-
Index: /branches/acl/cgi-bin/CommonWeb.pm
===================================================================
--- /branches/acl/cgi-bin/CommonWeb.pm (revision 222)
+++ /branches/acl/cgi-bin/CommonWeb.pm (revision 223)
@@ -53,15 +53,24 @@
}
-sub printHeader($) #(cgiurl)
-{
- my $cgiURL = $_[0];
- print "Content-type: text/html\n\n";
- open(FILE, "../header.inc") || die $!;
- while ()
- {
- $_ =~ s/\$\$CGIURL\$\$/$cgiURL/g;
- print $_;
- }
- close(FILE);
+
+sub printHeader {
+ my $title = shift;
+ print "Content-type: text/html\n\n";
+# This doesn't work well. Must investigate.
+# my $realm = shift;
+# print qq(WWW-Authenticate: Basic realm="$realm"\n) if $realm;
+ open FILE, "../header.inc"
+ or carp $!;
+ my $html = join('',);
+ close FILE;
+
+ $html =~ s/\$\$TITLE\$\$/$title/;
+# Necessary for mangling arbitrary bits of the header
+ my $i=0;
+ while (defined(my $param = shift)) {
+ $html =~ s/\$\$EXTRA$i\$\$/$param/g;
+ $i++;
+ }
+ print $html;
}
Index: /branches/acl/cgi-bin/main.cgi
===================================================================
--- /branches/acl/cgi-bin/main.cgi (revision 222)
+++ /branches/acl/cgi-bin/main.cgi (revision 223)
@@ -22,7 +22,6 @@
openlog "IPDB","pid","local2";
-# Present HTTP AUTH headers, as well as opening content-type.
-#print 'WWW-Authenticate: Basic realm="ViaNet IP Database"\n';
-# Collect the username from HTTP auth. If undefined, we're in a test environment.
+# Collect the username from HTTP auth. If undefined, we're in
+# a test environment, or called without a username.
my $authuser;
if (!defined($ENV{'REMOTE_USER'})) {
@@ -41,7 +40,13 @@
($ip_dbh,$errstr) = connectDB_My;
if (!$ip_dbh) {
- printAndExit("Database error: $errstr\n");
+ exitError("Database error: $errstr\n");
}
initIPDBGlobals($ip_dbh);
+
+# Headerize! Make sure we replace the $$EXTRA0$$ bit as needed.
+printHeader('', ($IPDBacl{$authuser} =~ /a/ ?
+ 'Add new assignment' : ''
+ ));
+
#prototypes
@@ -66,20 +71,30 @@
if($webvar{action} eq 'index') {
showSummary();
+} elsif ($webvar{action} eq 'addmaster') {
+ if ($IPDBacl{$authuser} !~ /a/) {
+ printError("You shouldn't have been able to get here. Access denied.");
+ } else {
+ open HTML, "<../addmaster.html";
+ print while ;
+ }
} elsif ($webvar{action} eq 'newmaster') {
- printHeader('');
-
- my $cidr = new NetAddr::IP $webvar{cidr};
-
- print "
Adding $cidr as master block....
\n";
-
- # Allow transactions, and raise an exception on errors so we can catch it later.
- # Use local to make sure these get "reset" properly on exiting this block
- local $ip_dbh->{AutoCommit} = 0;
- local $ip_dbh->{RaiseError} = 1;
-
- # Wrap the SQL in a transaction
- eval {
- $sth = $ip_dbh->prepare("insert into masterblocks values ('$webvar{cidr}')");
- $sth->execute;
+
+ if ($IPDBacl{$authuser} !~ /a/) {
+ printError("You shouldn't have been able to get here. Access denied.");
+ } else {
+
+ my $cidr = new NetAddr::IP $webvar{cidr};
+
+ print "
Adding $cidr as master block....
\n";
+
+ # Allow transactions, and raise an exception on errors so we can catch it later.
+ # Use local to make sure these get "reset" properly on exiting this block
+ local $ip_dbh->{AutoCommit} = 0;
+ local $ip_dbh->{RaiseError} = 1;
+
+ # Wrap the SQL in a transaction
+ eval {
+ $sth = $ip_dbh->prepare("insert into masterblocks values ('$webvar{cidr}')");
+ $sth->execute;
# Unrouted blocks aren't associated with a city (yet). We don't rely on this
@@ -87,21 +102,23 @@
# Thus the "routed" flag.
- $sth = $ip_dbh->prepare("insert into freeblocks (cidr,maskbits,city,routed)".
+ $sth = $ip_dbh->prepare("insert into freeblocks (cidr,maskbits,city,routed)".
" values ('$webvar{cidr}',".$cidr->masklen.",'','n')");
- $sth->execute;
-
- # If we get here, everything is happy. Commit changes.
- $ip_dbh->commit;
- }; # end eval
-
- if ($@) {
- carp "Transaction aborted because $@";
- eval { $ip_dbh->rollback; };
- syslog "err", "Could not add master block '$webvar{cidr}' to database: '$@'";
- printError("Could not add master block $webvar{cidr} to database: $@");
- } else {
- print "
Success!
\n";
- syslog "info", "$authuser added master block $webvar{cidr}";
- }
+ $sth->execute;
+
+ # If we get here, everything is happy. Commit changes.
+ $ip_dbh->commit;
+ }; # end eval
+
+ if ($@) {
+ carp "Transaction aborted because $@";
+ eval { $ip_dbh->rollback; };
+ syslog "err", "Could not add master block '$webvar{cidr}' to database: '$@'";
+ printError("Could not add master block $webvar{cidr} to database: $@");
+ } else {
+ print "
Success!
\n";
+ syslog "info", "$authuser added master block $webvar{cidr}";
+ }
+
+ } # ACL check
} # end add new master
@@ -117,5 +134,4 @@
}
elsif($webvar{action} eq 'search') {
- printHeader('');
if (!$webvar{input}) {
# No search term. Display everything.
@@ -155,5 +171,4 @@
# which is not in any way guaranteed to provide anything useful.
else {
- printHeader('');
my $rnd = rand 500;
my $boing = sprintf("%.2f", rand 500);
@@ -394,6 +409,4 @@
# Initial display: Show master blocks with total allocated subnets, total free subnets
sub showSummary {
- # this is horrible-ugly-bad and will Go Away real soon now(TM)
- print "Content-type: text/html\n\n";
startTable('Master netblock', 'Routed netblocks', 'Allocated netblocks',
@@ -451,5 +464,5 @@
print "\n";
if ($IPDBacl{$authuser} =~ /a/) {
- print qq(Add new master block
\n);
}
print "Note: Free blocks noted here include both routed and unrouted blocks.\n";
@@ -464,5 +477,4 @@
# else should follow. YMMV.)
sub showMaster {
- printHeader('');
print qq(
Summarizing routed blocks for ).
@@ -577,5 +589,4 @@
# not have anything useful to spew.
sub showRBlock {
- printHeader('');
my $master = new NetAddr::IP $webvar{block};
@@ -649,5 +660,5 @@
# Include some HairyPerl(TM) to prefix subblocks with "Sub "
my @row = ((($data[1] ne 'y' && $data[1] ne 'n') ? 'Sub ' : '').
- qq($cidr),
+ ($IPDBacl{$authuser} =~ /a/ ? qq($cidr) : $cidr),
$cidr->range);
printRow(\@row, 'color1') if ($count%2 == 0);
@@ -662,5 +673,4 @@
# List the IPs used in a pool
sub listPool {
- printHeader('');
my $cidr = new NetAddr::IP $webvar{pool};
@@ -725,5 +735,9 @@
# be one of two templates, and the lists come from the database.
sub assignBlock {
- printHeader('');
+
+ if ($IPDBacl{$authuser} !~ /a/) {
+ printError("You shouldn't have been able to get here. Access denied.");
+ return;
+ }
my $html;
@@ -803,5 +817,8 @@
# Take info on requested IP assignment and see what we can provide.
sub confirmAssign {
- printHeader('');
+ if ($IPDBacl{$authuser} !~ /a/) {
+ printError("You shouldn't have been able to get here. Access denied.");
+ return;
+ }
my $cidr;
@@ -962,6 +979,9 @@
# Do the work of actually inserting a block in the database.
sub insertAssign {
+ if ($IPDBacl{$authuser} !~ /a/) {
+ printError("You shouldn't have been able to get here. Access denied.");
+ return;
+ }
# Some things are done more than once.
- printHeader('');
return if !validateInput();
@@ -1061,5 +1081,4 @@
# action=edit
sub edit {
- printHeader('');
my $sql;
@@ -1137,5 +1156,4 @@
# action=update
sub update {
- printHeader('');
# Make sure incoming data is in correct format - custID among other things.
@@ -1198,5 +1216,4 @@
# Delete an allocation.
sub remove {
- printHeader('');
#show confirm screen.
open HTML, "../confirmRemove.html"
@@ -1288,5 +1305,4 @@
# Remove IPs from pool listing if necessary
sub finalDelete {
- printHeader('');
my ($code,$msg) = deleteBlock($ip_dbh, $webvar{block}, $webvar{alloctype});
@@ -1311,4 +1327,16 @@
+sub exitError {
+ my $errStr = $_[0];
+ printHeader('','');
+ print qq(
$errStr
+
+
+);
+ printFooter();
+ exit;
+} # errorExit
+
+
# Just in case we manage to get here.
exit 0;
Index: /branches/acl/header.inc
===================================================================
--- /branches/acl/header.inc (revision 222)
+++ /branches/acl/header.inc (revision 223)
@@ -51,5 +51,5 @@
-Add new assignment
+$$EXTRA0$$
Index: /branches/acl/index.shtml
===================================================================
--- /branches/acl/index.shtml (revision 222)
+++ /branches/acl/index.shtml (revision 223)
@@ -1,2 +1,1 @@
-