Changeset 226 for branches/acl


Ignore:
Timestamp:
04/15/05 16:01:04 (20 years ago)
Author:
Kris Deugau
Message:

/branches/acl

Admin tool updated to allow control of ACLs. At least one
visit is required to import existing .htpasswd users into
the ACL table in the database.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • branches/acl/cgi-bin/admin.cgi

    r214 r226  
    3333}
    3434
    35 if ($authuser !~ /^(kdeugau|jodyh|jipp)$/) {
    36   print "Content-Type: text/html\n\n".
    37         "<html><head><title>Access denied</title></head><body>\n".
    38         'Access to this tool is restricted.  Contact <a href="mailto:kdeugau@vianet.ca">Kris</a> '.
    39         "for more information.</body></html>\n";
    40   exit;
    41 }
    42 
    4335syslog "debug", "$authuser active";
    4436
     
    5345}
    5446initIPDBGlobals($ip_dbh);
     47
     48if ($IPDBacl{$authuser} !~ /A/) {
     49  print "Content-Type: text/html\n\n".
     50        "<html><head><title>Access denied</title></head><body>\n".
     51        'Access to this tool is restricted.  Contact <a href="mailto:kdeugau@vianet.ca">Kris</a> '.
     52        "for more information.</body></html>\n";
     53  exit;
     54}
    5555
    5656my %webvar = parse_post();
     
    9090</form>
    9191<hr><a href="admin.cgi?action=showpools">List IP Pools</a> for manual tweaking and updates
     92<hr><a href="admin.cgi?action=showACL">Change ACLs</a> (change internal access controls -
     93note that this does NOT include IP-based limits)
    9294);
    9395} else {
     
    267269    syslog "notice", "$authuser updated pool IP $webvar{ip}";
    268270  }
    269 #  showPool("$data[0]");
    270 #} else {
    271 #  print "webvar{action} check failed: $webvar{action}";
     271} elsif ($webvar{action} eq 'showACL') {
     272  print "Notes:<br>\n".
     273        "<li>Users must be added to .htpasswd from the shell, for the time being.\n".
     274        "<li>New accounts will be added to the ACL here every time this page is loaded.\n".
     275        "<li>Old accounts will NOT be automatically deleted;  they must be removed via shell.\n".
     276        "<li>Admin users automatically get all other priviledges.\n";
     277# open .htpasswd, and snag the userlist.
     278  $sth = $ip_dbh->prepare("select count (*) from users where username=?");
     279  open HTPASS, "<../../.htpasswd" or carp "BOO! No .htpasswd file!";
     280  while (<HTPASS>) {
     281    my ($username,$encpwd) = split /:/;
     282    $sth->execute($username);
     283    my @data = $sth->fetchrow_array;
     284    if ($data[0] eq '0') {
     285      my $sth2 = $ip_dbh->prepare("insert into users (username,password) values ('$username','$encpwd')");
     286      $sth2->execute;
     287      print "$username added with read-only privs to ACL<br>\n";
     288    }
     289  }
     290
     291  print "<hr>Users with access:\n<table border=1>\n";
     292  print "<tr><td>Username</td><td>Add new</td><td>Change</td>".
     293        "<td>Delete</td><td>Admin user</td></tr>\n".
     294        "<form action=admin.cgi method=POST>\n";
     295  $sth = $ip_dbh->prepare("select username,acl from users order by username");
     296  $sth->execute;
     297  while (my @data = $sth->fetchrow_array) {
     298    print "<form action=admin.cgi method=POST><input type=hidden name=action value=updacl>".
     299        qq(<tr><td>$data[0]<input type=hidden name=username value="$data[0]"></td><td>).
     300    # Now for the fun bit.  We have to pull apart the ACL field and
     301    # output a bunch of checkboxes.
     302        "<input type=checkbox name=add".($data[1] =~ /a/ ? ' checked=y' : '').
     303        "></td><td><input type=checkbox name=change".($data[1] =~ /c/ ? ' checked=y' : '').
     304        "></td><td><input type=checkbox name=del".($data[1] =~ /d/ ? ' checked=y' : '').
     305        "></td><td><input type=checkbox name=admin".($data[1] =~ /A/ ? ' checked=y' : '').
     306        qq(></td><td><input type=submit value="Update"></td></tr></form>\n);
     307
     308  }
     309  print "</table>\n";
     310} elsif ($webvar{action} eq 'updacl') {
     311  print "Updating ACL for $webvar{username}:<br>\n";
     312  my $acl = 'b';
     313  if ($webvar{admin} eq 'on') {
     314    $acl .= "acdA";
     315  } else {
     316    $acl .= ($webvar{add} eq 'on' ? 'a' : '').
     317        ($webvar{change} eq 'on' ? 'c' : '').
     318        ($webvar{del} eq 'on' ? 'd' : '');
     319  }
     320  print "New ACL: $acl<br>\n";
     321
     322  $sth = $ip_dbh->prepare("update users set acl='$acl' where username='$webvar{username}'");
     323  $sth->execute;
     324  print "OK\n" if !$sth->err;
     325
     326  print qq(<hr><a href="admin.cgi?action=showACL">Back</a> to ACL listing\n);
     327
     328} else {
     329  print "webvar{action} check failed: Don't know how to $webvar{action}";
    272330}
    273331
Note: See TracChangeset for help on using the changeset viewer.