API CHANGE:

Modify a couple sysadm/users API calls:
"action"="usermod":
  Add in the optional PersonaCrypt arguments:
 1) "personacrypt_init"="<device>" AND "personacrypt_password"="<password for device>"
    This will initialize a personacrypt device and move the current home directory contents onto the device.
  2) "personacrypt_import"="<base64-encoded contents of a PC key file>"
    This will import an existing key for the designated user and allow a previously initialized device to be used for this user.
  3) "personacrypt_disable"="<device password>"
    This will disable the personacrypt key for this user, and merge any data from the device back onto the local system (if <device password> is valid/non-empty)

src/server/library/sysadm-users.cpp

@@ -150,6 +150,19 @@ bool UserManager::modifyUser(QJsonObject* out, QJsonObject obj){
   //OPTIONAL: "personacrypt_import"=<contents of key file - base64 encoded>
   if(obj.contains("name") ){
     QString username = obj.value("name").toString();
+    //See if PersonaCrypt should be used on this user as well
+    QString PCdev;
+    if(obj.contains("personacrypt_init")){
+      QString dev = obj.value("personacrypt_init").toString();
+      if(dev.startsWith("/dev/")){ dev = dev.remove(0,5); }
+      //Verify that the given device is valid
+      QStringList valid = getAvailablePersonaCryptDevices();
+      for(int i=0; i<valid.length(); i++){
+        if(valid[i].startsWith(dev+": ")){ PCdev = dev; } //this is a valid device
+      }
+      if(PCdev!=dev){ return false; } //invalid inputs - invalid device for PersonaCrypt
+    }
+    //Now start assembling the external command
     QStringList args; args << "usermod";
     args << "-n" << username;
     if(obj.contains("uid")){ args << "-u" << obj.value("uid").toString(); }
@@ -177,9 +190,34 @@ bool UserManager::modifyUser(QJsonObject* out, QJsonObject obj){
       }else{
         out->insert("error","Could not open temporary file for password"); //should never happen
       }
-    }else{
+    }else if(args.length()>3){
       //No password change - simple command
       ok = General::RunQuickCommand("pw", args);
+    }else if( !obj.keys().filter("personacrypt_").isEmpty() ){
+      ok = true; //no user changes aside from PersonaCrypt changes
+    }
+    //PERSONACRYPT CHANGES
+    if(ok && !PCdev.isEmpty()){
+      // INIT PERSONACRYPT DEVICE NOW
+      //User created fine - go ahead and initialize the PersonaCrypt device for this user now
+      QString pass = obj.value("password").toString(); //assume the same password as the user unless specified otherwise
+      if(obj.contains("personacrypt_password")){ pass = obj.value("personacrypt_password").toString(); } //separate password for device
+      ok = InitializePersonaCryptDevice(username, pass, PCdev);
+      if(!ok){ out->insert("error","could not initialize personacrypt device"); }
+    }else if(ok && obj.contains("personacrypt_import")){
+      // IMPORT PERSONACRYPT KEY NOW
+      ok = false;
+      //Need to save key to a local file temporarily
+      QTemporaryFile keyfile("/tmp/.XXXXXXXXXXXXXXX");
+      if(keyfile.open()){
+        keyfile.write( QByteArray::fromBase64(obj.value("personacrypt_import").toString().toUtf8()).data() );
+        keyfile.close();
+        ok = ImportPersonaCryptKey(keyfile.fileName());
+      }
+      if(!ok){ out->insert("error","could not import personacrypt key"); }
+    }else if(ok && obj.contains("personacrypt_disable")){
+      QString pass = obj.value("personacrypt_disable").toString();
+      ok = DisablePersonaCryptKey(username, pass);
     }
   }
   if(ok){ out->insert("result","success"); }
@@ -271,3 +309,19 @@ bool UserManager::ImportPersonaCryptKey(QString keyfile){
   bool ok = General::RunQuickCommand("personacrypt", QStringList() << "import" << keyfile);    
   return ok;
 }
+
+bool UserManager::DisablePersonaCryptKey(QString username, QString pass){
+  bool ok = false;
+  if(pass.isEmpty()){
+    General::RunCommand(ok, "personacrypt", QStringList() << "remove" << username);
+  }else{
+    QTemporaryFile pfile("/tmp/.XXXXXXXXXXXXXXX");
+    if( pfile.open() ){
+      pfile.write(pass.toUtf8().data());
+      pfile.close();
+      QString result = General::RunCommand(ok, "personacrypt", QStringList() << "remove" << username << pfile.fileName());
+      //qDebug() << "PC init result:" << result;
+    }
+  }
+  return ok;
+}

src/server/library/sysadm-users.h

@@ -36,6 +36,7 @@ public:
 	//PersonaCrypt Modification functions
 	static bool InitializePersonaCryptDevice(QString username, QString pass, QString device);
 	static bool ImportPersonaCryptKey(QString keyfile);
+	static bool DisablePersonaCryptKey(QString username, QString pass);
 };
 	
 } //end of sysadm namespace