2 # Copyright (C) 2002 Stanislav Sinyagin
4 # This program is free software; you can redistribute it and/or modify
5 # it under the terms of the GNU General Public License as published by
6 # the Free Software Foundation; either version 2 of the License, or
7 # (at your option) any later version.
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU General Public License for more details.
14 # You should have received a copy of the GNU General Public License
15 # along with this program; if not, write to the Free Software
16 # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307, USA.
18 # $Id: acledit.in,v 1.1 2010-12-27 00:04:01 ivan Exp $
19 # Stanislav Sinyagin <ssinyagin@yahoo.com>
21 BEGIN { require '@torrus_config_pl@'; }
27 use Torrus::ACL::Edit;
28 use Torrus::SiteConfig;
30 exit(1) if not Torrus::SiteConfig::verify();
32 our %knownPrivileges =
33 ( 'DisplayTree' => 'tree',
34 'DisplayAdmInfo' => 'tree',
35 'DisplayReports' => 'tree',
36 'GlobalSearch' => 'global' );
56 our $exporttemplate = "aclexport.xml";
69 my $ok = GetOptions ('addgroup=s' => \@addgroups,
70 'delgroup=s' => \@delgroups,
71 'modgroup=s' => \@modgroups,
72 'permit=s' => \@permitprivs,
73 'deny=s' => \@denyprivs,
74 'for=s' => \@forobjects,
75 'adduser=s' => \$adduser,
76 'addhost=s' => \$addhost,
77 'deluser=s' => \$deluser,
78 'moduser=s' => \$moduser,
79 'addtogroup=s' => \@addtogroups,
80 'delfromgroup=s' => \@delfromgroups,
81 'password=s' => \$password,
82 'hostpassword=s' => \$host_password,
83 'cn=s' => \$commonname,
84 'export=s' => \$exportfile,
85 'template=s' => \$exporttemplate,
86 'import=s' => \$importfile,
87 'clear' => \$clearconf,
88 'showgroup=s' => \@showgroups,
89 'showuser=s' => \@showusers,
93 'verbose' => \$verbose,
94 'help' => \$help_needed);
96 if( not $ok or $help_needed or scalar(@ARGV) > 0 or
97 ( @addgroups ? 1:0 ) + ( @delgroups ? 1:0 ) + ( @modgroups ? 1:0 ) > 1 or
98 ( ( @permitprivs or @denyprivs ) and not @forobjects ) or
99 ( $adduser ? 1:0 ) + ( $deluser ? 1:0 ) + ( $moduser ? 1:0 ) > 1 or
100 ( ( @addtogroups or @delfromgroups or
101 length($password) > 0 or
102 length($host_password) > 0 or
103 length($commonname) > 0 ) and
104 ( length($adduser) + length($addhost) + length($moduser) == 0 ) ) )
106 print STDERR "Usage: $0 [options...]\n",
108 " --addgroup=GROUP add group\n",
109 " --delgroup=GROUP delete group\n",
110 " --modgroup=GROUP modify group\n",
111 " --permit=PRIVILEGE add privilege to group(s)\n",
112 " --deny=PRIVILEGE revoke privilege from group(s)\n",
113 " --for=TREE subject of privilege or '*'\n",
114 " --force change privilege for non-existent object\n",
115 " --showgroup=GROUP display group details\n",
117 " --adduser=UID add new user\n",
118 " --deluser=UID delete user\n",
119 " --moduser=UID modify user\n",
120 " --addtogroup=GROUP add user to group(s)\n",
121 " --delfromgroup=GROUP delete user from group(s)\n",
122 " --password=PASSWORD set the user password\n",
123 " --hostpassword=PASSWORD set the host password (UID must be a host)\n",
124 " --cn=\"John Smith\" set the user common name\n",
125 " --showuser=USER display user details\n",
126 "General Options:\n",
127 " --export=FILE export ACL config to a file\n",
128 " --template=NAME [aclexport.xml] export template \n",
129 " --import=FILE import ACL config from a file\n",
130 " --clear delete ALL user and privileges configuration\n",
131 " --list list all users and groups they belong to\n",
132 " --debug set the log level to debug\n",
133 " --verbose set the log level to verbose\n",
134 " --help this help message\n\n",
136 " DisplayTree see the datasources for a tree\n",
137 " DisplayAdmInfo see the administrative info for a tree\n",
138 " DisplayReports see the administrative info for a tree\n",
139 " GlobalSearch search globally for '*'\n";
145 Torrus::Log::setLevel('debug');
149 Torrus::Log::setLevel('verbose');
152 # We set the signal handlers, but we actually don't react on
153 # signals, because the acledit is a fast utility
154 &Torrus::DB::setSafeSignalHandlers();
156 Verbose(sprintf("Torrus version %s", '@VERSION@'));
158 my $aclEdit = new Torrus::ACL::Edit;
160 if( $ok and $exportfile )
162 $ok = $aclEdit->exportACL( $exportfile, $exporttemplate ) ? $ok:0;
165 if( $ok and $clearconf )
167 $ok = $aclEdit->clearConfig() ? $ok:0;
172 $ok = $aclEdit->deleteGroups( @delgroups ) ? $ok:0;
177 $ok = $aclEdit->addGroups( @addgroups ) ? $ok:0;
180 if( @addgroups or @modgroups )
182 my $groups = [ @addgroups, @modgroups ];
185 $ok = setupPrivileges( $aclEdit, \@permitprivs,
186 $groups, \@forobjects, 1 ) ? $ok:0;
190 $ok = setupPrivileges( $aclEdit, \@denyprivs,
191 $groups, \@forobjects, 0 ) ? $ok:0;
201 $attrValues->{'cn'} = $commonname;
207 $ok = $aclEdit->addUser( $uid, $attrValues ) ? $ok:0;
213 $ok = $aclEdit->addUser( $uid, $attrValues ) ? $ok:0;
219 if( scalar( keys %{$attrValues} ) )
221 $ok = $aclEdit->setUserAttributes( $uid, $attrValues ) ? $ok:0;
226 $ok = $aclEdit->deleteUser( $deluser ) ? $ok:0;
233 $ok = $aclEdit->setPassword( $uid, $password ) ? $ok:0;
235 elsif( $host_password )
237 $ok = $aclEdit->setPassword( $uid,
238 $uid . '//' . $host_password ) ? $ok:0;
242 if( $uid and scalar( @addtogroups ) )
244 $ok = $aclEdit->addUserToGroups( $uid, @addtogroups ) ? $ok:0;
247 if( $uid and scalar( @delfromgroups ) )
249 $ok = $aclEdit->delUserFromGroups( $uid, @delfromgroups ) ? $ok:0;
252 if( $ok and $importfile )
254 $ok = $aclEdit->importACL( $importfile ) ? $ok:0;
259 @showusers = $aclEdit->listUsers();
260 @showgroups = $aclEdit->listGroups();
267 foreach my $group ( @showgroups )
269 if( $aclEdit->groupExists( $group ) )
271 $showGroupsHash{$group} = 1;
275 Error('No such group: ' . $group); $ok = 0;
282 foreach my $uid ( sort @showusers )
284 if( $aclEdit->userExists( $uid ) )
286 printf("User: %s (%s)\n",
287 $uid, $aclEdit->userAttribute( $uid, 'cn' ) );
288 foreach my $group ( sort $aclEdit->memberOf( $uid ) )
290 printf("Member of: %s\n", $group);
291 $showGroupsHash{$group} = 1;
294 if( $verbose or $debug )
296 printf("Modified: %s\n",
297 $aclEdit->userAttribute( $uid, 'modified' ) );
303 Error('No such user: ' . $uid); $ok = 0;
308 if( %showGroupsHash )
310 foreach my $group ( sort keys %showGroupsHash )
312 printf("Group: %s\n", $group);
314 my $privs = $aclEdit->listPrivileges( $group );
315 foreach my $object ( sort keys %{$privs} )
317 foreach my $priv ( sort keys %{$privs->{$object}} )
319 printf("Has privilege \"%s\" for %s \"%s\"\n", $priv,
320 $knownPrivileges{$priv}, $object);
324 foreach my $uid ( sort @{$aclEdit->listGroupMembers( $group )} )
326 printf("Member: %s\n", $uid);
329 if( $verbose or $debug )
331 printf("Modified: %s\n",
332 $aclEdit->groupAttribute( $group, 'modified' ) );
341 Warn('acledit exited with errors');
347 my $aclEdtit = shift;
354 foreach my $priv ( @{$privs} )
356 if( defined( $knownPrivileges{$priv} ) )
358 if( $knownPrivileges{$priv} eq 'tree' )
360 foreach my $obj ( @{$objects} )
363 Torrus::SiteConfig::treeExists( $obj ) or $force )
365 foreach my $group ( @{$groups} )
370 setPrivilege( $group, $obj,
376 clearPrivilege( $group, $obj,
383 Error('No such tree: ' . $obj); $ok = 0;
387 elsif( $knownPrivileges{$priv} eq 'global' )
389 foreach my $obj ( @{$objects} )
393 Error("Privilege GlobalSearch should be for '*'");
400 foreach my $group ( @{$groups} )
405 setPrivilege( $group, '*', $priv ) ? $ok:0;
410 clearPrivilege( $group, '*', $priv ) ? $ok:0;
418 Error('Unknown privilege name: ' . $priv); $ok = 0;
430 # indent-tabs-mode: nil
431 # perl-indent-level: 4