Changeset 262 for branches/dns/cgi-bin/admin.cgi

Timestamp:

06/17/05 16:42:45 (20 years ago)

Author:

Kris Deugau

Message:

/branches/dns

Update branch base with trunk changes from r216:261

File:

• branches/dns/cgi-bin/admin.cgi (modified) (6 diffs)

branches/dns/cgi-bin/admin.cgi

@@ -33 +33 @@
 }
 
-if ($authuser !~ /^(kdeugau|jodyh|jipp)$/) {
-  print "Content-Type: text/html\n\n".
-        "<html><head><title>Access denied</title></head><body>\n".
-        'Access to this tool is restricted.  Contact <a href="mailto:kdeugau@vianet.ca">Kris</a> '.
-        "for more information.</body></html>\n";
-  exit;
-}
-
 syslog "debug", "$authuser active";
 
@@ -53 +45 @@
 }
 initIPDBGlobals($ip_dbh);
+
+if ($IPDBacl{$authuser} !~ /A/) {
+  print "Content-Type: text/html\n\n".
+        "<html><head><title>Access denied</title></head><body>\n".
+        'Access to this tool is restricted.  Contact <a href="mailto:kdeugau@vianet.ca">Kris</a> '.
+        "for more information.</body></html>\n";
+  exit;
+}
 
 my %webvar = parse_post();
@@ -90 +90 @@
 </form>
 <hr><a href="admin.cgi?action=showpools">List IP Pools</a> for manual tweaking and updates
+<hr><a href="admin.cgi?action=showusers">Manage users</a> (add/remove users;  change
+internal access controls - note that this does NOT include IP-based limits)
 );
 } else {
@@ -123 +125 @@
     printAndExit("Can't allocate from outside a free block!!\n")
         if !$data[0];
+  } elsif ($webvar{alloctype} =~ /^(.)i$/) {
+    $sth = $ip_dbh->prepare("select cidr from allocations where cidr >>='$cidr' and (type like '_d' or type like '_p')");
+    $sth->execute;
+    @data = $sth->fetchrow_array;
+# User deserves errors if user can't be bothered to find the pool and a free IP first.
+    printAndExit("Can't allocate static IP from outside a pool!!\n")
+        if !$data[0];
   } else {
     $sth = $ip_dbh->prepare("select cidr from freeblocks where cidr >>='$cidr' and not (routed='n')");
@@ -202 +211 @@
       print "Allocation failed!  IPDB::allocateBlock said:\n$msg\n";
       syslog "err", "($authuser) Allocation of '$webvar{cidr}' to '$webvar{custid}' as ".
-        "'$webvar{type}' failed: '$msg'";
+        "'$webvar{alloctype}' failed: '$msg'";
     }
   } # done city check
@@ -267 +276 @@
     syslog "notice", "$authuser updated pool IP $webvar{ip}";
   }
-#  showPool("$data[0]");
-#} else {
-#  print "webvar{action} check failed: $webvar{action}";
+} elsif ($webvar{action} eq 'showusers') {
+  print "Notes:<br>\n".
+        "<li>Admin users automatically get all other priviledges.\n".
+        "<hr>Add new user:<form action=admin.cgi method=POST>\n".
+        "Username: <input name=username><br>\n".
+        "Password: <input name=password> <input type=checkbox name=preenc>Password is pre-encrypted (MUST be crypt() encrypted)<br>\n".
+        "<input type=submit value='Add user'><input type=hidden name=action value=newuser></form>\n";
+
+  print "<hr>Users with access:\n<table border=1>\n";
+  print "<tr><td>Username</td><td>Add new</td><td>Change</td>".
+        "<td>Delete</td><td>Admin user</td></tr>\n".
+        "<form action=admin.cgi method=POST>\n";
+  $sth = $ip_dbh->prepare("select username,acl from users order by username");
+  $sth->execute;
+  while (my @data = $sth->fetchrow_array) {
+    print "<form action=admin.cgi method=POST><input type=hidden name=action value=updacl>".
+        qq(<tr><td>$data[0]<input type=hidden name=username value="$data[0]"></td><td>).
+    # Now for the fun bit.  We have to pull apart the ACL field and
+    # output a bunch of checkboxes.
+        "<input type=checkbox name=add".($data[1] =~ /a/ ? ' checked=y' : '').
+        "></td><td><input type=checkbox name=change".($data[1] =~ /c/ ? ' checked=y' : '').
+        "></td><td><input type=checkbox name=del".($data[1] =~ /d/ ? ' checked=y' : '').
+        "></td><td><input type=checkbox name=admin".($data[1] =~ /A/ ? ' checked=y' : '').
+        qq(></td><td><input type=submit value="Update"></td></form>\n).
+        "<form action=admin.cgi method=POST><td><input type=hidden name=action value=deluser>".
+        "<input type=hidden name=username value=$data[0]>".
+        qq(<input type=submit value="Delete user"></tr></form>\n);
+
+  }
+  print "</table>\n";
+} elsif ($webvar{action} eq 'updacl') {
+  print "Updating ACL for $webvar{username}:<br>\n";
+  my $acl = 'b';
+  if ($webvar{admin} eq 'on') {
+    $acl .= "acdA";
+  } else {
+    $acl .= ($webvar{add} eq 'on' ? 'a' : '').
+        ($webvar{change} eq 'on' ? 'c' : '').
+        ($webvar{del} eq 'on' ? 'd' : '');
+  }
+  print "New ACL: $acl<br>\n";
+
+  $sth = $ip_dbh->prepare("update users set acl='$acl' where username='$webvar{username}'");
+  $sth->execute;
+  print "OK\n" if !$sth->err;
+
+  print qq(<hr><a href="admin.cgi?action=showusers">Back</a> to user listing\n);
+
+} elsif ($webvar{action} eq 'newuser') {
+  print "Adding user $webvar{username}...\n";
+  my $cr_pass = ($webvar{preenc} ? $webvar{password} :
+        crypt $webvar{password}, join('',('.','/',0..9,'A'..'Z','a'..'z')[rand 64, rand 64]));
+  $sth = $ip_dbh->prepare("insert into users (username,password,acl) values ".
+        "('$webvar{username}','$cr_pass','b')");
+  $sth->execute;
+  if ($sth->err) {
+    print "<br>Error adding user: ".$sth->errstr;
+  } else {
+    print "OK\n";
+  }
+
+  print qq(<hr><a href="admin.cgi?action=showusers">Back</a> to user listing\n);
+
+} elsif ($webvar{action} eq 'deluser') {
+  print "Deleting user $webvar{username}.<br>\n";
+  $sth = $ip_dbh->prepare("delete from users where username='$webvar{username}'");
+  $sth->execute;
+  print "OK\n" if !$sth->err;
+
+  print qq(<hr><a href="admin.cgi?action=showusers">Back</a> to user listing\n);
+
+} elsif ($webvar{action} ne '<NULL>') {
+  print "webvar{action} check failed: Don't know how to $webvar{action}";
 }