mod_name'},
+ "<tt>".&html_escape($pam->{'name'})."</tt> ".
+ ($pam->{'desc'} ? "($pam->{'desc'})" : $t ? "($t)" : ""));
-print "<td><b>$text{'mod_mod'}</b></td>\n";
+# PAM module name
$t = $text{$module};
-print "<td><tt>$module</tt> ",$t ? "($t)" : "","</td> </tr>\n";
+print &ui_table_row($text{'mod_mod'},
+ "<tt>$module</tt> ".($t ? "($t)" : ""));
-print "<tr> <td><b>$text{'mod_type'}</b></td>\n";
-print "<td>",$text{'mod_type_'.$type},"</td>\n";
+print &ui_table_row($text{'mod_type'},
+ $text{'mod_type_'.$type});
-print "<td><b>$text{'mod_control'}</b></td>\n";
-print "<td><select name=control>\n";
-foreach $c ('required', 'requisite', 'sufficient', 'optional') {
- printf "<option value=%s %s>%s (%s)\n",
- $c, $mod->{'control'} eq $c ? 'selected' : '',
- $text{'control_'.$c}, $text{'control_desc_'.$c};
- }
-print "</select></td> </tr>\n";
+# Control mode
+print &ui_table_row($text{'mod_control'},
+ &ui_select("control", $mod->{'control'},
+ [ map { [ $_, $text{'control_'.$_}." (".
+ $text{'control_desc_'.$_}.")" ] }
+ ('required', 'requisite', 'sufficient', 'optional') ],
+ 1, 0, $in{'midx'} eq '' ? 0 : 1));
if (-r "./$module.pl") {
do "./$module.pl";
if (!$module_has_no_args) {
- print "<tr> <td colspan=4><hr></td> </tr>\n";
+ print &ui_table_hr();
foreach $a (split(/\s+/, $mod->{'args'})) {
if ($a =~ /^([^\s=]+)=(\S*)$/) {
$args{$1} = $2;
}
}
else {
- print "<tr> <td colspan=4><hr></td> </tr>\n";
- print "<tr> <td><b>$text{'mod_args'}</b></td>\n";
- print "<td colspan=3><input name=args size=50 ",
- "value='$mod->{'args'}'></td> </tr>\n";
+ # Text-only args
+ print &ui_table_hr();
+ print &ui_table_row($text{'mod_args'},
+ &ui_textbox("args", $mod->{'args'}, 60), 3);
}
-print "</table></td></tr></table>\n";
-print "<table width=100%><tr>\n";
-print "<td><input type=submit value='$text{'save'}'></td>\n";
+print &ui_table_end();
+
if ($in{'midx'} ne '') {
- print "<td align=right><input type=submit name=delete ",
- "value='$text{'delete'}'></td>\n";
+ print &ui_form_end([ [ undef, $text{'save'} ],
+ [ 'delete', $text{'delete'} ] ]);
+ }
+else {
+ print &ui_form_end([ [ undef, $text{'create'} ] ]);
}
-print "</tr></table>\n";
-print "</form>\n";
&ui_print_footer("edit_pam.cgi?idx=$in{'idx'}", $text{'edit_return'},
- "", $text{'index_return'});
+ "", $text{'index_return'});
@pams = &get_pam_config();
$pam = $pams[$in{'idx'}];
-print "<table border width=100%>\n";
-print "<tr $tb> <td><b>$text{'edit_header'}</b></td> </tr>\n";
-print "<tr $cb> <td><table width=100%>\n";
+print &ui_table_start($text{'edit_header'}, "width=100%", 2);
-print "<tr> <td width=10%><b>$text{'edit_name'}</b></td>\n";
$t = $text{'desc_'.$pam->{'name'}};
-print "<td><tt>",&html_escape($pam->{'name'}),"</tt> ",
- $pam->{'desc'} ? "($pam->{'desc'})" :
- $t ? "($t)" : "","</td>\n";
-print "</tr>\n";
+print &ui_table_row($text{'edit_name'},
+ "<tt>".&html_escape($pam->{'name'})."</tt> ".
+ ($pam->{'desc'} ? "($pam->{'desc'})" : $t ? "($t)" : ""));
foreach $t ('auth', 'account', 'session', 'password') {
- print "<tr> <td colspan=2>\n";
- print "<form action=edit_mod.cgi><table border width=100%>\n";
- print "<tr $tb> <td><b>",$text{"edit_header_$t"},"</b></td> </tr>\n";
- print "<tr $cb> <td>\n";
-
+ my $ptable;
+ $ptable .= &ui_form_start("edit_mod.cgi");
local @mods = grep { $_->{'type'} eq $t } @{$pam->{'mods'}};
- print "<table width=100%>\n";
if (@mods) {
- print "<tr $cb> <td width=20%><b>$text{'edit_mod'}</b></td> ",
- "<td width=35%><b>$text{'edit_desc'}</b></td> ",
- "<td width=20%><b>$text{'edit_control'}</b></td> ",
- "<td width=20%><b>$text{'edit_args'}</b></td> ",
- "<td width=5%><b>$text{'edit_move'}</b></td> </tr>\n";
- }
- else {
- print "<tr> <td colspan=5><b>$text{'edit_none'}",
- "</b></td> </tr>\n";
- }
- foreach $m (@mods) {
- local $mn = $m->{'module'};
- $mn =~ s/^.*\///;
- print "<tr $cb>\n";
- print "<td><a href='edit_mod.cgi?idx=$pam->{'index'}&",
- "midx=$m->{'index'}'>$mn</a></td>\n";
- print "<td>",$text{$mn} ? $text{$mn} : "<br>","</td>\n";
- print "<td>",$text{'control_'.$m->{'control'}},"</td>\n";
- print "<td>",$m->{'args'} ? $m->{'args'} : "<br>","</td>\n";
- print "<td>";
- if ($m eq $mods[$#mods]) {
- print "<img src=images/gap.gif>";
- }
- else {
- print "<a href='move.cgi?idx=$pam->{'index'}&",
- "midx=$m->{'index'}&down=1'><img ",
- "src=images/down.gif border=0></a>";
+ @tds = ( "width=20%", "width=35%", "width=20%",
+ "width=20%", "width=5%" );
+ $ptable .= &ui_columns_start([ $text{'edit_mod'},
+ $text{'edit_desc'},
+ $text{'edit_control'},
+ $text{'edit_args'},
+ $text{'edit_move'} ], \@tds);
+ foreach $m (@mods) {
+ local $mn = $m->{'module'};
+ $mn =~ s/^.*\///;
+ local @cols;
+ if ($m->{'control'} eq 'include') {
+ # Including some other file
+ push(@cols, "<a href='edit_inc.cgi?".
+ "idx=$pam->{'index'}&midx=$m->{'index'}'>".
+ &text('edit_inc', "<tt>$mn</tt>")."</a>");
+ @rtds = ( "colspan=4", "width=5%" );
+ }
+ else {
+ # Regular PAM module
+ push(@cols, "<a href='edit_mod.cgi?".
+ "idx=$pam->{'index'}&midx=$m->{'index'}'>".
+ "$mn</a>");
+ push(@cols, $text{$mn});
+ push(@cols, $text{'control_'.$m->{'control'}});
+ push(@cols, $m->{'args'});
+ @rtds = @tds;
+ }
+ local $mv;
+ if ($m eq $mods[$#mods]) {
+ $mv .= "<img src=images/gap.gif>";
+ }
+ else {
+ $mv .= "<a href='move.cgi?idx=$pam->{'index'}&".
+ "midx=$m->{'index'}&down=1'><img ".
+ "src=images/down.gif border=0></a>";
+ }
+ if ($m eq $mods[0]) {
+ $mv .= "<img src=images/gap.gif>";
+ }
+ else {
+ $mv .= "<a href='move.cgi?idx=$pam->{'index'}&".
+ "midx=$m->{'index'}&up=1'><img ".
+ "src=images/up.gif border=0></a>";
+ }
+ push(@cols, $mv);
+ $ptable .= &ui_columns_row(\@cols, \@rtds);
}
- if ($m eq $mods[0]) {
- print "<img src=images/gap.gif>";
- }
- else {
- print "<a href='move.cgi?idx=$pam->{'index'}&",
- "midx=$m->{'index'}&up=1'><img ",
- "src=images/up.gif border=0></a>";
- }
- print "</tr>\n";
+ $ptable .= &ui_columns_end();
}
- print "</table>\n";
- print "<input type=hidden name=idx value='$in{'idx'}'>\n";
- print "<input type=hidden name=type value='$t'>\n";
- print "<input type=submit value='$text{'edit_addmod'}'>\n";
- print "<select name=module>\n";
- foreach $m (sort { $a cmp $b } &list_modules()) {
- printf "<option value=%s>%s\n",
- $m, $text{$m} ? "$m ($text{$m})" : $m;
+ else {
+ $ptable .= "<b>$text{'edit_none'}</b><p>\n";
}
- print "</select></td> </tr>\n";
- print "</table></form></td></tr>\n";
+
+ # Form to add module
+ $ptable .= &ui_hidden("idx", $in{'idx'});
+ $ptable .= &ui_hidden("type", $t);
+ $ptable .= &ui_submit($text{'edit_addmod'}),"\n";
+ $ptable .= &ui_select("module", undef,
+ [ map { [ $_, $text{$_} ? "$_ ($text{$_})" : $_ ] }
+ &list_modules() ]);
+ $ptable .= " ";
+ $ptable .= &ui_submit($text{'edit_addinc'}, "inc");
+ $ptable .= &ui_form_end();
+
+ print &ui_table_row($text{"edit_header_$t"}, $ptable);
}
+print &ui_table_end();
-print "<form action=delete_pam.cgi>\n";
-print "</table></td></tr></table>\n";
-print "<input type=hidden name=idx value='$in{'idx'}'>\n";
-print "<input type=submit value='$text{'edit_delete'}'>\n";
-print "</form>\n";
+# Delete whole service form
+print &ui_form_start("delete_pam.cgi");
+print &ui_hidden("idx", $in{'idx'});
+print &ui_form_end([ [ undef, $text{'edit_delete'} ] ]);
&ui_print_footer("", $text{'index_return'});
index_none=No PAM configuration files were found on your system in the directory $1. Maybe PAM is not supported, or your <a href='$2'>module configuration</a> is incorrect.
desc_su=Switch user
+desc_su-l=Switch user (with login)
desc_login=Local or remote login
desc_samba=Samba Windows file server
desc_imap=IMAP mail server
desc_qpopper=$desc_qpop
desc_dovecot=POP / IMAP mail server
desc_cron=Scheduled commands daemon
+desc_runuser=Run command as user
+desc_runuser-l=Run command as user (with login)
+desc_postgresql=PostgreSQL database
+desc_crond=Cron daemon
+desc_smtp=SMTP authentication
+desc_smtp.postfix=Postfix SMTP authentication
+desc_smtp.sendmail=Sendmail SMTP authentication
+desc_config-util=Configuration utilities
+desc_newrole=SELinux new role
+desc_radius=RADIUS dialup login
+desc_pptpconfig=Point-to-point tunneling protocol
edit_title=Edit PAM Service
edit_header=PAM service details
edit_desc=Description
edit_args=Parameters
edit_addmod=Add step for:
+edit_addinc=Add included service
edit_control=Failure level
-edit_none=No PAM modules specified for this step
+edit_none=No PAM modules specified for this step.
edit_delete=Delete PAM service
edit_move=Move
edit_return=PAM service
+edit_inc=Include service $1
pam_pwdb.so=Unix password authentication
pam_securetty.so=Secure TTY check for root
log_mod_move=Swapped PAM modules in service $3
log_mod_move_l=Swapped PAM modules $1 and $2 in service $3
+inc_edit=Edit Included Service
+inc_create=Create Included Service
+inc_header=Included PAM service details
+inc_inc=Included PAM service
+
--- /dev/null
+#!/usr/local/bin/perl
+# Update an include for a service
+
+require './pam-lib.pl';
+&ReadParse();
+&error_setup($text{'inc_err'});
+@pam = &get_pam_config();
+$pam = $pam[$in{'idx'}];
+
+&lock_file($pam->{'file'});
+if ($in{'delete'}) {
+ # Deleting an include
+ $mod = $pam->{'mods'}->[$in{'midx'}];
+ &delete_module($pam->{'name'}, $mod);
+ }
+else {
+ if ($in{'_module'}) {
+ # Adding a new include
+ $mod = { 'type' => $in{'_type'},
+ 'module' => $in{'_module'} };
+ $module = $in{'_module'};
+ }
+ else {
+ # Existing module entry
+ # XXX
+ $mod = $pam->{'mods'}->[$in{'midx'}];
+ $module = $mod->{'module'};
+ $module =~ s/^.*\///;
+ }
+
+ if ($in{'_module'}) {
+ # Add the PAM include entry
+ &create_module($pam->{'name'}, $mod);
+ }
+ else {
+ # Update the existing include
+ &modify_module($pam->{'name'}, $mod);
+ }
+ }
+&unlock_file($pam->{'file'});
+&webmin_log($in{'delete'} ? "delete" : $in{'_module'} ? "create" : "modify",
+ "inc", $pam->{'name'}, $mod);
+&redirect("edit_pam.cgi?idx=$in{'idx'}");
+
+