#!/usr/bin/perl
# save_group.cgi
# Saves or creates a new group
require './ldap-useradmin-lib.pl';
&error_setup($text{'gsave_err'});
&ReadParse();
$ldap = &ldap_connect();
$schema = $ldap->schema();
&lock_user_files();
if (!$in{'new'}) {
# Get existing group
$rv = $ldap->search(base => $in{'dn'},
scope => 'base',
filter => &group_filter());
($ginfo) = $rv->all_entries;
$ginfo || &error($text{'gsave_egone'});
$olddesc = $ginfo->get_value('description');
%ogroup = &dn_to_hash($ginfo);
&can_edit_group(\%ogroup) || &error($text{'gedit_eedit'});
}
else {
# Creating a new one
$access{'gcreate'} || &error($text{'gedit_ecreate'});
}
if ($in{'delete'}) {
# Delete the group, but first check if it is anyone's primary group,
# and ask first
&ui_print_header(undef, $text{'gdel_title'}, "");
if ($in{'confirm'}) {
# Run the before command
%ghash = &dn_to_hash($ginfo);
&set_group_envs(\%ghash, 'DELETE_GROUP', undef);
$merr = &making_changes();
&error(&text('gsave_emaking', "<tt>$merr</tt>"))
if (defined($merr));
# Delete from other modules
%group = &dn_to_hash($ginfo);
if ($in{'others'}) {
print "$text{'gdel_other'}<br>\n";
&useradmin::other_modules("useradmin_delete_group",
\%group);
print "$text{'gdel_done'}<p>\n";
}
# Delete the LDAP entry
print "$text{'gdel_group'}<br>\n";
$rv = $ldap->delete($in{'dn'});
if ($rv->code) {
&error(&text('gsave_edelete', $rv->error));
}
print "$text{'gdel_done'}<p>\n";
&made_changes();
%p = ( %in, %group );
&webmin_log('delete', 'group', $group{'group'}, \%p);
}
else {
# Check if any user has this group as his primary
$gid = $ginfo->get_value("gidNumber");
$group = $ginfo->get_value("cn");
foreach $u (&list_users()) {
if ($u->{'gid'} == $gid) {
$found = $u->{'user'};
last;
}
}
if ($found) {
# Cannot delete
print "<p><b>",&text('gdel_eprimary', $found),
"</b> <p>\n";
}
else {
# Ask the user if he is sure
print &ui_confirmation_form(
"save_group.cgi",
&text('gdel_sure', $group),
[ [ "dn", $in{'dn'} ],
[ "delete", 1 ] ],
[ [ "confirm", $text{'gdel_del'} ] ],
&ui_checkbox("others", 1,
$text{'gdel_dothers'},
$mconfig{'default_other'}),
undef);
}
}
$ldap->unbind();
&ui_print_footer("index.cgi?mode=groups", $text{'index_greturn'});
exit;
}
elsif ($in{'raw'}) {
# Show all LDAP attributes for user
&redirect("raw.cgi?group=1&dn=".&urlize($in{'dn'}));
exit;
}
# Strip out \n characters in inputs
$in{'group'} =~ s/\r|\n//g;
$in{'pass'} =~ s/\r|\n//g;
$in{'encpass'} =~ s/\r|\n//g;
$in{'gid'} =~ s/\r|\n//g;
# Validate inputs
if ($in{'new'}) {
$in{'group'} =~ /^[^:\t]+$/ ||
&error(&text('gsave_ebadname', $in{'group'}));
$group = $in{'group'};
&check_group_used($ldap, $group) &&
&error(&text('gsave_einuse', $group));
}
else {
$group = $in{'group'};
$oldgroup = $ginfo->get_value("cn");
}
$in{'gid'} =~ /^[0-9]+$/ || &error(&text('gsave_egid', $in{'gid'}));
$gid = $in{'gid'};
$desc = $in{'desc'} || undef;
@members = split(/\r?\n/, $in{members});
if ($in{'new'} || $oldgroup ne $group) {
# Check for collision
defined(&all_getgrnam($group)) &&
&error(&text('gsave_einuse', $group));
}
# Check for GID clash
if ($in{'new'} && !$access{'gmultiple'}) {
&check_gid_used($ldap, $gid) &&
&error($text{'gsave_egidused2'});
}
$pfx = $config{'md5'} == 1 || $config{'md5'} == 3 ? "{md5}" :
$config{'md5'} == 4 ? "{ssha}" :
$config{'md5'} == 5 ? "{sha}" :
$config{'md5'} == 0 ? "{crypt}" : "";
if ($in{'passmode'} == 0) {
$pass = "";
}
elsif ($in{'passmode'} == 1) {
$pass = $in{'encpass'};
$pass = $pfx.$pass if ($pass !~ /^\{[a-z0-9]+\}/i && $pfx);
}
elsif ($in{'passmode'} == 2) {
$pass = $pfx.&encrypt_password($in{'pass'});
}
local %ghash = ( 'group' => $group,
'gid' => $gid,
'pass' => $pass,
'members' => join(",", @members) );
if (!$in{'new'}) {
# Run the pre-change command
&set_group_envs(\%ghash, 'MODIFY_GROUP',
$in{'passmode'} == 3 ? $in{'pass'} : "");
$merr = &making_changes();
&error(&text('gsave_emaking', "<tt>$merr</tt>"))
if (defined($merr));
# Change GID on files if needed
$oldgid = $ginfo->get_value("gidNumber");
if ($gid != $oldgid && $in{'chgid'}) {
if ($in{'chgid'} == 1) {
# Do all the home directories of users in this group
setpwent();
while(@tmp = getpwent()) {
if ($tmp[3] == $oldgid ||
&indexof($tmp[0], @members) >= 0) {
&useradmin::recursive_change(
$tmp[7], -1, $oldgid,
-1, $gid);
}
}
endpwent();
}
else {
# Do all files in this group from the root dir
&useradmin::recursive_change("/", -1, $oldgid,
-1, $gid);
}
}
# Work out old settings
@classes = $ginfo->get_value("objectClass");
$wassamba = &indexof($samba_group_class, @classes) >= 0;
if ($wassamba && !$in{'samba'}) {
# Remove Samba attributes
@classes = grep { $_ ne $samba_group_class } @classes;
push(@rprops,
$samba_group_class eq "sambaGroup" ? ( "rid" )
: ( "sambaSID", "sambaGrouptype" ));
}
elsif (!$wassamba && $in{'samba'}) {
# Add Samba attributes
push(@classes, $samba_group_class);
push(@props, "rid", $gid*2+1001)
if (&in_schema($schema, "rid") &&
$samba_group_schema == 2);
push(@props, "sambaSID",
"$config{'samba_domain'}-".($gid*2+1001))
if (&in_schema($schema, "sambaSID") &&
$samba_group_schema == 3);
push(@props, "sambaGrouptype", 2)
if (&in_schema($schema, "sambaGrouptype") &&
$samba_group_schema == 3);
}
# Add extra fields
&parse_extra_fields($config{'group_fields'}, \@props, \@rprops, $ldap);
# Get the properties for modified groups
push(@props, &split_props($config{'group_mod_props'}, \%ghash));
# Update the LDAP database
@classes = &unique(@classes);
@rprops = grep { defined($ginfo->get_value($_)) } @rprops;
if ($oldgroup ne $group) {
# Need to rename the LDAP dn itself, first
$base = &get_group_base();
$newdn = "cn=$group,$base";
$rv = $ldap->moddn($in{'dn'}, newrdn => "cn=$group");
if ($rv->code) {
&error(&text('gsave_emoddn', $rv->error));
}
}
else {
$newdn = $in{'dn'};
}
# Add or remove description
if ($desc) {
push(@props, "description" => $desc);
}
elsif ($olddesc) {
push(@rprops, "description");
}
if (!$pass && $ginfo->get_value("userPassword")) {
push(@rprops, "userPassword");
}
# Update group properties
$rv = $ldap->modify($newdn, replace =>
{ "gidNumber" => $gid,
"cn" => $group,
$pass ? ( "userPassword" => $pass ) : ( ),
@members ? ( "memberUid" => \@members ) : ( ),
@props,
"objectClass" => \@classes },
'delete' => \@rprops);
if ($rv->code) {
&error(&text('gsave_emod', $rv->error))
}
if (!@members && $ginfo->get_value("memberUid")) {
$rv = $ldap->modify($in{'dn'}, delete => [ "memberUid" ] );
if ($rv->code) {
&error(&text('gsave_emod', $rv->error))
}
}
}
else {
# Run the pre-change command
&set_group_envs(\%ghash, 'CREATE_GROUP',
$in{'passmode'} == 3 ? $in{'pass'} : "");
$merr = &making_changes();
&error(&text('gsave_emaking', "<tt>$merr</tt>"))
if (defined($merr));
# Parse extra fields
&parse_extra_fields($config{'group_fields'}, \@props, \@rprops,
$ldap, $in{'dn'});
# Get the properties for new groups
push(@props, &split_props($config{'group_props'}, \%ghash));
# Add to the LDAP database
$base = &get_group_base();
$newdn = "cn=$group,$base";
@classes = ( &def_group_obj_class() );
push(@classes, split(/\s+/, $config{'gother_class'}));
if ($in{'samba'}) {
push(@classes, $samba_group_class);
push(@props, "rid", $gid*2+1001)
if (&in_schema($schema, "rid") &&
$samba_group_class eq 'sambaGroup');
push(@props, "sambaSID",
"$config{'samba_domain'}-".($gid*2+1001))
if (&in_schema($schema, "sambaSID") &&
$samba_group_schema == 3);
push(@props, "sambaGrouptype", 2)
if (&in_schema($schema, "sambaGrouptype") &&
$samba_group_schema == 3);
}
if ($desc) {
push(@props, "description" => $desc);
}
$rv = $ldap->add($newdn, attr =>
[ "cn" => $group,
"gidNumber" => $gid,
$pass ? ( "userPassword" => $pass ) : ( ),
@members ? ( "memberUid" => \@members ) : ( ),
@props,
"objectClass" => \@classes ] );
if ($rv->code) {
&error(&text('gsave_eadd', $rv->error));
}
}
&made_changes();
# Run other module's scripts
if ($in{'others'}) {
if (!$in{'new'}) {
&useradmin::other_modules("useradmin_modify_group", \%group, \%ogroup);
}
else {
&useradmin::other_modules("useradmin_create_group", \%group);
}
}
delete($in{'pass'});
delete($in{'encpass'});
$ldap->unbind();
&unlock_user_files();
&webmin_log(!$in{'new'} ? 'modify' : 'create', 'group', $group, \%in);
# Bounce back to the list
&redirect("index.cgi?mode=groups");
# dn_to_hash(&ldap-object)
sub dn_to_hash
{
local %group = ( 'group' => $_[0]->get_value("cn"),
'gid' => $_[0]->get_value("gidNumber"),
'pass' => $_[0]->get_value("userPassword"),
'members' => join(",", $_[0]->get_value("memberUid")) );
$group{'pass'} =~ s/^{[a-z0-9]+}//i;
return %group;
}
| Name | Type | Size | Permission | Actions |
|---|---|---|---|---|
| help | Folder | 0755 |
|
|
| images | Folder | 0755 |
|
|
| lang | Folder | 0755 |
|
|
| CHANGELOG | File | 6.18 KB | 0644 |
|
| acl_security.pl | File | 7.55 KB | 0755 |
|
| batch_exec.cgi | File | 15.72 KB | 0755 |
|
| batch_form.cgi | File | 2.49 KB | 0755 |
|
| cgi_args.pl | File | 501 B | 0755 |
|
| config | File | 388 B | 0644 |
|
| config-ALL-linux | File | 416 B | 0644 |
|
| config-coherent-linux | File | 385 B | 0644 |
|
| config-debian-linux | File | 406 B | 0644 |
|
| config-debian-linux-3.1 | File | 395 B | 0644 |
|
| config-debian-linux-4.0-ALL | File | 388 B | 0644 |
|
| config-debian-squirrelmail-linux | File | 560 B | 0644 |
|
| config-macos | File | 466 B | 0644 |
|
| config-mandrake-linux | File | 385 B | 0644 |
|
| config-openSUSE-Linux-15.0-ALL | File | 394 B | 0644 |
|
| config-pardus-linux | File | 397 B | 0644 |
|
| config-redhat-linux | File | 385 B | 0644 |
|
| config-sol-linux | File | 385 B | 0644 |
|
| config-suse-linux | File | 394 B | 0644 |
|
| config-syno-linux | File | 452 B | 0644 |
|
| config-trustix-linux | File | 394 B | 0644 |
|
| config-united-linux | File | 394 B | 0644 |
|
| config.info | File | 5.65 KB | 0644 |
|
| config.info.ca | File | 6 KB | 0644 |
|
| config.info.de | File | 6.47 KB | 0644 |
|
| config.info.es | File | 4.93 KB | 0644 |
|
| config.info.fr | File | 0 B | 0644 |
|
| config.info.nl | File | 5.99 KB | 0644 |
|
| config.info.no | File | 5.75 KB | 0644 |
|
| config.info.pt_BR | File | 6.06 KB | 0644 |
|
| cpan_modules.pl | File | 85 B | 0755 |
|
| defaultacl | File | 318 B | 0644 |
|
| edit_group.cgi | File | 4.17 KB | 0755 |
|
| edit_user.cgi | File | 14.83 KB | 0755 |
|
| index.cgi | File | 7.52 KB | 0755 |
|
| install_check.pl | File | 612 B | 0755 |
|
| ldap-useradmin-lib.pl | File | 33.58 KB | 0755 |
|
| log_parser.pl | File | 1.55 KB | 0755 |
|
| mass_delete_group.cgi | File | 2.04 KB | 0755 |
|
| mass_delete_user.cgi | File | 7.17 KB | 0755 |
|
| module.info | File | 261 B | 0644 |
|
| module.info.af | File | 0 B | 0644 |
|
| module.info.af.auto | File | 172 B | 0644 |
|
| module.info.ar | File | 0 B | 0644 |
|
| module.info.ar.auto | File | 234 B | 0644 |
|
| module.info.be | File | 0 B | 0644 |
|
| module.info.be.auto | File | 320 B | 0644 |
|
| module.info.bg | File | 0 B | 0644 |
|
| module.info.bg.auto | File | 270 B | 0644 |
|
| module.info.ca | File | 169 B | 0644 |
|
| module.info.cs | File | 35 B | 0644 |
|
| module.info.cs.auto | File | 126 B | 0644 |
|
| module.info.da | File | 0 B | 0644 |
|
| module.info.da.auto | File | 155 B | 0644 |
|
| module.info.de | File | 174 B | 0644 |
|
| module.info.el | File | 0 B | 0644 |
|
| module.info.el.auto | File | 347 B | 0644 |
|
| module.info.es | File | 31 B | 0644 |
|
| module.info.es.auto | File | 142 B | 0644 |
|
| module.info.eu | File | 0 B | 0644 |
|
| module.info.eu.auto | File | 186 B | 0644 |
|
| module.info.fa | File | 0 B | 0644 |
|
| module.info.fa.auto | File | 284 B | 0644 |
|
| module.info.fi | File | 0 B | 0644 |
|
| module.info.fi.auto | File | 185 B | 0644 |
|
| module.info.fr | File | 0 B | 0644 |
|
| module.info.fr.auto | File | 190 B | 0644 |
|
| module.info.he | File | 0 B | 0644 |
|
| module.info.he.auto | File | 194 B | 0644 |
|
| module.info.hr | File | 0 B | 0644 |
|
| module.info.hr.auto | File | 183 B | 0644 |
|
| module.info.hu | File | 0 B | 0644 |
|
| module.info.hu.auto | File | 193 B | 0644 |
|
| module.info.it | File | 0 B | 0644 |
|
| module.info.it.auto | File | 157 B | 0644 |
|
| module.info.ja | File | 0 B | 0644 |
|
| module.info.ja.auto | File | 205 B | 0644 |
|
| module.info.ko | File | 0 B | 0644 |
|
| module.info.ko.auto | File | 174 B | 0644 |
|
| module.info.lt | File | 0 B | 0644 |
|
| module.info.lt.auto | File | 184 B | 0644 |
|
| module.info.lv | File | 0 B | 0644 |
|
| module.info.lv.auto | File | 176 B | 0644 |
|
| module.info.ms | File | 172 B | 0644 |
|
| module.info.mt | File | 0 B | 0644 |
|
| module.info.mt.auto | File | 168 B | 0644 |
|
| module.info.nl | File | 35 B | 0644 |
|
| module.info.nl.auto | File | 142 B | 0644 |
|
| module.info.no | File | 32 B | 0644 |
|
| module.info.no.auto | File | 126 B | 0644 |
|
| module.info.pl | File | 0 B | 0644 |
|
| module.info.pl.auto | File | 186 B | 0644 |
|
| module.info.pt | File | 0 B | 0644 |
|
| module.info.pt.auto | File | 163 B | 0644 |
|
| module.info.pt_BR | File | 38 B | 0644 |
|
| module.info.pt_BR.auto | File | 134 B | 0644 |
|
| module.info.ro | File | 0 B | 0644 |
|
| module.info.ro.auto | File | 184 B | 0644 |
|
| module.info.ru | File | 0 B | 0644 |
|
| module.info.ru.auto | File | 279 B | 0644 |
|
| module.info.sk | File | 0 B | 0644 |
|
| module.info.sk.auto | File | 192 B | 0644 |
|
| module.info.sl | File | 0 B | 0644 |
|
| module.info.sl.auto | File | 185 B | 0644 |
|
| module.info.sv | File | 0 B | 0644 |
|
| module.info.sv.auto | File | 166 B | 0644 |
|
| module.info.th | File | 0 B | 0644 |
|
| module.info.th.auto | File | 303 B | 0644 |
|
| module.info.tr | File | 0 B | 0644 |
|
| module.info.tr.auto | File | 194 B | 0644 |
|
| module.info.uk | File | 0 B | 0644 |
|
| module.info.uk.auto | File | 289 B | 0644 |
|
| module.info.ur | File | 0 B | 0644 |
|
| module.info.ur.auto | File | 295 B | 0644 |
|
| module.info.vi | File | 0 B | 0644 |
|
| module.info.vi.auto | File | 206 B | 0644 |
|
| module.info.zh | File | 0 B | 0644 |
|
| module.info.zh.auto | File | 130 B | 0644 |
|
| module.info.zh_TW | File | 0 B | 0644 |
|
| module.info.zh_TW.auto | File | 136 B | 0644 |
|
| postinstall.pl | File | 224 B | 0755 |
|
| prefs.info | File | 50 B | 0644 |
|
| raw.cgi | File | 967 B | 0755 |
|
| save_group.cgi | File | 9.38 KB | 0755 |
|
| save_user.cgi | File | 24.6 KB | 0755 |
|
| search_group.cgi | File | 1.31 KB | 0755 |
|
| search_user.cgi | File | 1.46 KB | 0755 |
|