VladPolskiy/webmin
1
0
Fork 0
mirror of https://github.com/webmin/webmin.git synced 2025-08-19 01:15:14 +00:00
Code Issues Packages Projects Releases Wiki Activity

Remove ancient support for user 'risk levels'

Browse Source
This commit is contained in:
Jamie Cameron
2013-12-20 14:49:25 -08:00
parent 44bdca0273
commit b916a970a9
4 changed files with 86 additions and 102 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
acl/acl-lib.pl
View File

@ -85,7 +85,6 @@ while(my $l = <$fh>) {
$user{'lang'} = $gconfig{"lang_$user[0]"}; $user{'lang'} = $gconfig{"lang_$user[0]"};
$user{'notabs'} = $gconfig{"notabs_$user[0]"}; $user{'notabs'} = $gconfig{"notabs_$user[0]"};
$user{'skill'} = $gconfig{"skill_$user[0]"}; $user{'skill'} = $gconfig{"skill_$user[0]"};
$user{'risk'} = $gconfig{"risk_$user[0]"};
$user{'rbacdeny'} = $gconfig{"rbacdeny_$user[0]"}; $user{'rbacdeny'} = $gconfig{"rbacdeny_$user[0]"};
if ($gconfig{"theme_$user[0]"}) { if ($gconfig{"theme_$user[0]"}) {
($user{'theme'}, $user{'overlay'}) = ($user{'theme'}, $user{'overlay'}) =
@ -489,8 +488,6 @@ else {
$gconfig{"notabs_".$user->{'name'}} = $user->{'notabs'} if ($user->{'notabs'}); $gconfig{"notabs_".$user->{'name'}} = $user->{'notabs'} if ($user->{'notabs'});
delete($gconfig{"skill_".$user->{'name'}}); delete($gconfig{"skill_".$user->{'name'}});
$gconfig{"skill_".$user->{'name'}} = $user->{'skill'} if ($user->{'skill'}); $gconfig{"skill_".$user->{'name'}} = $user->{'skill'} if ($user->{'skill'});
delete($gconfig{"risk_".$user->{'name'}});
$gconfig{"risk_".$user->{'name'}} = $user->{'risk'} if ($user->{'risk'});
delete($gconfig{"rbacdeny_".$user->{'name'}}); delete($gconfig{"rbacdeny_".$user->{'name'}});
$gconfig{"rbacdeny_".$user->{'name'}} = $user->{'rbacdeny'} if ($user->{'rbacdeny'}); $gconfig{"rbacdeny_".$user->{'name'}} = $user->{'rbacdeny'} if ($user->{'rbacdeny'});
delete($gconfig{"ownmods_".$user->{'name'}}); delete($gconfig{"ownmods_".$user->{'name'}});
@ -631,7 +628,8 @@ else {
&unlock_file($ENV{'MINISERV_CONFIG'}); &unlock_file($ENV{'MINISERV_CONFIG'});
my @times; my @times;
push(@times, "days", $user->{'days'}) if ($user->{'days'} ne ''); push(@times, "days", $user->{'days'}) if ($user->{'days'} &&
$user->{'days'} ne '');
push(@times, "hours", $user->{'hoursfrom'}."-".$user->{'hoursto'}) push(@times, "hours", $user->{'hoursfrom'}."-".$user->{'hoursto'})
if ($user->{'hoursfrom'}); if ($user->{'hoursfrom'});
&lock_file($miniserv{'userfile'}); &lock_file($miniserv{'userfile'});
@ -641,9 +639,9 @@ else {
close($fh); close($fh);
&open_tempfile($fh, ">$miniserv{'userfile'}"); &open_tempfile($fh, ">$miniserv{'userfile'}");
my $allow = $user->{'allow'}; my $allow = $user->{'allow'};
$allow =~ s/:/;/g; $allow =~ s/:/;/g if ($allow);
my $deny = $user->{'deny'}; my $deny = $user->{'deny'};
$deny =~ s/:/;/g; $deny =~ s/:/;/g if ($deny);
foreach my $l (@pwfile) { foreach my $l (@pwfile) {
if ($l =~ /^([^:]+):([^:]*)/ && $1 eq $username) { if ($l =~ /^([^:]+):([^:]*)/ && $1 eq $username) {
&add_old_password($user, "$2", \%miniserv); &add_old_password($user, "$2", \%miniserv);
@ -695,8 +693,6 @@ else {
if ($user->{'notabs'}); if ($user->{'notabs'});
delete($gconfig{"skill_".$username}); delete($gconfig{"skill_".$username});
$gconfig{"skill_".$user->{'name'}} = $user->{'skill'} if ($user->{'skill'}); $gconfig{"skill_".$user->{'name'}} = $user->{'skill'} if ($user->{'skill'});
delete($gconfig{"risk_".$username});
$gconfig{"risk_".$user->{'name'}} = $user->{'risk'} if ($user->{'risk'});
delete($gconfig{"rbacdeny_".$username}); delete($gconfig{"rbacdeny_".$username});
$gconfig{"rbacdeny_".$user->{'name'}} = $user->{'rbacdeny'} $gconfig{"rbacdeny_".$user->{'name'}} = $user->{'rbacdeny'}
if ($user->{'rbacdeny'}); if ($user->{'rbacdeny'});
@ -821,7 +817,6 @@ foreach my $l (@acl) {
delete($gconfig{"lang_".$username}); delete($gconfig{"lang_".$username});
delete($gconfig{"notabs_".$username}); delete($gconfig{"notabs_".$username});
delete($gconfig{"skill_".$username}); delete($gconfig{"skill_".$username});
delete($gconfig{"risk_".$username});
delete($gconfig{"ownmods_".$username}); delete($gconfig{"ownmods_".$username});
delete($gconfig{"theme_".$username}); delete($gconfig{"theme_".$username});
delete($gconfig{"readonly_".$username}); delete($gconfig{"readonly_".$username});

4
acl/backup_config.pl
View File

@ -71,10 +71,10 @@ my %aclbackup;
&read_file("$config_directory/config.aclbackup", \%aclbackup); &read_file("$config_directory/config.aclbackup", \%aclbackup);
unlink("$config_directory/config.aclbackup"); unlink("$config_directory/config.aclbackup");
foreach my $k (keys %gconfig) { foreach my $k (keys %gconfig) {
delete($gconfig{$k}) if ($k =~ /^(lang_|notabs_|skill_|risk_|theme_|ownmods_)/); delete($gconfig{$k}) if ($k =~ /^(lang_|notabs_|skill_|theme_|ownmods_)/);
} }
foreach my $k (keys %aclbackup) { foreach my $k (keys %aclbackup) {
$gconfig{$k} = $aclbackup{$k} if ($k =~ /^(lang_|notabs_|skill_|risk_|theme_|ownmods_)/); $gconfig{$k} = $aclbackup{$k} if ($k =~ /^(lang_|notabs_|skill_|theme_|ownmods_)/);
} }
&write_file("$config_directory/config", \%gconfig); &write_file("$config_directory/config", \%gconfig);

3
acl/edit_user.cgi
View File

@ -31,7 +31,6 @@ else {
else { else {
%user = ( ); %user = ( );
} }
$user{'skill'} = $user{'risk'} = 'high' if ($in{'risk'});
} }
my $me = &get_user($base_remote_user); my $me = &get_user($base_remote_user);
@ -73,7 +72,7 @@ my @mcan = $access{'gassign'} eq '*' ?
split(/\s+/, $access{'gassign'}); split(/\s+/, $access{'gassign'});
my %gcan = map { $_, 1 } @mcan; my %gcan = map { $_, 1 } @mcan;
my $memg; my $memg;
if (@glist && %gcan && !$in{'risk'} && !$user{'risk'}) { if (@glist && %gcan) {
my @opts = ( ); my @opts = ( );
if ($gcan{'_none'}) { if ($gcan{'_none'}) {
push(@opts, [ undef, "&lt;$text{'edit_none'}&gt;" ]); push(@opts, [ undef, "&lt;$text{'edit_none'}&gt;" ]);

168
acl/save_user.cgi
View File

@ -106,103 +106,93 @@ if (&supports_rbac()) {
} }
my $newgroup; my $newgroup;
if ($in{'risk'}) { if (defined($in{'group'})) {
# Just store the skill and risk levels # Check if group is allowed
$user{'skill'} = $in{'skill'}; if ($access{'gassign'} ne '*') {
$user{'risk'} = $in{'risk'}; my @gcan = split(/\s+/, $access{'gassign'});
delete($user{'modules'}); $in{'group'} && &indexof($in{'group'}, @gcan) >= 0 ||
} !$in{'group'} && &indexof('_none', @gcan) >= 0 ||
else { $oldgroup && $oldgroup->{'name'} eq $in{'group'} ||
if (defined($in{'group'})) { &error($text{'save_egroup'});
# Check if group is allowed }
if ($access{'gassign'} ne '*') {
my @gcan = split(/\s+/, $access{'gassign'});
$in{'group'} && &indexof($in{'group'}, @gcan) >= 0 ||
!$in{'group'} && &indexof('_none', @gcan) >= 0 ||
$oldgroup && $oldgroup->{'name'} eq $in{'group'} ||
&error($text{'save_egroup'});
}
# Store group membership # Store group membership
$newgroup = &get_group($in{'group'}); $newgroup = &get_group($in{'group'});
if ($in{'group'} ne ($oldgroup ? $oldgroup->{'name'} : '')) { if ($in{'group'} ne ($oldgroup ? $oldgroup->{'name'} : '')) {
# Group has changed - update the member lists # Group has changed - update the member lists
if ($oldgroup) { if ($oldgroup) {
# Take out of old # Take out of old
$oldgroup->{'members'} = $oldgroup->{'members'} =
[ grep { $_ ne $in{'old'} } [ grep { $_ ne $in{'old'} }
@{$oldgroup->{'members'}} ]; @{$oldgroup->{'members'}} ];
&modify_group($oldgroup->{'name'}, $oldgroup);
}
if ($newgroup) {
# Put into new
push(@{$newgroup->{'members'}}, $in{'name'});
&modify_group($in{'group'}, $newgroup);
}
}
elsif ($in{'old'} ne $in{'name'} && $oldgroup && $newgroup) {
# Name has changed - rename in group
my $idx = &indexof(
$in{'old'}, @{$oldgroup->{'members'}});
$oldgroup->{'members'}->[$idx] = $in{'name'};
&modify_group($oldgroup->{'name'}, $oldgroup); &modify_group($oldgroup->{'name'}, $oldgroup);
} }
} if ($newgroup) {
# Put into new
# Store manually selected modules push(@{$newgroup->{'members'}}, $in{'name'});
my @mcan = $access{'mode'} == 1 ? @{$me->{'modules'}} : &modify_group($in{'group'}, $newgroup);
$access{'mode'} == 2 ? split(/\s+/, $access{'mods'}) :
&list_modules();
my %mcan = map { $_, 1 } @mcan;
my @mods = split(/\0/, $in{'mod'});
foreach my $m (@mods) {
$mcan{$m} || &error(&text('save_emod', $m));
}
if ($in{'old'}) {
# Add modules that this user already has, but were not
# allowed to be changed or are not available for this OS
foreach my $m (@{$old->{'modules'}}) {
push(@mods, $m) if (!$mcan{$m});
} }
} }
if ($base_remote_user eq $in{'old'} && elsif ($in{'old'} ne $in{'name'} && $oldgroup && $newgroup) {
&indexof("acl", @mods) == -1 && # Name has changed - rename in group
(!$newgroup || &indexof("acl", @{$newgroup->{'modules'}}) == -1)) { my $idx = &indexof(
&error($text{'save_edeny'}); $in{'old'}, @{$oldgroup->{'members'}});
$oldgroup->{'members'}->[$idx] = $in{'name'};
&modify_group($oldgroup->{'name'}, $oldgroup);
} }
if ($oldgroup) {
# Remove modules from the old group
@mods = grep { &indexof($_, @{$oldgroup->{'modules'}}) < 0 }
@mods;
}
if (!$in{'old'} && $access{'perms'}) {
# Copy .acl files from creator to new user
&copy_acl_files($me->{'name'}, $in{'name'}, $me->{'modules'});
}
if ($newgroup) {
# Add modules from group to list
my @ownmods;
foreach my $m (@mods) {
push(@ownmods, $m)
if (&indexof($m, @{$newgroup->{'modules'}}) < 0);
}
@mods = &unique(@mods, @{$newgroup->{'modules'}});
$user{'ownmods'} = \@ownmods;
# Copy ACL files for group
my $name = $in{'old'} ? $in{'old'} : $in{'name'};
&copy_group_user_acl_files($in{'group'}, $name,
[ @{$newgroup->{'modules'}}, "" ]);
}
$user{'modules'} = \@mods;
delete($user{'skill'});
delete($user{'risk'});
} }
# Store manually selected modules
my @mcan = $access{'mode'} == 1 ? @{$me->{'modules'}} :
$access{'mode'} == 2 ? split(/\s+/, $access{'mods'}) :
&list_modules();
my %mcan = map { $_, 1 } @mcan;
my @mods = split(/\0/, $in{'mod'});
foreach my $m (@mods) {
$mcan{$m} || &error(&text('save_emod', $m));
}
if ($in{'old'}) {
# Add modules that this user already has, but were not
# allowed to be changed or are not available for this OS
foreach my $m (@{$old->{'modules'}}) {
push(@mods, $m) if (!$mcan{$m});
}
}
if ($base_remote_user eq $in{'old'} &&
&indexof("acl", @mods) == -1 &&
(!$newgroup || &indexof("acl", @{$newgroup->{'modules'}}) == -1)) {
&error($text{'save_edeny'});
}
if ($oldgroup) {
# Remove modules from the old group
@mods = grep { &indexof($_, @{$oldgroup->{'modules'}}) < 0 }
@mods;
}
if (!$in{'old'} && $access{'perms'}) {
# Copy .acl files from creator to new user
&copy_acl_files($me->{'name'}, $in{'name'}, $me->{'modules'});
}
if ($newgroup) {
# Add modules from group to list
my @ownmods;
foreach my $m (@mods) {
push(@ownmods, $m)
if (&indexof($m, @{$newgroup->{'modules'}}) < 0);
}
@mods = &unique(@mods, @{$newgroup->{'modules'}});
$user{'ownmods'} = \@ownmods;
# Copy ACL files for group
my $name = $in{'old'} ? $in{'old'} : $in{'name'};
&copy_group_user_acl_files($in{'group'}, $name,
[ @{$newgroup->{'modules'}}, "" ]);
}
$user{'modules'} = \@mods;
# Update user object # Update user object
my $salt = chr(int(rand(26))+65).chr(int(rand(26))+65); my $salt = chr(int(rand(26))+65).chr(int(rand(26))+65);
$user{'name'} = $in{'name'}; $user{'name'} = $in{'name'};