From a0d82f23670f8e7dafecc3fc6f4ebf948e6c0ac4 Mon Sep 17 00:00:00 2001
From: Ken Moore <ken@pcbsd.org>
Date: Thu, 28 Jul 2016 15:06:15 -0400
Subject: [PATCH] API CHANGE Add an "action"="groupshow" option to the
 sysadm/users class. This will list all the known groups on the system and any
 users associated with them (if all access) or which ones the current user is
 in (if limited access).

REST Request (example):
-------------------------------
PUT /sysadm/users
{
   "action" : "groupshow"
}

WebSocket Request:
-------------------------------
{
   "id" : "fooid",
   "name" : "users",
   "namespace" : "sysadm",
   "args" : {
      "action" : "groupshow"
   }
}

Response:
-------------------------------
{
  "args": {
    "_dhcp": {
      "gid": "65",
      "name": "_dhcp",
      "users": [
        ""
      ]
    },
    "_ntp": {
      "gid": "123",
      "name": "_ntp",
      "users": [
        ""
      ]
    },
    "_pflogd": {
      "gid": "64",
      "name": "_pflogd",
      "users": [
        ""
      ]
    },
    "_tss": {
      "gid": "601",
      "name": "_tss",
      "users": [
        ""
      ]
    },
    "_ypldap": {
      "gid": "160",
      "name": "_ypldap",
      "users": [
        ""
      ]
    },
    "audit": {
      "gid": "77",
      "name": "audit",
      "users": [
        ""
      ]
    },
    "authpf": {
      "gid": "63",
      "name": "authpf",
      "users": [
        ""
      ]
    },
    "avahi": {
      "gid": "558",
      "name": "avahi",
      "users": [
        ""
      ]
    },
    "bin": {
      "gid": "7",
      "name": "bin",
      "users": [
        ""
      ]
    },
    "bind": {
      "gid": "53",
      "name": "bind",
      "users": [
        ""
      ]
    },
    "colord": {
      "gid": "970",
      "name": "colord",
      "users": [
        ""
      ]
    },
    "cups": {
      "gid": "193",
      "name": "cups",
      "users": [
        ""
      ]
    },
    "daemon": {
      "gid": "1",
      "name": "daemon",
      "users": [
        ""
      ]
    },
    "dialer": {
      "gid": "68",
      "name": "dialer",
      "users": [
        ""
      ]
    },
    "ftp": {
      "gid": "14",
      "name": "ftp",
      "users": [
        ""
      ]
    },
    "games": {
      "gid": "13",
      "name": "games",
      "users": [
        ""
      ]
    },
    "git_daemon": {
      "gid": "964",
      "name": "git_daemon",
      "users": [
        ""
      ]
    },
    "guest": {
      "gid": "31",
      "name": "guest",
      "users": [
        ""
      ]
    },
    "haldaemon": {
      "gid": "560",
      "name": "haldaemon",
      "users": [
        ""
      ]
    },
    "hast": {
      "gid": "845",
      "name": "hast",
      "users": [
        ""
      ]
    },
    "kenmoore": {
      "gid": "1001",
      "name": "kenmoore",
      "users": [
        ""
      ]
    },
    "kmem": {
      "gid": "2",
      "name": "kmem",
      "users": [
        ""
      ]
    },
    "mail": {
      "gid": "6",
      "name": "mail",
      "users": [
        ""
      ]
    },
    "mailnull": {
      "gid": "26",
      "name": "mailnull",
      "users": [
        ""
      ]
    },
    "man": {
      "gid": "9",
      "name": "man",
      "users": [
        ""
      ]
    },
    "messagebus": {
      "gid": "556",
      "name": "messagebus",
      "users": [
        ""
      ]
    },
    "network": {
      "gid": "69",
      "name": "network",
      "users": [
        ""
      ]
    },
    "news": {
      "gid": "8",
      "name": "news",
      "users": [
        ""
      ]
    },
    "nobody": {
      "gid": "65534",
      "name": "nobody",
      "users": [
        ""
      ]
    },
    "nogroup": {
      "gid": "65533",
      "name": "nogroup",
      "users": [
        ""
      ]
    },
    "operator": {
      "gid": "5",
      "name": "operator",
      "users": [
        "root",
        "kenmoore"
      ]
    },
    "polkit": {
      "gid": "562",
      "name": "polkit",
      "users": [
        ""
      ]
    },
    "polkitd": {
      "gid": "565",
      "name": "polkitd",
      "users": [
        ""
      ]
    },
    "proxy": {
      "gid": "62",
      "name": "proxy",
      "users": [
        ""
      ]
    },
    "pulse": {
      "gid": "563",
      "name": "pulse",
      "users": [
        ""
      ]
    },
    "pulse-access": {
      "gid": "564",
      "name": "pulse-access",
      "users": [
        ""
      ]
    },
    "pulse-rt": {
      "gid": "557",
      "name": "pulse-rt",
      "users": [
        ""
      ]
    },
    "quasselcore": {
      "gid": "442",
      "name": "quasselcore",
      "users": [
        ""
      ]
    },
    "smmsp": {
      "gid": "25",
      "name": "smmsp",
      "users": [
        ""
      ]
    },
    "sshd": {
      "gid": "22",
      "name": "sshd",
      "users": [
        ""
      ]
    },
    "staff": {
      "gid": "20",
      "name": "staff",
      "users": [
        ""
      ]
    },
    "stunnel": {
      "gid": "341",
      "name": "stunnel",
      "users": [
        ""
      ]
    },
    "sys": {
      "gid": "3",
      "name": "sys",
      "users": [
        ""
      ]
    },
    "test2": {
      "gid": "1003",
      "name": "test2",
      "users": [
        ""
      ]
    },
    "tty": {
      "gid": "4",
      "name": "tty",
      "users": [
        ""
      ]
    },
    "unbound": {
      "gid": "59",
      "name": "unbound",
      "users": [
        ""
      ]
    },
    "uucp": {
      "gid": "66",
      "name": "uucp",
      "users": [
        ""
      ]
    },
    "video": {
      "gid": "44",
      "name": "video",
      "users": [
        ""
      ]
    },
    "webcamd": {
      "gid": "145",
      "name": "webcamd",
      "users": [
        ""
      ]
    },
    "wheel": {
      "gid": "0",
      "name": "wheel",
      "users": [
        "root",
        "kenmoore"
      ]
    },
    "www": {
      "gid": "80",
      "name": "www",
      "users": [
        ""
      ]
    }
  },
  "id": "fooid",
  "name": "response",
  "namespace": "sysadm"
}
---
 src/server/WebBackend.cpp           |  3 ++
 src/server/library/sysadm-users.cpp | 44 +++++++++++++++++++++++++++--
 src/server/library/sysadm-users.h   | 10 ++++++-
 3 files changed, 54 insertions(+), 3 deletions(-)

diff --git a/src/server/WebBackend.cpp b/src/server/WebBackend.cpp
index a5ef14f..b22c2de 100644
--- a/src/server/WebBackend.cpp
+++ b/src/server/WebBackend.cpp
@@ -933,6 +933,9 @@ RestOutputStruct::ExitCode WebSocket::EvaluateSysadmUserRequest(bool allaccess,
     }
     if(go){ ok = sysadm::UserManager::modifyUser(out, in_args.toObject() ); }
 
+  }else if(action=="groupshow"){
+    ok = sysadm::UserManager::listGroups(out, (allaccess ? "" : user) );
+
   }else if(action=="personacrypt_init"){
     qDebug() << "got PC init request:" << in_args << allaccess << user;
     bool go = true;
diff --git a/src/server/library/sysadm-users.cpp b/src/server/library/sysadm-users.cpp
index 7beaf69..2c208e4 100644
--- a/src/server/library/sysadm-users.cpp
+++ b/src/server/library/sysadm-users.cpp
@@ -187,6 +187,47 @@ bool UserManager::modifyUser(QJsonObject* out, QJsonObject obj){
   return ok;
 }
 
+// === GROUP MANAGEMENT ===
+bool UserManager::listGroups(QJsonObject* out, QString user ){
+  bool ok = false;
+  QStringList info = General::RunCommand(ok, "pw", QStringList() << "groupshow" << "-a", "",QStringList() << "MM_CHARSET=UTF-8").split("\n");
+  if(ok){
+    for(int i=0; i<info.length(); i++){
+      QStringList ginfo = info[i].split(":");
+      if(ginfo.length()<4){ continue; } //invalid line
+      QJsonObject obj;
+        obj.insert("name",ginfo[0]);
+        obj.insert("gid",ginfo[2]);
+        QStringList users = ginfo[3].split(",");
+        //If restricted to a particular user, only show that user in the users list as needed (don't show other users)
+        if(user.isEmpty()){obj.insert("users", QJsonArray::fromStringList( users ) ); }
+        else if(users.contains(user)){ obj.insert("users", QJsonArray::fromStringList( QStringList() << user ) ); }
+      out->insert(ginfo[0], obj);
+    }
+  }
+  return ok;
+}
+
+bool UserManager::addGroup(QJsonObject* out, QJsonObject input){
+  bool ok = false;
+
+  return ok;
+}
+
+bool UserManager::removeGroup(QString name){
+  bool ok = false;
+  QStringList args; args << "groupdel" << "-n" << name;
+  QString res = General::RunCommand(ok, "pw", args);
+  if(!ok){ qDebug() << "[ERROR] Could not delete group:"<< name << "\n - Result Message:" << res; }
+  return ok;
+}
+
+bool UserManager::modifyGroup(QJsonObject* out, QJsonObject input){
+  bool ok = false;
+
+  return ok;
+}
+
 // === PERSONACRYPT FUNCTIONS ===
 //List all the devices currently available to be used for a PersonaCrypt User
 QStringList UserManager::getAvailablePersonaCryptDevices(){
@@ -206,8 +247,7 @@ bool UserManager::InitializePersonaCryptDevice(QString username, QString pass, Q
     pfile.write(pass.toUtf8().data());
     pfile.close();
     QString result = General::RunCommand(ok, "personacrypt", QStringList() << "init" << username << pfile.fileName() << device);
-    //ok = General::RunQuickCommand("personacrypt", QStringList() << "init" << username << pfile.fileName() << device);
-    qDebug() << "PC init result:" << result;
+    //qDebug() << "PC init result:" << result;
   }
   return ok;
 }
diff --git a/src/server/library/sysadm-users.h b/src/server/library/sysadm-users.h
index 665a517..c37fa0b 100644
--- a/src/server/library/sysadm-users.h
+++ b/src/server/library/sysadm-users.h
@@ -17,11 +17,19 @@ public:
 	//List all the users currently registered on the system
 	static bool listUsers(QJsonObject* out, bool showall, QString user = "");
 
-	//Add a new user to the system
+	//User Management
 	static bool addUser(QJsonObject* out, QJsonObject inputs);
 	static bool removeUser(QString username, bool deletehomedir = true);
 	static bool modifyUser(QJsonObject* out, QJsonObject inputs);
 
+	//List all the groups current registered on the system
+	static bool listGroups(QJsonObject* out, QString user = "");
+
+	//Group Management
+	static bool addGroup(QJsonObject* out, QJsonObject input);
+	static bool removeGroup(QString name);
+	static bool modifyGroup(QJsonObject* out, QJsonObject input);
+
 	//List all the devices currently available to be used for a PersonaCrypt User
 	static QStringList getAvailablePersonaCryptDevices();