Skip Menu |

This queue is for tickets about the HTTPD-User-Manage CPAN distribution.

Report information
The Basics
Id: 18528
Status: new
Priority: 0/
Queue: HTTPD-User-Manage

People
Owner: Nobody in particular
Requestors: pheimann [...] cybercash.de
Cc:
AdminCc:

Bug Information
Severity: Normal
Broken in: 1.65
Fixed in: (no value)



Subject: Deletions and $PROTECT_ADMINS, audit trail
Protection of admin accounts against accidental deletion is missing when $PROTECT_ADMINS is set. The audit trail should show whether a password change was a separate action, or whether it appeared in the course of adding a new user.
Subject: user_manage.patch
*** user_manage.orig Fri Dec 2 21:45:22 2005 --- user_manage Tue Apr 4 11:35:52 2006 *************** *** 90,96 **** BEGIN { if ($ENV{REQUEST_METHOD}) { require CGI; ! CGI->import(qw(:standard :html3 font)); require CGI::Carp; CGI::Carp->import('fatalsToBrowser'); } --- 90,96 ---- BEGIN { if ($ENV{REQUEST_METHOD}) { require CGI; ! CGI->import(qw(:standard :html3 font escapeHTML)); require CGI::Carp; CGI::Carp->import('fatalsToBrowser'); } *************** *** 327,332 **** --- 327,339 ---- sub delete_user { my ($db,$admin,$user) = @_; + if ($PROTECT_ADMINS && $db->match_group($user, $ADMIN_GROUP)) { + error_msg('Error Deleting User', + 'User ', em($user), ' is member of group ', + em($ADMIN_GROUP), ' and cannot be deleted.'); + print hr(); + return; + } if ($db->delete_user($user)) { &audit_trail( "web $admin: deleted user '$user'" ); print h1('User Deleted'), *************** *** 367,372 **** --- 374,382 ---- # If the passwords are different from the current entry for the user, then # we need to set it. my $current = $db->passwd($user); + if ( !$current) { + &audit_trail("web $admin: adding user '$user'"); + } if ( !$current or ( ($current ne $password1) and !$db->match_passwd(-name=>$user,-passwd=>$password1)) ) { if ($PROTECT_ADMINS && $user ne $admin && $db->match_group($user, $ADMIN_GROUP)) {