[pve-devel] r4848 - pve-access-control/trunk

svn-commits at proxmox.com svn-commits at proxmox.com
Mon Jun 28 09:27:58 CEST 2010


Author: dietmar
Date: 2010-06-28 07:27:57 +0000 (Mon, 28 Jun 2010)
New Revision: 4848

Modified:
   pve-access-control/trunk/AccessControl.pm
   pve-access-control/trunk/ChangeLog
   pve-access-control/trunk/pveum
Log:
* pveum: new groupadd/groupdel (patch from Seth)



Modified: pve-access-control/trunk/AccessControl.pm
===================================================================
--- pve-access-control/trunk/AccessControl.pm	2010-06-25 16:00:55 UTC (rev 4847)
+++ pve-access-control/trunk/AccessControl.pm	2010-06-28 07:27:57 UTC (rev 4848)
@@ -433,7 +433,7 @@
 }
 
 sub add_user {
-    my ($newusername, $passwd) = @_;
+    my ($newusername, $passwd, $opts) = @_;
 
     my $domain;
 
@@ -455,6 +455,16 @@
     warn "add user $newusername, $passwd not implemented\n";
 
     $usercfg->{users}->{$newusername} = { enabled => 1 };
+    if ($opts->{groups}) {
+	foreach my $group (split_list ($opts->{groups})) {
+	    if ($usercfg->{groups}->{$group}) {
+                add_user_group ($newusername,$usercfg,$group);
+	    } else {
+		warn "ignore group '$group' - no such group\n";
+		next;
+	    }
+	}
+    }
 
     save_user_config ($usercfg);
 }
@@ -475,6 +485,18 @@
 	!$usercfg->{users}->{$username}->{enabled};
     disable_user ($username,$usercfg) if $opts->{lock} &&
 	$usercfg->{users}->{$username}->{enabled};
+    delete_user_group ($username,$usercfg) if (!$opts->{append} && $opts->{groups});
+    if ($opts->{groups}) {
+	foreach my $group (split_list ($opts->{groups})) {
+	    if ($usercfg->{groups}->{$group}) {
+                add_user_group ($username,$usercfg,$group);
+	    } else {
+		warn "ignore group '$group' - no such group\n";
+		next;
+	    }
+	}
+    }
+
     change_password ($username,$usercfg) if $opts->{password};
     name_user ($username,$usercfg) if $opts->{name};
     comment_user ($username,$usercfg) if $opts->{comment};
@@ -494,12 +516,46 @@
     delete ($usercfg->{users}->{$username})
         if $usercfg->{users}->{$username};
 
-    #fixme: Remove user from ACLs and groups
+    delete_user_group ($username,$usercfg);
+    delete_user_acl ($username,$usercfg);
 
     save_user_config ($usercfg);
 
 }   
 
+sub add_user_group {
+
+    my ($username,$usercfg,$group) = @_;
+    $usercfg->{users}->{$username}->{groups}->{$group} = 1;
+    $usercfg->{groups}->{$group}->{$username} = 1;
+
+
+}
+
+sub delete_user_group {
+
+    my ($username,$usercfg) = @_;
+    
+    foreach my $group (keys %{$usercfg->{groups}}) {
+
+	delete ($usercfg->{groups}->{$group}->{$username}) 
+	    if $usercfg->{groups}->{$group}->{$username};
+    }
+
+}
+
+sub delete_user_acl {
+
+    my ($username,$usercfg) = @_;
+
+    foreach my $acl (keys %{$usercfg->{acl}}) {
+
+	delete ($usercfg->{acl}->{$acl}->{users}->{$username}) 
+	    if $usercfg->{acl}->{$acl}->{users}->{$username};
+    }
+
+}
+
 sub disable_user {
 
     my ($username,$usercfg) = @_;
@@ -534,6 +590,36 @@
 
 }
 
+sub add_group {
+
+    my ($group) = @_;
+    
+    my $usercfg = load_user_config();
+
+    die "add group failed: '$group' - invalid characters in group name\n" if (!verify_groupname ($group));
+    
+    die "group '$group' already exists\n" 
+	if $usercfg->{groups}->{$group};
+
+    $usercfg->{groups}->{$group} = {};
+
+    save_user_config ($usercfg);
+   
+}
+
+sub delete_group {
+    
+    my ($group) = @_;
+
+    my $usercfg = load_user_config();
+
+    delete ($usercfg->{groups}->{$group})
+        if $usercfg->{groups}->{$group};
+
+    save_user_config ($usercfg);
+
+}
+
 my $valid_privs = {
     'VM.Create' => 1,
     'VM.Remove' => 1,
@@ -702,6 +788,9 @@
 		    next;
 		}
 
+		# make sure to add the group (even if there are no members)
+		$cfg->{groups}->{$group} = {} if !$cfg->{groups}->{$group};
+
 		foreach my $user (split_list ($userlist)) {
 
 		    if (!verify_username ($user)) {

Modified: pve-access-control/trunk/ChangeLog
===================================================================
--- pve-access-control/trunk/ChangeLog	2010-06-25 16:00:55 UTC (rev 4847)
+++ pve-access-control/trunk/ChangeLog	2010-06-28 07:27:57 UTC (rev 4848)
@@ -1,3 +1,7 @@
+2010-06-28  Proxmox Support Team  <support at proxmox.com>
+
+	* pveum: new groupadd/groupdel (patch from Seth)
+
 2010-06-25  Proxmox Support Team  <support at proxmox.com>
 
 	* AccessControl.pm (modify_user): include patch from Seth

Modified: pve-access-control/trunk/pveum
===================================================================
--- pve-access-control/trunk/pveum	2010-06-25 16:00:55 UTC (rev 4847)
+++ pve-access-control/trunk/pveum	2010-06-28 07:27:57 UTC (rev 4848)
@@ -67,13 +67,19 @@
 
 } elsif ($cmd eq 'useradd') {
 
+    my $opts = {};
+
+    if (!GetOptions ($opts,'groups=s')) {
+        exit (-1);
+    }
+
     my $username = shift;
 
     die "no username specified\n" if !$username;
 
     my $passwd = read_password();
 	
-    PVE::AccessControl::add_user($username, $passwd);
+    PVE::AccessControl::add_user($username, $passwd, $opts);
 
     exit(0);
 
@@ -81,7 +87,7 @@
 
     my $opts = {};
 
-    if (!GetOptions ($opts, 'unlock', 'lock', 'password', 'name=s', 'comment=s')) {
+    if (!GetOptions ($opts, 'append', 'groups=s', 'unlock', 'lock', 'password', 'name=s', 'comment=s')) {
         exit (-1);
     }
 
@@ -102,12 +108,26 @@
 
     die "no username specified\n" if !$username;
 
-    #fixme: Verify deletion?
-
     PVE::AccessControl::delete_user($username);
 
     exit(0);
 
+} elsif ($cmd eq 'groupadd') {
+
+    my $group = shift;
+
+    PVE::AccessControl::add_group($group);
+
+} elsif ($cmd eq 'groupdel') {
+
+    my $group = shift;
+
+    die "no group specified\n" if !$group;
+
+    PVE::AccessControl::delete_group($group);
+
+    exit(0);
+
 } else {
 
     print_usage("unknown command '$cmd'");



More information about the pve-devel mailing list