[pve-access-control.git] / pveum

#!/usr/bin/perl

use strict;
use warnings;
use Getopt::Long;
use PVE::Tools qw(run_command);
use PVE::Cluster;
use PVE::SafeSyslog;
use PVE::AccessControl;
use File::Path qw(make_path remove_tree);
use Term::ReadLine;
use PVE::INotify;
use PVE::RPCEnvironment;
use PVE::API2::User;
use PVE::API2::Group;
use PVE::API2::Role;
use PVE::API2::ACL;
use PVE::API2::AccessControl;
use PVE::JSONSchema qw(get_standard_option);
use PVE::CLIHandler;

use base qw(PVE::CLIHandler);

use Data::Dumper; # fixme: remove

$ENV{'PATH'} = '/sbin:/bin:/usr/sbin:/usr/bin';

initlog('pveum');

#fixme: logging?

die "please run as root\n" if $> != 0;

PVE::INotify::inotify_init();

my $rpcenv = PVE::RPCEnvironment->init('cli');

$rpcenv->init_request();
$rpcenv->set_language($ENV{LANG});
$rpcenv->set_user('root@pam'); 

# autmatically generate the private key if it does not already exists
PVE::Cluster::gen_auth_key();

my $read_password = sub {

    # return $ENV{PVE_PW_TICKET} if defined($ENV{PVE_PW_TICKET});

    my $term = new Term::ReadLine ('pveum');
    my $attribs = $term->Attribs;
    $attribs->{redisplay_function} = $attribs->{shadow_redisplay};
    my $input = $term->readline('Enter new password: ');
    my $conf = $term->readline('Retype new password: ');
    die "Passwords do not match.\n" if ($input ne $conf);
    return $input;
};

my $cmddef = {
    ticket => [ 'PVE::API2::AccessControl', 'create_ticket', ['username'], undef,
		sub {
		    my ($res) = @_;
		    print "$res->{ticket}\n";
		}],

    passwd => [ 'PVE::API2::AccessControl', 'change_passsword', ['userid'] ],

    useradd => [ 'PVE::API2::User', 'create_user', ['userid'] ],
    usermod => [ 'PVE::API2::User', 'update_user', ['userid'] ],
    userdel => [ 'PVE::API2::User', 'delete_user', ['userid'] ],

    groupadd => [ 'PVE::API2::Group', 'create_group', ['groupid'] ],
    groupmod => [ 'PVE::API2::Group', 'update_group', ['groupid'] ],
    groupdel => [ 'PVE::API2::Group', 'delete_group', ['groupid'] ],

    roleadd => [ 'PVE::API2::Role', 'create_role', ['roleid'] ],
    rolemod => [ 'PVE::API2::Role', 'update_role', ['roleid'] ],
    roledel => [ 'PVE::API2::Role', 'delete_role', ['roleid'] ],

    aclmod => [ 'PVE::API2::ACL', 'update_acl', ['path'], { delete => 0 }],
    acldel => [ 'PVE::API2::ACL', 'update_acl', ['path'], { delete => 1 }],
};

my $cmd = shift;

PVE::CLIHandler::handle_cmd($cmddef, "pveum", $cmd, \@ARGV, $read_password, $0);

exit 0;

__END__

=head1 NAME

pveum - PVE User Manager

=head1 SYNOPSIS

=include synopsis

=head1 DESCRIPTION

No description available.

=include pve_copyright
Commit	Line	Data
7c410d63	1	#!/usr/bin/perl
2c3a6c0a DM	2
2c3a6c0a DM	3	use strict;
7c410d63	4	use warnings;
2c3a6c0a DM	5	use Getopt::Long;
	6	use PVE::Tools qw(run_command);
	7	use PVE::Cluster;
	8	use PVE::SafeSyslog;
	9	use PVE::AccessControl;
	10	use File::Path qw(make_path remove_tree);
	11	use Term::ReadLine;
	12	use PVE::INotify;
	13	use PVE::RPCEnvironment;
	14	use PVE::API2::User;
	15	use PVE::API2::Group;
	16	use PVE::API2::Role;
	17	use PVE::API2::ACL;
	18	use PVE::API2::AccessControl;
	19	use PVE::JSONSchema qw(get_standard_option);
	20	use PVE::CLIHandler;
	21
	22	use base qw(PVE::CLIHandler);
	23
	24	use Data::Dumper; # fixme: remove
	25
	26	$ENV{'PATH'} = '/sbin:/bin:/usr/sbin:/usr/bin';
	27
	28	initlog('pveum');
	29
	30	#fixme: logging?
	31
	32	die "please run as root\n" if $> != 0;
	33
	34	PVE::INotify::inotify_init();
	35
	36	my $rpcenv = PVE::RPCEnvironment->init('cli');
	37
	38	$rpcenv->init_request();
	39	$rpcenv->set_language($ENV{LANG});
	40	$rpcenv->set_user('root@pam');
	41
	42	# autmatically generate the private key if it does not already exists
	43	PVE::Cluster::gen_auth_key();
	44
	45	my $read_password = sub {
	46
	47	# return $ENV{PVE_PW_TICKET} if defined($ENV{PVE_PW_TICKET});
	48
	49	my $term = new Term::ReadLine ('pveum');
	50	my $attribs = $term->Attribs;
	51	$attribs->{redisplay_function} = $attribs->{shadow_redisplay};
	52	my $input = $term->readline('Enter new password: ');
	53	my $conf = $term->readline('Retype new password: ');
	54	die "Passwords do not match.\n" if ($input ne $conf);
	55	return $input;
	56	};
	57
	58	my $cmddef = {
	59	ticket => [ 'PVE::API2::AccessControl', 'create_ticket', ['username'], undef,
	60	sub {
	61	my ($res) = @_;
	62	print "$res->{ticket}\n";
	63	}],
bdc61d7a DM	64
	65	passwd => [ 'PVE::API2::AccessControl', 'change_passsword', ['userid'] ],
	66
2c3a6c0a DM	67	useradd => [ 'PVE::API2::User', 'create_user', ['userid'] ],
	68	usermod => [ 'PVE::API2::User', 'update_user', ['userid'] ],
	69	userdel => [ 'PVE::API2::User', 'delete_user', ['userid'] ],
	70
	71	groupadd => [ 'PVE::API2::Group', 'create_group', ['groupid'] ],
	72	groupmod => [ 'PVE::API2::Group', 'update_group', ['groupid'] ],
	73	groupdel => [ 'PVE::API2::Group', 'delete_group', ['groupid'] ],
	74
	75	roleadd => [ 'PVE::API2::Role', 'create_role', ['roleid'] ],
	76	rolemod => [ 'PVE::API2::Role', 'update_role', ['roleid'] ],
	77	roledel => [ 'PVE::API2::Role', 'delete_role', ['roleid'] ],
	78
7a4c849e DM	79	aclmod => [ 'PVE::API2::ACL', 'update_acl', ['path'], { delete => 0 }],
7a4c849e DM	80	acldel => [ 'PVE::API2::ACL', 'update_acl', ['path'], { delete => 1 }],
2c3a6c0a DM	81	};
	82
	83	my $cmd = shift;
	84
362fe4c6	85	PVE::CLIHandler::handle_cmd($cmddef, "pveum", $cmd, \@ARGV, $read_password, $0);
2c3a6c0a DM	86
	87	exit 0;
	88
	89	__END__
	90
	91	=head1 NAME
	92
	93	pveum - PVE User Manager
	94
	95	=head1 SYNOPSIS
	96
362fe4c6	97	=include synopsis
2c3a6c0a DM	98
	99	=head1 DESCRIPTION
	100
362fe4c6 DM	101	No description available.
	102
	103	=include pve_copyright