From 58b584476556f78d1acf76953d746d0de8e70eee Mon Sep 17 00:00:00 2001 From: Jamie Cameron Date: Thu, 5 Aug 2021 12:13:01 -0700 Subject: [PATCH] Add documentation URL and fix locking --- acl/acl-lib.pl | 56 ++++++++++++++++++--------------------- webmin/change_session.cgi | 17 +++++++----- webmin/edit_session.cgi | 4 ++- webmin/lang/en | 1 + 4 files changed, 40 insertions(+), 38 deletions(-) diff --git a/acl/acl-lib.pl b/acl/acl-lib.pl index 144e01d1c..d0d9abc40 100755 --- a/acl/acl-lib.pl +++ b/acl/acl-lib.pl @@ -1933,7 +1933,7 @@ my $hash = &hash_session_id($sid); return $sessiondb{$hash} ? $hash : $sid; } -=head2 setup_anonymous_access(path, module, [&miniserv]) +=head2 setup_anonymous_access(path, module) Grants anonymous access to some path. By default, the user for other anonymous access will be used, or if there is none, a user named 'anonymous' will be @@ -1942,19 +1942,22 @@ created and granted access to the module. =cut sub setup_anonymous_access { -my ($path, $mod, $miniserv) = @_; +my ($path, $mod) = @_; # Find out what users and paths we grant access to currently -my $needsave; -if (!$miniserv) { - $miniserv = { }; - &get_miniserv_config($miniserv); - $needsave = 1; - } +my $miniserv = { }; +&get_miniserv_config($miniserv); my @anon = split(/\s+/, $miniserv->{'anonymous'} || ""); my ($user, $found) = &get_anonymous_access($path, $miniserv); return 1 if ($found >= 0); # Already setup +# Grant access to the user and path +&lock_file(&get_miniserv_config_file()); +push(@anon, "$path=$user"); +$miniserv->{'anonymous'} = join(" ", @anon); +&put_miniserv_config($miniserv); +&unlock_file(&get_miniserv_config_file()); + if (!$user) { # Create a user if need be $user = "anonymous"; @@ -1977,33 +1980,32 @@ else { } } -# Grant access to the user and path -push(@anon, "$path=$user"); -$miniserv->{'anonymous'} = join(" ", @anon); -if ($needsave) { - &put_miniserv_config($miniserv); - &reload_miniserv(); - } +&reload_miniserv(); } -=head2 remove_anonymous_access(path, module, [&miniserv]) +=head2 remove_anonymous_access(path, module) Remove anon access to some path, taking it away from the anonymous user's modules if needed =cut sub remove_anonymous_access { -my ($path, $mod, $miniserv) = @_; -my $needsave; -if (!$miniserv) { - $miniserv = { }; - &get_miniserv_config($miniserv); - $needsave = 1; - } +my ($path, $mod) = @_; + +# Get current state +my $miniserv = { }; +&get_miniserv_config($miniserv); my @anon = split(/\s+/, $miniserv->{'anonymous'} || ""); my ($user, $found) = &get_anonymous_access($path, $miniserv); return if ($found < 0); # Already gone +# Take out of miniserv +&lock_file(&get_miniserv_config_file()); +splice(@anon, $found, 1); +$miniserv->{'anonymous'} = join(" ", @anon); +&put_miniserv_config($miniserv); +&unlock_file(&get_miniserv_config_file()); + # Take away from the user my ($uinfo) = grep { $_->{'name'} eq $user } &list_users(); if ($uinfo) { @@ -2014,13 +2016,7 @@ if ($uinfo) { } } -# Take out of miniserv -splice(@anon, $found, 1); -$miniserv->{'anonymous'} = join(" ", @anon); -if ($needsave) { - &put_miniserv_config($miniserv); - &reload_miniserv(); - } +&reload_miniserv(); } =head2 get_anonymous_access(path, [&miniserv]) diff --git a/webmin/change_session.cgi b/webmin/change_session.cgi index ce424cfe9..a9b4316a3 100755 --- a/webmin/change_session.cgi +++ b/webmin/change_session.cgi @@ -103,16 +103,19 @@ if (defined($in{'passwd_mode'})) { } $miniserv{'utmp'} = $in{'utmp'}; $miniserv{'session_ip'} = $in{'session_ip'}; -if ($in{'passapi'}) { - &acl::setup_anonymous_access($password_change_path, $password_change_mod, \%miniserv); - } -else { - &acl::remove_anonymous_access($password_change_path, $password_change_mod, \%miniserv); - } -$gconfig{'passapi'} = $in{'passapi'}; &put_miniserv_config(\%miniserv); &unlock_file($ENV{'MINISERV_CONFIG'}); +if ($in{'passapi'}) { + &acl::setup_anonymous_access($password_change_path, + $password_change_mod); + } +else { + &acl::remove_anonymous_access($password_change_path, + $password_change_mod); + } +$gconfig{'passapi'} = $in{'passapi'}; + &lock_file("$config_directory/config"); #$gconfig{'locking'} = $in{'locking'}; $gconfig{'noremember'} = !$in{'remember'}; diff --git a/webmin/edit_session.cgi b/webmin/edit_session.cgi index 7224bfe2c..a8fa61f2f 100755 --- a/webmin/edit_session.cgi +++ b/webmin/edit_session.cgi @@ -141,11 +141,13 @@ print &ui_table_row($text{'session_md5'}, [ 2, $text{'session_sha512'} ] ])); # Enable password change API? +$url = &get_webmin_browser_url("passwd", "change_passwd.cgi"); (undef, $found) = &acl::get_anonymous_access($password_change_path, \%miniserv); print &ui_table_row($text{'session_passapi'}, &ui_radio("passapi", $found >= 0 ? 1 : 0, [ [ 0, $text{'session_passapi0'}."
" ], - [ 1, $text{'session_passapi1'} ] ])); + [ 1, $text{'session_passapi1'} ] ])."
\n". + &text('session_passurl', "$url")); print ui_table_end(); print ui_form_end([ [ "save", $text{'save'} ] ]); diff --git a/webmin/lang/en b/webmin/lang/en index 440fa7a67..ea20382bf 100644 --- a/webmin/lang/en +++ b/webmin/lang/en @@ -659,6 +659,7 @@ session_blocklock=Also lock users with failed logins session_passapi=Enable remote password change API? session_passapi0=API disabled session_passapi1=API enabled for Unix users +session_passurl=When enabled, user passwords can be changed via a POST request to $1 assignment_title=Reassign Modules assignment_header=Module category assignments