wrap and sort + debhelper 10 buildep

[pmg-api.git] / PMG / UserConfig.pm

diff --git a/PMG/UserConfig.pm b/PMG/UserConfig.pm
index f8115164d2d37edf52a9df52b45e69fbe79ab9fe..f3bc2e315b304ee4942315a8f0ef3179be0742ea 100644 (file)
--- a/PMG/UserConfig.pm
+++ b/PMG/UserConfig.pm
@@ -1,6 +1,5 @@
 package PMG::UserConfig;
 
-
 use strict;
 use warnings;
 use Data::Dumper;
@@ -43,7 +42,7 @@ sub lock_config {
     }
 }
 
-our $schema = {
+my $schema = {
     additionalProperties => 0,
     properties => {
        userid => get_standard_option('userid'),
@@ -82,7 +81,7 @@ our $schema = {
        role => {
            description => "User role. Role 'root' is reseved for the Unix Superuser.",
            type => 'string',
-           enum => ['root', 'admin', 'qmanager', 'audit'],
+           enum => ['root', 'admin', 'helpdesk', 'qmanager', 'audit'],
        },
        firstname => {
            description => "First name.",
@@ -110,7 +109,18 @@ our $schema = {
     },
 };
 
-our $update_schema = clone($schema);
+our $create_schema = clone($schema);
+delete $create_schema->{properties}->{username};
+delete $create_schema->{properties}->{realm};
+$create_schema->{properties}->{password} = {
+    description => "Password",
+    type => 'string',
+    maxLength => 32,
+    minLength => 5,
+    optional => 1,
+};
+
+our $update_schema = clone($create_schema);
 $update_schema->{properties}->{role}->{optional} = 1;
 $update_schema->{properties}->{delete} = {
     type => 'string', format => 'pve-configid-list',
@@ -119,10 +129,19 @@ $update_schema->{properties}->{delete} = {
     optional => 1,
 };
 
-my $verity_entry = sub {
+my $verify_entry = sub {
     my ($entry) = @_;
 
     my $errors = {};
+    my $userid = $entry->{userid};
+    if (defined(my $username = $entry->{username})) {
+       if ($userid !~ /^\Q$username\E\@/) {
+           $errors->{'username'} = 'invalid username for userid';
+       }
+    } else {
+       # make sure the username's length is checked
+       $entry->{username} = ($userid =~ s/\@.*$//r);
+    }
     PVE::JSONSchema::check_prop($entry, $schema, '', $errors);
     if (scalar(%$errors)) {
        raise "verify entry failed\n", errors => $errors;
@@ -184,7 +203,7 @@ sub read_user_conf {
                    $d->{$k} = $+{$k} if $+{$k};
                }
                eval {
-                   $verity_entry->($d);
+                   $verify_entry->($d);
                    $cfg->{$d->{userid}} = $d;
                    die "role 'root' is reserved\n"
                        if $d->{role} eq 'root' && $d->{userid} ne 'root@pmg';
@@ -222,19 +241,13 @@ sub write_user_conf {
        $d->{userid} = $userid;
 
        die "invalid userid '$userid'\n" if $userid eq 'root@pmg';
+       $verify_entry->($d);
+       $cfg->{$d->{userid}} = $d;
 
-       eval {
-           $verity_entry->($d);
-           $cfg->{$d->{userid}} = $d;
-
-           if ($d->{userid} ne 'root@pam') {
-               die "role 'root' is reserved\n" if $d->{role} eq 'root';
-               die "unable to add users for realm '$d->{realm}'\n"
-                   if $d->{realm} && $d->{realm} ne 'pmg';
-           }
-       };
-       if (my $err = $@) {
-           die $err;
+       if ($d->{userid} ne 'root@pam') {
+           die "role 'root' is reserved\n" if $d->{role} eq 'root';
+           die "unable to add users for realm '$d->{realm}'\n"
+               if $d->{realm} && $d->{realm} ne 'pmg';
        }
 
        my $line;
@@ -259,6 +272,10 @@ sub write_user_conf {
        $raw .= $line . "\n";
     }
 
+    my $gid = getgrnam('www-data');
+    chown(0, $gid, $fh);
+    chmod(0640, $fh);
+
     PVE::Tools::safe_print($filename, $fh, $raw);
 }
 
@@ -306,7 +323,7 @@ sub set_user_password {
     lock_config(sub {
        my $cfg = $class->new();
        my $data = $cfg->lookup_user_data($username); # user exists
-       my $epw = PMG::Utils::encrypt_pw($password);
+       my $epw = PVE::Tools::encrypt_pw($password);
        $data->{crypt_pass} = $epw;
        $cfg->write();
     });