[pve-access-control.git] / pveum

#!/usr/bin/perl

use strict;
use warnings;
use Getopt::Long;
use PVE::Tools qw(run_command);
use PVE::Cluster;
use PVE::SafeSyslog;
use PVE::AccessControl;
use File::Path qw(make_path remove_tree);
use Term::ReadLine;
use PVE::INotify;
use PVE::RPCEnvironment;
use PVE::API2::User;
use PVE::API2::Group;
use PVE::API2::Role;
use PVE::API2::ACL;
use PVE::API2::AccessControl;
use PVE::JSONSchema qw(get_standard_option);
use PVE::CLIHandler;

use base qw(PVE::CLIHandler);

use Data::Dumper; # fixme: remove

$ENV{'PATH'} = '/sbin:/bin:/usr/sbin:/usr/bin';

initlog('pveum');

#fixme: logging?

my $read_password = sub {

    # return $ENV{PVE_PW_TICKET} if defined($ENV{PVE_PW_TICKET});

    my $term = new Term::ReadLine ('pveum');
    my $attribs = $term->Attribs;
    $attribs->{redisplay_function} = $attribs->{shadow_redisplay};
    my $input = $term->readline('Enter new password: ');
    my $conf = $term->readline('Retype new password: ');
    die "Passwords do not match.\n" if ($input ne $conf);
    return $input;
};

my $cmddef = {
    ticket => [ 'PVE::API2::AccessControl', 'create_ticket', ['username'], undef,
		sub {
		    my ($res) = @_;
		    print "$res->{ticket}\n";
		}],

    passwd => [ 'PVE::API2::AccessControl', 'change_passsword', ['userid'] ],

    useradd => [ 'PVE::API2::User', 'create_user', ['userid'] ],
    usermod => [ 'PVE::API2::User', 'update_user', ['userid'] ],
    userdel => [ 'PVE::API2::User', 'delete_user', ['userid'] ],

    groupadd => [ 'PVE::API2::Group', 'create_group', ['groupid'] ],
    groupmod => [ 'PVE::API2::Group', 'update_group', ['groupid'] ],
    groupdel => [ 'PVE::API2::Group', 'delete_group', ['groupid'] ],

    roleadd => [ 'PVE::API2::Role', 'create_role', ['roleid'] ],
    rolemod => [ 'PVE::API2::Role', 'update_role', ['roleid'] ],
    roledel => [ 'PVE::API2::Role', 'delete_role', ['roleid'] ],

    aclmod => [ 'PVE::API2::ACL', 'update_acl', ['path'], { delete => 0 }],
    acldel => [ 'PVE::API2::ACL', 'update_acl', ['path'], { delete => 1 }],
};

my $cmd = shift;

if (defined($cmd) && $cmd ne 'verifyapi' && $cmd ne 'printmanpod') {
    die "please run as root\n" if $> != 0;

    PVE::INotify::inotify_init();

    my $rpcenv = PVE::RPCEnvironment->init('cli');

    $rpcenv->init_request();
    $rpcenv->set_language($ENV{LANG});
    $rpcenv->set_user('root@pam'); 

# autmatically generate the private key if it does not already exists
    PVE::Cluster::gen_auth_key();
}

PVE::CLIHandler::handle_cmd($cmddef, "pveum", $cmd, \@ARGV, $read_password, $0);

exit 0;

__END__

=head1 NAME

pveum - PVE User Manager

=head1 SYNOPSIS

=include synopsis

=head1 DESCRIPTION

No description available.

=include pve_copyright
Commit	Line	Data
7c410d63	1	#!/usr/bin/perl
2c3a6c0a DM	2
2c3a6c0a DM	3	use strict;
7c410d63	4	use warnings;
2c3a6c0a DM	5	use Getopt::Long;
	6	use PVE::Tools qw(run_command);
	7	use PVE::Cluster;
	8	use PVE::SafeSyslog;
	9	use PVE::AccessControl;
	10	use File::Path qw(make_path remove_tree);
	11	use Term::ReadLine;
	12	use PVE::INotify;
	13	use PVE::RPCEnvironment;
	14	use PVE::API2::User;
	15	use PVE::API2::Group;
	16	use PVE::API2::Role;
	17	use PVE::API2::ACL;
	18	use PVE::API2::AccessControl;
	19	use PVE::JSONSchema qw(get_standard_option);
	20	use PVE::CLIHandler;
	21
	22	use base qw(PVE::CLIHandler);
	23
	24	use Data::Dumper; # fixme: remove
	25
	26	$ENV{'PATH'} = '/sbin:/bin:/usr/sbin:/usr/bin';
	27
	28	initlog('pveum');
	29
	30	#fixme: logging?
	31
2c3a6c0a DM	32	my $read_password = sub {
	33
	34	# return $ENV{PVE_PW_TICKET} if defined($ENV{PVE_PW_TICKET});
	35
	36	my $term = new Term::ReadLine ('pveum');
	37	my $attribs = $term->Attribs;
	38	$attribs->{redisplay_function} = $attribs->{shadow_redisplay};
	39	my $input = $term->readline('Enter new password: ');
	40	my $conf = $term->readline('Retype new password: ');
	41	die "Passwords do not match.\n" if ($input ne $conf);
	42	return $input;
	43	};
	44
	45	my $cmddef = {
	46	ticket => [ 'PVE::API2::AccessControl', 'create_ticket', ['username'], undef,
	47	sub {
	48	my ($res) = @_;
	49	print "$res->{ticket}\n";
	50	}],
bdc61d7a DM	51
	52	passwd => [ 'PVE::API2::AccessControl', 'change_passsword', ['userid'] ],
	53
2c3a6c0a DM	54	useradd => [ 'PVE::API2::User', 'create_user', ['userid'] ],
	55	usermod => [ 'PVE::API2::User', 'update_user', ['userid'] ],
	56	userdel => [ 'PVE::API2::User', 'delete_user', ['userid'] ],
	57
	58	groupadd => [ 'PVE::API2::Group', 'create_group', ['groupid'] ],
	59	groupmod => [ 'PVE::API2::Group', 'update_group', ['groupid'] ],
	60	groupdel => [ 'PVE::API2::Group', 'delete_group', ['groupid'] ],
	61
	62	roleadd => [ 'PVE::API2::Role', 'create_role', ['roleid'] ],
	63	rolemod => [ 'PVE::API2::Role', 'update_role', ['roleid'] ],
	64	roledel => [ 'PVE::API2::Role', 'delete_role', ['roleid'] ],
	65
7a4c849e DM	66	aclmod => [ 'PVE::API2::ACL', 'update_acl', ['path'], { delete => 0 }],
7a4c849e DM	67	acldel => [ 'PVE::API2::ACL', 'update_acl', ['path'], { delete => 1 }],
2c3a6c0a DM	68	};
	69
	70	my $cmd = shift;
	71
ef740495	72	if (defined($cmd) && $cmd ne 'verifyapi' && $cmd ne 'printmanpod') {
a8a4cd64 WB	73	die "please run as root\n" if $> != 0;
	74
	75	PVE::INotify::inotify_init();
	76
	77	my $rpcenv = PVE::RPCEnvironment->init('cli');
	78
	79	$rpcenv->init_request();
	80	$rpcenv->set_language($ENV{LANG});
	81	$rpcenv->set_user('root@pam');
	82
	83	# autmatically generate the private key if it does not already exists
	84	PVE::Cluster::gen_auth_key();
	85	}
	86
362fe4c6	87	PVE::CLIHandler::handle_cmd($cmddef, "pveum", $cmd, \@ARGV, $read_password, $0);
2c3a6c0a DM	88
	89	exit 0;
	90
	91	__END__
	92
	93	=head1 NAME
	94
	95	pveum - PVE User Manager
	96
	97	=head1 SYNOPSIS
	98
362fe4c6	99	=include synopsis
2c3a6c0a DM	100
	101	=head1 DESCRIPTION
	102
362fe4c6 DM	103	No description available.
	104
	105	=include pve_copyright