Commit 9eee26fa authored by Leigh B Stoller's avatar Leigh B Stoller

Minor changes to support automatic reactivation of users when they login

to the web interface. Note that I removed the setgroups from the path
cause it is so slow on the Mothership, probably cause of the group file
size. Turns out this is okay, we keep the groups of inactive users in
sync.
parent b1ae83c4
......@@ -1133,9 +1133,13 @@ sub DeactivateUser()
sub ReactivateUser()
{
#
# Only admin people can do this.
# Only admin people can do this to another user, but we do allow a
# user to reactivate themselves, as from the web interface when they
# log in and the account has been deactivated for lack of use.
#
if (! TBAdmin($UID)) {
if (! (TBAdmin($UID) ||
($target_user->SameUser($this_user) &&
$status eq USERSTATUS_ACTIVE))) {
fatal("You do not have permission to reactivate user $user.");
}
#
......@@ -1160,13 +1164,6 @@ sub ReactivateUser()
UpdateUser(0) == 0
or fatal("Cannot reactivate $user");
#
# Invoke as real user for auditing.
#
$EUID = $UID;
system("$SETGROUPS $user");
$EUID = 0;
return 0;
}
......
......@@ -891,11 +891,6 @@ function DOLOGIN($token, $password, $adminmode = 0, $nopassword = 0) {
$user->UpdateWebLoginFail();
return DOLOGIN_STATUS_WEBFREEZE;
}
# inactive users need special handling for now.
if ($user->status() == TBDB_USERSTATUS_INACTIVE) {
return DOLOGIN_STATUS_INACTIVE;
}
if (!$nopassword) {
$encoding = crypt("$password", $db_encoding);
if (strcmp($encoding, $db_encoding)) {
......@@ -923,6 +918,16 @@ function DOLOGIN($token, $password, $adminmode = 0, $nopassword = 0) {
#
# Pass!
#
# But inactive users need special handling.
if ($user->status() == TBDB_USERSTATUS_INACTIVE) {
# Try to reactivate the user. If we fail for some reason, fall
# back to just telling them they are inactive. Otherwise we can
# proceed with login.
if (ReactivateUser($user)) {
return DOLOGIN_STATUS_INACTIVE;
}
}
#
# Set adminmode off on new logins, unless user requested to be
......@@ -1374,6 +1379,22 @@ function BumpLogoutTime()
return 0;
}
#
# Reactivate user.
#
function ReactivateUser($user)
{
$user->SetStatus(TBDB_USERSTATUS_ACTIVE);
$uid = $user->uid();
if (SUEXEC($uid, "nobody",
"webtbacct reactivate $uid", SUEXEC_ACTION_CONTINUE)) {
$user->SetStatus(TBDB_USERSTATUS_INACTIVE);
return -1;
}
return 0;
}
#
# Beware empty spaces (cookies)!
#
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment