[pve-devel] r4848 - pve-access-control/trunk
svn-commits at proxmox.com
svn-commits at proxmox.com
Mon Jun 28 09:27:58 CEST 2010
Author: dietmar
Date: 2010-06-28 07:27:57 +0000 (Mon, 28 Jun 2010)
New Revision: 4848
Modified:
pve-access-control/trunk/AccessControl.pm
pve-access-control/trunk/ChangeLog
pve-access-control/trunk/pveum
Log:
* pveum: new groupadd/groupdel (patch from Seth)
Modified: pve-access-control/trunk/AccessControl.pm
===================================================================
--- pve-access-control/trunk/AccessControl.pm 2010-06-25 16:00:55 UTC (rev 4847)
+++ pve-access-control/trunk/AccessControl.pm 2010-06-28 07:27:57 UTC (rev 4848)
@@ -433,7 +433,7 @@
}
sub add_user {
- my ($newusername, $passwd) = @_;
+ my ($newusername, $passwd, $opts) = @_;
my $domain;
@@ -455,6 +455,16 @@
warn "add user $newusername, $passwd not implemented\n";
$usercfg->{users}->{$newusername} = { enabled => 1 };
+ if ($opts->{groups}) {
+ foreach my $group (split_list ($opts->{groups})) {
+ if ($usercfg->{groups}->{$group}) {
+ add_user_group ($newusername,$usercfg,$group);
+ } else {
+ warn "ignore group '$group' - no such group\n";
+ next;
+ }
+ }
+ }
save_user_config ($usercfg);
}
@@ -475,6 +485,18 @@
!$usercfg->{users}->{$username}->{enabled};
disable_user ($username,$usercfg) if $opts->{lock} &&
$usercfg->{users}->{$username}->{enabled};
+ delete_user_group ($username,$usercfg) if (!$opts->{append} && $opts->{groups});
+ if ($opts->{groups}) {
+ foreach my $group (split_list ($opts->{groups})) {
+ if ($usercfg->{groups}->{$group}) {
+ add_user_group ($username,$usercfg,$group);
+ } else {
+ warn "ignore group '$group' - no such group\n";
+ next;
+ }
+ }
+ }
+
change_password ($username,$usercfg) if $opts->{password};
name_user ($username,$usercfg) if $opts->{name};
comment_user ($username,$usercfg) if $opts->{comment};
@@ -494,12 +516,46 @@
delete ($usercfg->{users}->{$username})
if $usercfg->{users}->{$username};
- #fixme: Remove user from ACLs and groups
+ delete_user_group ($username,$usercfg);
+ delete_user_acl ($username,$usercfg);
save_user_config ($usercfg);
}
+sub add_user_group {
+
+ my ($username,$usercfg,$group) = @_;
+ $usercfg->{users}->{$username}->{groups}->{$group} = 1;
+ $usercfg->{groups}->{$group}->{$username} = 1;
+
+
+}
+
+sub delete_user_group {
+
+ my ($username,$usercfg) = @_;
+
+ foreach my $group (keys %{$usercfg->{groups}}) {
+
+ delete ($usercfg->{groups}->{$group}->{$username})
+ if $usercfg->{groups}->{$group}->{$username};
+ }
+
+}
+
+sub delete_user_acl {
+
+ my ($username,$usercfg) = @_;
+
+ foreach my $acl (keys %{$usercfg->{acl}}) {
+
+ delete ($usercfg->{acl}->{$acl}->{users}->{$username})
+ if $usercfg->{acl}->{$acl}->{users}->{$username};
+ }
+
+}
+
sub disable_user {
my ($username,$usercfg) = @_;
@@ -534,6 +590,36 @@
}
+sub add_group {
+
+ my ($group) = @_;
+
+ my $usercfg = load_user_config();
+
+ die "add group failed: '$group' - invalid characters in group name\n" if (!verify_groupname ($group));
+
+ die "group '$group' already exists\n"
+ if $usercfg->{groups}->{$group};
+
+ $usercfg->{groups}->{$group} = {};
+
+ save_user_config ($usercfg);
+
+}
+
+sub delete_group {
+
+ my ($group) = @_;
+
+ my $usercfg = load_user_config();
+
+ delete ($usercfg->{groups}->{$group})
+ if $usercfg->{groups}->{$group};
+
+ save_user_config ($usercfg);
+
+}
+
my $valid_privs = {
'VM.Create' => 1,
'VM.Remove' => 1,
@@ -702,6 +788,9 @@
next;
}
+ # make sure to add the group (even if there are no members)
+ $cfg->{groups}->{$group} = {} if !$cfg->{groups}->{$group};
+
foreach my $user (split_list ($userlist)) {
if (!verify_username ($user)) {
Modified: pve-access-control/trunk/ChangeLog
===================================================================
--- pve-access-control/trunk/ChangeLog 2010-06-25 16:00:55 UTC (rev 4847)
+++ pve-access-control/trunk/ChangeLog 2010-06-28 07:27:57 UTC (rev 4848)
@@ -1,3 +1,7 @@
+2010-06-28 Proxmox Support Team <support at proxmox.com>
+
+ * pveum: new groupadd/groupdel (patch from Seth)
+
2010-06-25 Proxmox Support Team <support at proxmox.com>
* AccessControl.pm (modify_user): include patch from Seth
Modified: pve-access-control/trunk/pveum
===================================================================
--- pve-access-control/trunk/pveum 2010-06-25 16:00:55 UTC (rev 4847)
+++ pve-access-control/trunk/pveum 2010-06-28 07:27:57 UTC (rev 4848)
@@ -67,13 +67,19 @@
} elsif ($cmd eq 'useradd') {
+ my $opts = {};
+
+ if (!GetOptions ($opts,'groups=s')) {
+ exit (-1);
+ }
+
my $username = shift;
die "no username specified\n" if !$username;
my $passwd = read_password();
- PVE::AccessControl::add_user($username, $passwd);
+ PVE::AccessControl::add_user($username, $passwd, $opts);
exit(0);
@@ -81,7 +87,7 @@
my $opts = {};
- if (!GetOptions ($opts, 'unlock', 'lock', 'password', 'name=s', 'comment=s')) {
+ if (!GetOptions ($opts, 'append', 'groups=s', 'unlock', 'lock', 'password', 'name=s', 'comment=s')) {
exit (-1);
}
@@ -102,12 +108,26 @@
die "no username specified\n" if !$username;
- #fixme: Verify deletion?
-
PVE::AccessControl::delete_user($username);
exit(0);
+} elsif ($cmd eq 'groupadd') {
+
+ my $group = shift;
+
+ PVE::AccessControl::add_group($group);
+
+} elsif ($cmd eq 'groupdel') {
+
+ my $group = shift;
+
+ die "no group specified\n" if !$group;
+
+ PVE::AccessControl::delete_group($group);
+
+ exit(0);
+
} else {
print_usage("unknown command '$cmd'");
More information about the pve-devel
mailing list