diff options
author | Matthew Grooms <mgrooms@pfsense.org> | 2008-07-25 02:28:31 +0000 |
---|---|---|
committer | Matthew Grooms <mgrooms@pfsense.org> | 2008-07-25 02:28:31 +0000 |
commit | 45ee90edb38f3c52a242d248468a992bf19f1c44 (patch) | |
tree | 14e5a6b3c6a7ff340858442dddc9241b3e8fc9a0 /usr/local/www/system_usermanager_edit.php | |
parent | 8057888036bfcacd59c9d0fcf235aba5dc65682b (diff) | |
download | pfsense-45ee90edb38f3c52a242d248468a992bf19f1c44.zip pfsense-45ee90edb38f3c52a242d248468a992bf19f1c44.tar.gz |
Rewrite portions of the user manager to ensure data is properly synced to
the system password and group databases. This is to provide better support
for centralized user management when local account administration is
preferred.
I also took this opportunity to do some housekeeping. A lot of funtions
that were only being used in one place or not at all were removed. The
user page privelege checks were also simplified in preperation for future
work in this area.
Diffstat (limited to 'usr/local/www/system_usermanager_edit.php')
-rw-r--r-- | usr/local/www/system_usermanager_edit.php | 87 |
1 files changed, 35 insertions, 52 deletions
diff --git a/usr/local/www/system_usermanager_edit.php b/usr/local/www/system_usermanager_edit.php index 14bf3e5..af4a9b3 100644 --- a/usr/local/www/system_usermanager_edit.php +++ b/usr/local/www/system_usermanager_edit.php @@ -33,19 +33,19 @@ require("guiconfig.inc"); $pgtitle = array("System","User manager","Edit privilege"); /* - The following code presumes, that the following XML structure exists or - if it does not exist, it will be created. - - <priv> - <id>fooid</id> - <name>foo</name> - <descr>foo desc</descr> - </priv> - <priv> - <id>barid</id> - <name>bar</name> - <descr>bar desc</descr> - </priv> + NOTE: The following code presumes, that the following XML structure + exists or if it does not exist, it will be created. + + <priv> + <id>fooid</id> + <name>foo</name> + <descr>foo desc</descr> + </priv> + <priv> + <id>barid</id> + <name>bar</name> + <descr>bar desc</descr> + </priv> */ $useract = $_GET['useract']; @@ -63,24 +63,23 @@ if (isset($_POST['id'])) $id = $_POST['id']; if (empty($config['system']['user'][$userid])) { - pfSenseHeader("system_usermanager.php?id={$userid}&act={$_GET['useract']}"); - exit; + pfSenseHeader("system_usermanager.php?id={$userid}&act={$_GET['useract']}"); + exit; } -if (!is_array($config['system']['user'][$userid]['priv'])) { - $config['system']['user'][$userid]['priv'] = array(); -} +if (!is_array($config['system']['user'][$userid]['priv'])) + $config['system']['user'][$userid]['priv'] = array(); $t_privs = &$config['system']['user'][$userid]['priv']; if (isset($id) && $t_privs[$id]) { - $pconfig['pid'] = $t_privs[$id]['id']; - $pconfig['pname'] = $t_privs[$id]['name']; - $pconfig['descr'] = $t_privs[$id]['descr']; + $pconfig['pid'] = $t_privs[$id]['id']; + $pconfig['pname'] = $t_privs[$id]['name']; + $pconfig['descr'] = $t_privs[$id]['descr']; } else { - $pconfig['pid'] = $_GET['pid']; - $pconfig['pname'] = $_GET['pname']; - $pconfig['descr'] = $_GET['descr']; + $pconfig['pid'] = $_GET['pid']; + $pconfig['pname'] = $_GET['pname']; + $pconfig['descr'] = $_GET['descr']; } if ($_POST) { @@ -96,22 +95,18 @@ if ($_POST) { /* check for overlaps */ foreach ($t_privs as $priv) { - if (isset($id) && ($t_privs[$id]) && ($t_privs[$id] === $priv)) { + if (isset($id) && ($t_privs[$id]) && ($t_privs[$id] === $priv)) continue; - } if ($priv['id'] == $pconfig['pid']) { $input_errors[] = gettext("This privilege ID already exists."); break; } } - if (hasShellAccess($userindex[$userid]['name']) || - isAllowedToCopyFiles($userindex[$userid]['name'])) { - if (preg_match("/[^a-zA-Z0-9\.\-_]/", $userindex[$userid]['name'])) - $input_errors[] = gettext("The username contains invalid characters " . - "((this means this user can't be used to create" . - " a shell account)."); - } + if (preg_match("/[^a-zA-Z0-9\.\-_]/", $userindex[$userid]['name'])) + $input_errors[] = gettext("The username contains invalid characters " . + "((this means this user can't be used to create" . + " a shell account)."); /* if this is an AJAX caller then handle via JSON */ if(isAjax() && is_array($input_errors)) { @@ -130,30 +125,18 @@ if ($_POST) { else $t_privs[] = $priv; - $name = $config['system']['user'][$userid]['name']; - $groupname = $config['system']['user'][$userid]['groupname']; - - if ($priv['id'] == "hasshell") { - log_error("Assigning UID to $name / $groupname"); - assignUID($name); - assignGID($groupname); - } - - write_config(); + set_local_user($config['system']['user'][$userid]); + write_config(); - /* sync usernames and password db */ - $retval = system_password_configure(); - sync_webgui_passwords(); - - $retval = 0; - config_lock(); - config_unlock(); + $retval = 0; + config_lock(); + config_unlock(); - $savemsg = get_std_save_message($retval); + $savemsg = get_std_save_message($retval); pfSenseHeader("system_usermanager.php?id={$userid}&act={$useract}"); exit; - } + } } /* if ajax is calling, give them an update message */ |