diff options
author | Endi Sukma Dewata <edewata@redhat.com> | 2012-11-21 14:30:45 -0500 |
---|---|---|
committer | Endi Sukma Dewata <edewata@redhat.com> | 2012-11-22 03:22:57 -0500 |
commit | 54a3d4cc2ed6676cdad9e944a10db15b47c58d00 (patch) | |
tree | c46789191bb53c247621c559d971efa280a7d49a /base/tps/apache/cgi-bin | |
parent | 2fd7c09281cf65430477d33a45df0ac876ea04ad (diff) | |
download | pki-54a3d4cc2ed6676cdad9e944a10db15b47c58d00.tar.gz pki-54a3d4cc2ed6676cdad9e944a10db15b47c58d00.tar.xz pki-54a3d4cc2ed6676cdad9e944a10db15b47c58d00.zip |
Reorganized TPS templates and scripts.
The templates, JS, and CGI scripts for TPS have been reorganized
into the TPS core package.
Ticket #407
Diffstat (limited to 'base/tps/apache/cgi-bin')
41 files changed, 6030 insertions, 0 deletions
diff --git a/base/tps/apache/cgi-bin/demo/Enroll.html b/base/tps/apache/cgi-bin/demo/Enroll.html new file mode 100755 index 000000000..df00dbee4 --- /dev/null +++ b/base/tps/apache/cgi-bin/demo/Enroll.html @@ -0,0 +1,81 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2009 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> +<html> +<head> +<meta http-equiv="Content-Type" content="text/html; charset=utf-8"> +<link rel=stylesheet href="/esc/demo/style.css" type="text/css"> + +<title>Enrollment</title> +</head> +<script type="text/JavaScript" src="/esc/demo/util.js"> +</script> +<body onload="InitializeBindingTable();" onunload=cleanup()> + +<progressmeter id="progress-id" hidden="true" align = "center"/> +<table width="100%" class="logobar"> + <tr> + <td> +<img alt="" src="/pki/esc/demo/logo.jpg"> + </td> + <td> + <p class="headerText">Veracify Investments Smartcard Enrollment</p> + </td> + </tr> +</table> + <table id="BindingTable" width="200px" align="center"> + <tr id="HeaderRow"> + <td></td> + </tr> + </table> + <p class="bodyText">You have plugged in your Veracify Investments smartcard! After answering a few easy questions, you will be able to use your smartcard to securely manage your investment portfolio. + </p> + <p class="bodyText"> + Now we would like you to identify yourself as a current Veracify Investments Customer. + </p> + <table> + <tr> + <td><p >Veracify Account Name: </p></td> + <td> </td> + <td><input type="text" id="snametf" value=""></td> + <td> </td> + <td><p>Veracify Account Number: </p></td> + <td> </td> + <td><input type="password" id="snamepwd" value=""></td> + </tr> + + </table> + + <p class="bodyText"> Before you can use your smartcard, you will need a password to protect it.</p> + <table> + <tr> + <td><p >Password:</p></td> + <td><input type="password" id="pintf" name="pintf" value=""></td> + + <td><p >Re-Enter Password:</p></td> + <td><input type="password" id="reenterpintf" name="reenterpintf" value=""></td> + </table> + <br> + <table width="100%"> + <tr> + <td align="right"> + <input type="button" id="enrollbtn" name="enrollbtn" value="Enroll My Veracify Smartcard" onClick="DoEnrollCOOLKey();"> + </td> + </tr> + </table> +</body></html> diff --git a/base/tps/apache/cgi-bin/demo/enroll.cgi b/base/tps/apache/cgi-bin/demo/enroll.cgi new file mode 100755 index 000000000..c0f4bcabf --- /dev/null +++ b/base/tps/apache/cgi-bin/demo/enroll.cgi @@ -0,0 +1,183 @@ +#! /usr/bin/perl -w +# +# --- BEGIN COPYRIGHT BLOCK --- +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; +# version 2.1 of the License. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301 USA +# +# Copyright (C) 2007 Red Hat, Inc. +# All rights reserved. +# --- END COPYRIGHT BLOCK --- +# +######################################################################## +# +# Script: esc.cgi +# Author: Kin Blas () +# Date: 12/19/2003 +# +# CGI.pm Docs: +# +# http://stein.cshl.org/WWW/software/CGI/ +# +######################################################################## + +use CGI; + +$gQuery = new CGI; + +$gQueryAction = "default"; +$gQueryOverrideAction = "default"; + +@gCookieNames = ("ascScreenName", + "ascSubscriptionType", + "ascBindings"); + +$gQueryAction = $gQuery->param("action") if (defined $gQuery->param("action")); + +$gQueryOverrideAction = $gQuery->param("override_action") + if (defined $gQuery->param("override_action")); + +if ($gQueryOverrideAction ne "default") +{ + $gQueryAction = $gQueryOverrideAction; +} + +######################################################################## +# +# If no action was provided, we default to showing our +# admin page! +# +# http://www.foo.com/esc.cgi +# +######################################################################## + +if ($gQueryAction eq "default") +{ + GenerateEnrollmentPage(); + exit 0; +} + + + +sub ExitError +{ + my($str) = @_; + print $gQuery->header(), $gQuery->start_html(), $str, $gQuery->end_html(); + exit 0; +} + +sub GetScreenName +{ + my $sn = ""; + + if (defined $gQuery->param("screenname")) + { + $sn = $gQuery->param("screenname"); + } else { + $sn = "default"; + } + + return $sn; +} + +sub GetKeyType +{ + my $keyType = 0; + + if (defined $gQuery->param("keytype")) + { + $keyType = $gQuery->param("keytype"); + } + + return $keyType; +} + +sub GetKeyID +{ + my $keyID = ""; + + if (defined $gQuery->param("keyid")) + { + $keyID = $gQuery->param("keyid"); + } + + return $keyID; +} + +sub GetKeyLabelArg +{ + my $keyLabel = ""; + + if (defined $gQuery->param("keylabel")) + { + $keyLabel = $gQuery->param("keylabel"); + } + + return $keyLabel; +} + +sub HaveScreenName +{ + return 1 if (GetScreenName() ne ""); + return 0; +} + +sub IsSubscriber +{ + my $subType = $gUserObj{'SUBSCRIPTION'}; + return 1 if ($subType eq "HouseKey" || $subType eq "NetKey"); + + return 0; +} + +sub GetNextAction +{ + my($nextActn) = "default"; + + if (defined $gQuery->param('nextaction')) + { + $nextActn = $gQuery->param('nextaction'); + } + elsif (defined $gQuery->param('action')) + { + $nextActn = $gQuery->param('action'); + } + + return $nextActn; +} + +sub GenerateEnrollmentPage +{ + my ($l); + + ExitError("Failed to load enrollment page!") if (!open(ENROLL_FILE, "< Enroll.html")); + + print $gQuery->header(); + + while ($l = <ENROLL_FILE>) + { + if ($l =~ /<!-- *SECURECOOL_SCREENNAME *-->/) + { + my $sn = GetScreenName(); + $l =~ s/<!-- *SECURECOOL_SCREENNAME *-->/$sn/g; + print $l; + } + else + { + print $l; + } + } + + close(ENROLL_FILE); +} diff --git a/base/tps/apache/cgi-bin/demo/index.cgi b/base/tps/apache/cgi-bin/demo/index.cgi new file mode 100755 index 000000000..c9a1d21dd --- /dev/null +++ b/base/tps/apache/cgi-bin/demo/index.cgi @@ -0,0 +1,47 @@ +#!/usr/bin/perl +# +# --- BEGIN COPYRIGHT BLOCK --- +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; +# version 2.1 of the License. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301 USA +# +# Copyright (C) 2007 Red Hat, Inc. +# All rights reserved. +# --- END COPYRIGHT BLOCK --- +# +# +# +# +print "Content-type: text/xml\n\n"; +print "<\?xml version=\"1.0\" encoding=\"UTF-8\"\?>"; +print "<ServiceInfo>"; +print "<IssuerName>"; +print "Fedora Project"; # Vendor +print "</IssuerName>\n"; +print "<Services>"; +print "<Operation>"; +print "http://[SERVER_NAME]:[PORT]/nk_service"; +print "</Operation>"; +print "<UI>"; +print "http://[SERVER_NAME]:[PORT]/cgi-bin/demo/enroll.cgi"; +print "</UI>"; +print "<EnrolledTokenBrowserURL>"; +print "</EnrolledTokenBrowserURL>"; +print "<EnrolledTokenURL>"; +print "</EnrolledTokenURL>"; +print "<TokenType>"; +print "userKey"; +print "</TokenType>"; +print "</Services>"; +print "</ServiceInfo>"; diff --git a/base/tps/apache/cgi-bin/esc.cgi b/base/tps/apache/cgi-bin/esc.cgi new file mode 100755 index 000000000..70a93c0a0 --- /dev/null +++ b/base/tps/apache/cgi-bin/esc.cgi @@ -0,0 +1,1239 @@ +#! /usr/bin/perl -w +# +# --- BEGIN COPYRIGHT BLOCK --- +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; +# version 2.1 of the License. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301 USA +# +# Copyright (C) 2007 Red Hat, Inc. +# All rights reserved. +# --- END COPYRIGHT BLOCK --- +# +######################################################################## +# +# Script: esc.cgi +# Author: Kin Blas () +# Date: 12/19/2003 +# +# CGI.pm Docs: +# +# http://stein.cshl.org/WWW/software/CGI/ +# +######################################################################## + +use CGI; + +$gQuery = new CGI; + +$gQueryAction = "default"; +$gQueryOverrideAction = "default"; + +@gCookieNames = ("ascScreenName", + "ascSubscriptionType", + "ascBindings"); + +$gQueryAction = $gQuery->param("action") if (defined $gQuery->param("action")); + +$gQueryOverrideAction = $gQuery->param("override_action") + if (defined $gQuery->param("override_action")); + +if ($gQueryOverrideAction ne "default") +{ + $gQueryAction = $gQueryOverrideAction; +} + +######################################################################## +# +# If no action was provided, we default to showing our +# admin page! +# +# http://www.foo.com/esc.cgi +# +######################################################################## + +if ($gQueryAction eq "default") +{ + GenerateAdminPage(); + exit 0; +} + +######################################################################## +# +# We aren't doing any admin functions, before proceeding +# on to user specific functions, make sure we have a screen name +# and that they are subscribed to a service. +# +######################################################################## + +#if (!HaveScreenName() || $gQueryAction eq "screennamepage") +#{ +# GenerateScreenNamePage($gQueryAction); +# exit 0; +#} + +LoadUserDatabase("default"); + +######################################################################## +# +# Subscribe? +# +# http://www.foo.com/esc.cgi?action=subscribe +# +######################################################################## + +#if ($gQueryAction eq "subscribe") +#{ +# SaveSubscription(); +# $nextAction = GetNextAction(); +# $redirectLocation = $gQuery->url(-path_info=>1)."?action=$nextAction&screenname=".GetScreenName(); +# print $gQuery->redirect(-uri=>$redirectLocation); +# exit 0; +#} + +#if (!IsSubscriber() || $gQueryAction eq "subscriptionpage") +#{ +# GenerateTOSPage($gQueryAction); +# exit 0; +#} + +######################################################################## +# +# Show our cookie management page? +# +# http://www.foo.com/esc.cgi?action=cookiepage +# +######################################################################## + +#if ($gQueryAction eq "cookiepage") +#{ +# GenerateCookiesPage(); +# exit 0; +#} + +######################################################################## +# +# Clear cookies? +# +# http://www.foo.com/esc.cgi?action=clearAllCookies +# +######################################################################## + +#if ($gQueryAction eq "removeCookies") +#{ +# @expCookies = (); +# foreach $cookie (@gCookieNames) +# { +# if (defined $gQuery->param($cookie)) +# { +# $expCookies[$cookieCnt++] = CreateExpiredCookie($cookie); +# } +# } +# $redirectLocation = $gQuery->url(-path_info=>1)."?action=cookiepage&screenname=".GetScreenName(); +# print $gQuery->redirect(-uri=>$redirectLocation, +# -cookie=>\@expCookies); +# exit 0; +#} + +######################################################################## +# +# Bind? +# +# +######################################################################## + +if ($gQueryAction eq "bind") +{ + UpdateBindingsForBind(); + $nextAction = GetNextAction(); + + $nextAction = "bindpage" if ($nextAction eq $gQueryAction); + + $redirectLocation = $gQuery->url(-path_info=>1)."?action=$nextAction&prevaction=bind&screenname=".GetScreenName()."&keytype=".GetKeyType()."&keyid=".GetKeyID()."&keylabel=".GetKeyLabelArg(); + print $gQuery->redirect(-uri=>$redirectLocation); + exit 0; +} + +######################################################################## +# +# Unbind? +# +# +######################################################################## + +if ($gQueryAction eq "unbind") +{ + UpdateBindingsForUnbind(); + + $nextAction = GetNextAction(); + + $nextAction = "bindpage" if ($nextAction eq $gQueryAction); + + $redirectLocation = $gQuery->url(-path_info=>1)."?action=$nextAction&prevaction=unbind&screenname=".GetScreenName()."&keytype=".GetKeyType()."&keyid=".GetKeyID()."&keylabel=".GetKeyLabelArg(); + print $gQuery->redirect(-uri=>$redirectLocation); + exit 0; +} + +######################################################################## +# +# Label? +# +# +######################################################################## + +if ($gQueryAction eq "label") +{ + UpdateBindingsForLabel(); + + $nextAction = GetNextAction(); + + $nextAction = "bindpage" if ($nextAction eq $gQueryAction); + + $redirectLocation = $gQuery->url(-path_info=>1)."?action=$nextAction&screenname=".GetScreenName(); + print $gQuery->redirect(-uri=>$redirectLocation); + exit 0; +} + +######################################################################## +# +# ScreenName? +# +# +######################################################################## + +#if ($gQueryAction eq "screenname") +#{ +# $nextAction = GetNextAction(); +# $redirectLocation = $gQuery->url(-path_info=>1)."?action=$nextAction&screenname=".GetScreenName(); +# print $gQuery->redirect(-uri=>$redirectLocation); +# exit 0; +#} + +######################################################################## +# +# Check if we are displaying the label page. +# +# +######################################################################## + +if ($gQueryAction eq "labelpage") +{ + my $nextAction = GetNextAction(); + $nextAction = "bindpage" if ($nextAction eq $gQueryAction); + + my $keyType = GetKeyType(); + my $keyId = GetKeyID(); + + GenerateLabelPage($keyType, $keyId, $nextAction); + exit 0; +} + +######################################################################## +# +# Show our enrollment page? +# +# http://www.foo.com/esc.cgi?action=enrollmentpage +# +######################################################################## + +if ($gQueryAction eq "enrollmentpage") +{ + GenerateEnrollmentPage(); + exit 0; +} + +if ($gQueryAction eq "advancepage") +{ + GenerateAdvancePage(); + exit 0; +} + +if ($gQueryAction eq "tokenmanagerpage") +{ + GenerateTokenManagerPage(); + exit 0; +} + +if($gQueryAction eq "authenticate") +{ + + GenerateAuthenticationPage(); + exit 0; +} + +if ($gQueryAction eq "autoenroll") +{ + GenerateAutoEnrollmentPage(); + exit 0; +} + +######################################################################## +# +# Show our ticket request page? +# +# +######################################################################## + +if ($gQueryAction eq "ticketreqpage") +{ + GenerateTicketRequestPage(); + exit 0; +} + +######################################################################## +# +# Show our load external url page? +# +# http://www.foo.com/esc.cgi?action=loadurlpage +# +######################################################################## + + +if ($gQueryAction eq "loadurl") +{ + $nextAction = GetNextAction(); + $redirectLocation = $gQuery->param('url'); + print $gQuery->redirect(-uri=>$redirectLocation); + exit 0; +} + +if ($gQueryAction eq "loadurlpage") +{ + GenerateLoadURLPage(); + exit 0; +} + +######################################################################## +# +# User is subscribed, check if we are displaying the +# settings page. +# +# +######################################################################## + +if ($gQueryAction eq "settingspage") +{ + GenerateSettingsPage(); + exit 0; +} + +######################################################################## +# +# Check if we are displaying the set label page. +# +# +######################################################################## + +if ($gQueryAction eq "setlabelpage") +{ + GenerateSetLabelPage(); + exit 0; +} + +######################################################################## +# +# Check if we are displaying the bind/unbind progress page! +# +# +######################################################################## + +if ($gQueryAction eq "bindprogresspage") +{ + GenerateBindProgressPage("bind"); + exit 0; +} + +if ($gQueryAction eq "unbindprogresspage") +{ + GenerateBindProgressPage("unbind"); + exit 0; +} + +######################################################################## +# +# Check if we are displaying the bind/unbind success page! +# +# +######################################################################## + +if ($gQueryAction eq "bindsuccesspage") +{ + GenerateBindSuccessPage("bind"); + exit 0; +} + +if ($gQueryAction eq "unbindsuccesspage") +{ + GenerateBindSuccessPage("unbind"); + exit 0; +} + +######################################################################## +# +# XXX: Lose this code! +# User is subscribed, check if we are displaying the +# binding page. +# +# +######################################################################## + +if ($gQueryAction eq "bindpage") +{ + GenerateBindingConfigPage(); + exit 0; +} + +print "<html><body><H1> Unknown Query Action "; +print $qQueryAction; +print "</H1></body></html>"; +exit 0; + +######################################################################## +# +# +######################################################################## + + +sub ExitError +{ + my($str) = @_; + print $gQuery->header(), $gQuery->start_html(), $str, $gQuery->end_html(); + exit 0; +} + +sub GetScreenName +{ + my $sn = ""; + + if (defined $gQuery->param("screenname")) + { + $sn = $gQuery->param("screenname"); + } else { + $sn = "default"; + } + + return $sn; +} + +sub GetKeyType +{ + my $keyType = 0; + + if (defined $gQuery->param("keytype")) + { + $keyType = $gQuery->param("keytype"); + } + + return $keyType; +} + +sub GetKeyID +{ + my $keyID = ""; + + if (defined $gQuery->param("keyid")) + { + $keyID = $gQuery->param("keyid"); + } + + return $keyID; +} + +sub GetKeyLabelArg +{ + my $keyLabel = ""; + + if (defined $gQuery->param("keylabel")) + { + $keyLabel = $gQuery->param("keylabel"); + } + + return $keyLabel; +} + +sub HaveScreenName +{ + return 1 if (GetScreenName() ne ""); + return 0; +} + +sub IsSubscriber +{ + my $subType = $gUserObj{'SUBSCRIPTION'}; + return 1 if ($subType eq "HouseKey" || $subType eq "NetKey"); + + return 0; +} + +sub GetNextAction +{ + my($nextActn) = "default"; + + if (defined $gQuery->param('nextaction')) + { + $nextActn = $gQuery->param('nextaction'); + } + elsif (defined $gQuery->param('action')) + { + $nextActn = $gQuery->param('action'); + } + + return $nextActn; +} + +sub GenerateAdminPage() +{ + my ($l); + + ExitError("Failed to load Admin Page") if (!open(ADMIN_FILE, "< ./AdminEsc.html")); + + print $gQuery->header(); + + while ($l = <ADMIN_FILE>) + { + if ($l =~ /<!-- *SECURECOOL_SCREENNAME *-->/) + { + my $sn = GetScreenName(); + $l =~ s/<!-- *SECURECOOL_SCREENNAME *-->/$sn/g; + } + print $l; + } + close(ADMIN_FILE); +} + +sub GenerateCookiesPage() +{ + my ($nextPage) = @_; + + my ($l); + + ExitError("Failed to load TOS Page") if (!open(COOKIE_FILE, "< Cookies.html")); + + print $gQuery->header(); + + while ($l = <COOKIE_FILE>) + { + if ($l =~ /SECURECOOL_COOKIE_LIST/) + { + my @cookies = $gQuery->cookie(); + if (@cookies < 1) + { + print "No ASC Cookies currently defined!<br>\n"; + } + else + { + my $cookieName; + foreach $cookieName (@cookies) + { + # + # Display only ASC related cookies! + # + + if ($cookieName =~ /^asc/) + { + print "<tr><td valign=\"center\" align=\"center\"><input type=\"checkbox\" name=\"$cookieName\"></td><td>$cookieName</td><td>", $gQuery->cookie($cookieName), "</td></tr>\n"; + } + } + print "<br>\n"; + } + } + elsif ($l =~ /<!-- *SECURECOOL_SCREENNAME *-->/) + { + my $sn = GetScreenName(); + $l =~ s/<!-- *SECURECOOL_SCREENNAME *-->/$sn/g; + print $l; + } + else + { + print $l; + } + } + close(COOKIE_FILE); +} + +sub GenerateScreenNamePage +{ + my ($nextPage) = @_; + + my ($l); + + ExitError("Failed to load ScreenName Page") if (!open(SN_FILE, "< ScreenName.html")); + + print $gQuery->header(); + + my $sn = GetScreenName(); + + while ($l = <SN_FILE>) + { + if ($l =~ /SECURECOOL_NEXTACTION_INPUT_TAG/) + { + if ($nextPage) + { + print "<input type=\"hidden\" name=\"nextaction\" value=\"$nextPage\">\n"; + print "<input type=\"hidden\" name=\"screenname\" value=\"$sn\">\n"; + } + + if ($sn) + { + print "<script>document.getElementById('screenname').value = \"$sn\"</script>\n"; + } + } + elsif ($l =~ /<!-- *SECURECOOL_SCREENNAME *-->/) + { + $l =~ s/<!-- *SECURECOOL_SCREENNAME *-->/$sn/g; + print $l; + } + else + { + print $l; + } + } + close(SN_FILE); +} + +sub GenerateTOSPage +{ + my ($nextPage) = @_; + + my ($l); + + ExitError("Failed to load TOS Page") if (!open(TOS_FILE, "< Subscribe.html")); + + print $gQuery->header(); + + while ($l = <TOS_FILE>) + { + if ($l =~ /SECURECOOL_NEXTACTION_INPUT_TAG/) + { + if ($nextPage) + { + print "<input type=\"hidden\" name=\"nextaction\" value=\"$nextPage\">\n"; + print "<input type=\"hidden\" name=\"screenname\" value=\"". GetScreenName() ."\">\n"; + } + } + elsif ($l =~ /<!-- *SECURECOOL_SCREENNAME *-->/) + { + my $sn = GetScreenName(); + $l =~ s/<!-- *SECURECOOL_SCREENNAME *-->/$sn/g; + print $l; + } + else + { + print $l; + } + } + close(TOS_FILE); +} + +sub GenerateSettingsPage +{ + my ($l); + + ExitError("Failed to load settings page!") if (!open(SETTINGS_FILE, "< SettingsEsc.html")); + + print $gQuery->header(); + + while ($l = <SETTINGS_FILE>) + { + if ($l =~ /SECURECOOL_BINDINGS_ARRAY/) + { + my(@curBindings) = GetBindings(); + my $arrSize = scalar(@curBindings); + my($i); + + for ($i = 0; $i < $arrSize; $i++) + { + my($keyType, $keyId, $keyLabel) = split(/&/, $curBindings[$i]); + print " [ $keyType, \"$keyId\", \"$keyLabel\" ]"; + print "," if ($arrSize > 1 && $i != $arrSize - 1); + print "\n"; + } + } + elsif ($l =~ /<!-- *SECURECOOL_SCREENNAME *-->/) + { + my $sn = GetScreenName(); + $l =~ s/<!-- *SECURECOOL_SCREENNAME *-->/$sn/g; + print $l; + } + else + { + print $l; + } + } + close(SETTINGS_FILE); +} + +sub GenerateSetLabelPage +{ + my ($l); + + ExitError("Failed to open label page!") if (!open(LABEL_PAGE, "< Label.html")); + + my $sn = GetScreenName(); + ExitError("Failed to get a valid screen name!") if (! $sn); + + my $keyType = GetKeyType(); + my $keyID = GetKeyID(); + ExitError("Failed to get a valid keyID!") if (! $keyID); + + $defLabel = $keyID; + $defLabel =~ s/^[0-9a-fA-F]{12}//; + $defLabel = "$sn-$defLabel"; + + print $gQuery->header(); + + while ($l = <LABEL_PAGE>) + { + if ($l =~ /<!-- *SECURECOOL_SCREENNAME *-->/) + { + $l =~ s/<!-- *SECURECOOL_SCREENNAME *-->/$sn/g; + } + if ($l =~ /<!-- *SECURECOOL_KEYTYPE *-->/) + { + $l =~ s/<!-- *SECURECOOL_KEYTYPE *-->/$keyType/g; + } + if ($l =~ /<!-- *SECURECOOL_KEYID *-->/) + { + $l =~ s/<!-- *SECURECOOL_KEYID *-->/$keyID/g; + } + if ($l =~ /<!-- *SECURECOOL_KEYLABEL *-->/) + { + $l =~ s/<!-- *SECURECOOL_KEYLABEL *-->/$defLabel/g; + } + print $l; + } + close(LABEL_FILE); +} + +sub GenerateBindProgressPage +{ + my ($action) = @_; + my ($l); + + ExitError("Failed to open progress page!") if (!open(PROG_PAGE, "< Progress.html")); + + my $sn = GetScreenName(); + ExitError("Failed to get a valid screen name!") if (! $sn); + + my $keyType = GetKeyType(); + my $keyID = GetKeyID(); + ExitError("Failed to get a valid keyID!") if (! $keyID); + + my $keyLabel = ""; + + if ($action eq "bind") + { + $keyLabel = GetKeyLabelArg(); + ExitError("Failed to get a valid keyLabel!") if (! $keyLabel); + } + + print $gQuery->header(); + + while ($l = <PROG_PAGE>) + { + if ($l =~ /<!-- *SECURECOOL_SCREENNAME *-->/) + { + $l =~ s/<!-- *SECURECOOL_SCREENNAME *-->/$sn/g; + } + if ($l =~ /<!-- *SECURECOOL_KEYTYPE *-->/) + { + $l =~ s/<!-- *SECURECOOL_KEYTYPE *-->/$keyType/g; + } + if ($l =~ /<!-- *SECURECOOL_KEYID *-->/) + { + $l =~ s/<!-- *SECURECOOL_KEYID *-->/$keyID/g; + } + if ($l =~ /<!-- *SECURECOOL_KEYLABEL *-->/) + { + $l =~ s/<!-- *SECURECOOL_KEYLABEL *-->/$keyLabel/g; + } + if ($l =~ /<!-- *SECURECOOL_ACTION *-->/) + { + $l =~ s/<!-- *SECURECOOL_ACTION *-->/$action/g; + } + if ($l =~ /<!-- *SECURECOOL_CHALLENGEDATA *-->/) + { + $challengeData = ""; + $challengeData = "QVNDIHJvY2tzIHRoZSBwYXJ0eSE=" if ($action eq "bind"); + + $l =~ s/<!-- *SECURECOOL_CHALLENGEDATA *-->/$challengeData/g; + } + print $l; + } + close(PROG_PAGE); +} + +sub GenerateBindSuccessPage +{ + my ($action) = @_; + my ($l); + + ExitError("Failed to open progress page!") if (!open(SUCCESS_PAGE, "< BindSuccess.html")); + + my $sn = GetScreenName(); + ExitError("Failed to get a valid screen name!") if (! $sn); + + my $keyType = GetKeyType(); + my $keyID = GetKeyID(); + ExitError("Failed to get a valid keyID!") if (! $keyID); + + my $keyLabel = ""; + + if ($action eq "bind") + { + $keyLabel = GetKeyLabelArg(); + ExitError("Failed to get a valid keyLabel!") if (! $keyLabel); + } + + print $gQuery->header(); + + while ($l = <SUCCESS_PAGE>) + { + if ($l =~ /<!-- *SECURECOOL_SCREENNAME *-->/) + { + $l =~ s/<!-- *SECURECOOL_SCREENNAME *-->/$sn/g; + } + if ($l =~ /<!-- *SECURECOOL_KEYTYPE *-->/) + { + $l =~ s/<!-- *SECURECOOL_KEYTYPE *-->/$keyType/g; + } + if ($l =~ /<!-- *SECURECOOL_KEYID *-->/) + { + $l =~ s/<!-- *SECURECOOL_KEYID *-->/$keyID/g; + } + if ($l =~ /<!-- *SECURECOOL_KEYLABEL *-->/) + { + $l =~ s/<!-- *SECURECOOL_KEYLABEL *-->/$keyLabel/g; + } + if ($l =~ /<!-- *SECURECOOL_ACTION *-->/) + { + $l =~ s/<!-- *SECURECOOL_ACTION *-->/$action/g; + } + print $l; + } + close(SUCCESS_PAGE); +} + +sub GenerateBindingConfigPage +{ + my ($l); + + ExitError("Failed to load binding page!") if (!open(BINDING_FILE, "< Bindings.html")); + + print $gQuery->header(); + + while ($l = <BINDING_FILE>) + { + if ($l =~ /SECURECOOL_BINDINGS_ARRAY/) + { + my(@curBindings) = GetBindings(); + my $arrSize = scalar(@curBindings); + my($i); + + for ($i = 0; $i < $arrSize; $i++) + { + my($keyType, $keyId, $keyLabel) = split(/&/, $curBindings[$i]); + print " [ $keyType, \"$keyId\", \"$keyLabel\" ]"; + print "," if ($arrSize > 1 && $i != $arrSize - 1); + print "\n"; + } + } + elsif ($l =~ /<!-- *SECURECOOL_SCREENNAME *-->/) + { + my $sn = GetScreenName(); + $l =~ s/<!-- *SECURECOOL_SCREENNAME *-->/$sn/g; + print $l; + } + else + { + print $l; + } + } + close(BINDING_FILE); +} + +sub GetKeyLabel +{ + my($keyType, $keyId) = @_; + + my(@curBindings) = GetBindings(); + my($numBindings) = scalar(@curBindings); + + while($numBindings > 0) + { + --$numBindings; + if ($curBindings[$numBindings] =~ /^$keyType&$keyId&/) + { + my($ktype, $id, $lbl) = split(/&/, $curBindings[$numBindings]); + return $lbl; + } + } + + return ""; +} + +sub GenerateLabelPage +{ + my($keyType, $keyId, $nextAction) = @_; + my($keyLabel) = GetKeyLabel($keyType, $keyId); + + return if ($keyLabel eq ""); + + my ($l); + + ExitError("Failed to load label page!") if (!open(EDIT_LABEL_FILE, "< EditLabel.html")); + + print $gQuery->header(); + + while ($l = <EDIT_LABEL_FILE>) + { + if ($l =~ /SECURECOOL_NEXTACTION_INPUT_TAG/) + { + print "<input type=\"hidden\" name=\"nextaction\" value=\"$nextAction\">\n"; + print "<input type=\"hidden\" name=\"keytype\" value=\"$keyType\">\n"; + print "<input type=\"hidden\" name=\"keyid\" value=\"$keyId\">\n"; + print "<input type=\"hidden\" name=\"keylabel\" value=\"$keyLabel\">\n"; + print "<input type=\"hidden\" name=\"screenname\" value=\"".GetScreenName()."\">\n"; + } + elsif ($l =~ /<!-- *SECURECOOL_SCREENNAME *-->/) + { + my $sn = GetScreenName(); + $l =~ s/<!-- *SECURECOOL_SCREENNAME *-->/$sn/g; + print $l; + } + else + { + print $l; + } + } + close(EDIT_LABEL_FILE); +} + +sub GenerateAutoEnrollmentPage +{ + my ($l); + + ExitError("Failed to load enrollment page!") if (!open(ENROLL_FILE, "< EnrollPopup.html")); + + print $gQuery->header(); + + while ($l = <ENROLL_FILE>) + { + print $l; + } + + close(ENROLL_FILE); +} +sub GenerateAuthenticationPage +{ + my ($l); + ExitError("Failed to load enrollment page!") if (!open(AUTH_FILE, "< GenericAuth.html")); + + print $gQuery->header(); + + while ($l = <AUTH_FILE>) + { + if ($l =~ /<!-- *SECURECOOL_SCREENNAME *-->/) + { + my $sn = GetScreenName(); + $l =~ s/<!-- *SECURECOOL_SCREENNAME *-->/$sn/g; + print $l; + } + else + { + print $l; + } + } + + close(AUTH_FILE); +} + +sub GenerateEnrollmentPage +{ + my ($l); + + ExitError("Failed to load enrollment page!") if (!open(ENROLL_FILE, "< EnrollPopup.html")); + + print $gQuery->header(); + + while ($l = <ENROLL_FILE>) + { + if ($l =~ /<!-- *SECURECOOL_SCREENNAME *-->/) + { + my $sn = GetScreenName(); + $l =~ s/<!-- *SECURECOOL_SCREENNAME *-->/$sn/g; + print $l; + } + else + { + print $l; + } + } + + close(ENROLL_FILE); +} + +sub GenerateAdvancePage +{ + my ($l); + + ExitError("Failed to load enrollment page!") if (!open(ENROLL_FILE, "< AdvancePopup.html")); + + print $gQuery->header(); + + while ($l = <ENROLL_FILE>) + { + if ($l =~ /<!-- *SECURECOOL_SCREENNAME *-->/) + { + my $sn = GetScreenName(); + $l =~ s/<!-- *SECURECOOL_SCREENNAME *-->/$sn/g; + print $l; + } + else + { + print $l; + } + } + + close(ENROLL_FILE); +} + +sub GenerateTokenManagerPage +{ + my ($l); + + ExitError("Failed to load enrollment page!") if (!open(ENROLL_FILE, "< TokenManager.html")); + + print $gQuery->header(); + + while ($l = <ENROLL_FILE>) + { + if ($l =~ /<!-- *SECURECOOL_SCREENNAME *-->/) + { + my $sn = GetScreenName(); + $l =~ s/<!-- *SECURECOOL_SCREENNAME *-->/$sn/g; + print $l; + } + else + { + print $l; + } + } + + close(ENROLL_FILE); +} + +sub GenerateTicketRequestPage +{ + my ($l); + + ExitError("Failed to load ticket request page!") if (!open(TICKETREQ_FILE, "< Ticket.html")); + + print $gQuery->header(); + + while ($l = <TICKETREQ_FILE>) + { + if ($l =~ /<!-- *SECURECOOL_SCREENNAME *-->/) + { + my $sn = GetScreenName(); + $l =~ s/<!-- *SECURECOOL_SCREENNAME *-->/$sn/g; + print $l; + } + else + { + print $l; + } + } + + close(TICKETREQ_FILE); +} + +sub GenerateLoadURLPage +{ + my ($l); + + ExitError("Failed to load url request page!") if (!open(LOADURL_FILE, "< LoadURL.html")); + + print $gQuery->header(); + + while ($l = <LOADURL_FILE>) + { + if ($l =~ /<!-- *SECURECOOL_SCREENNAME *-->/) + { + my $sn = GetScreenName(); + $l =~ s/<!-- *SECURECOOL_SCREENNAME *-->/$sn/g; + print $l; + } + else + { + print $l; + } + } + + close(LOADURL_FILE); +} + +sub CreateExpiredCookie +{ + my($cookieName) = @_; + my $cookie = $gQuery->cookie(-name=>$cookieName, + -value=>'', + -expires=>'-2d', + -path=>$gQuery->url(-absolute=>1), + -domain=>$gQuery->server_name()); + return $cookie; + +} + +sub SaveSubscription +{ + + $gUserObj{'SUBSCRIPTION'} = $gQuery->param("subscriptiontype"); + SaveUserDatabase(GetScreenName()); +} + +sub GetBindings +{ + my $bindings = $gUserObj{'BINDINGS'}; + return @$bindings; +} + +sub BindingsArrayToString +{ + my(@bindings) = @_; + my $i; + my $str = ""; + + for ($i = 0; $i < @bindings; $i++) + { + if ($bindings[$i] ne "") + { + $str .= "&" if ($str ne ""); + $str .= ASCUrlEncode($bindings[$i]); + } + } + + return $str; +} + +sub AddItemToBindings +{ + my($keyType, $keyId, $keyLabel) = @_; + + my(@curBindings) = GetBindings(); + my($pos) = scalar(@curBindings); + + # First check to see if the key already exists in + # the cookie! If it does, we'll just overwrite it. + + my($i) = $pos; + while($i > 0) + { + --$i; + if ($curBindings[$i] =~ /^$keyType&$keyId&/) + { + $pos = $i; + last; + } + } + + $curBindings[$pos] = "$keyType&$keyId&$keyLabel"; + + $gUserObj{'BINDINGS'} = \@curBindings; + #SaveUserDatabase(GetScreenName()); +} + +sub RemoveItemFromBindings +{ + my($keyType, $keyId) = @_; + + my(@curBindings) = GetBindings(); + my($numBindings) = scalar(@curBindings); + my @newBindings; + + while($numBindings > 0) + { + --$numBindings; + next if ($curBindings[$numBindings] =~ /^$keyType&$keyId&/); + push @newBindings, $curBindings[$numBindings]; + } + + $gUserObj{'BINDINGS'} = \@newBindings; + #SaveUserDatabase(GetScreenName()); +} + +sub UpdateBindingsForBind +{ + return if (! defined $gQuery->param("keytype")); + my($keyType) = $gQuery->param("keytype"); + + return if (! defined $gQuery->param("keyid")); + my($keyId) = $gQuery->param("keyid"); + + return if (! defined $gQuery->param("keylabel")); + my($keyLabel) = $gQuery->param("keylabel"); + + return AddItemToBindings($keyType, $keyId, $keyLabel); +} + +sub UpdateBindingsForUnbind +{ + return if (! defined $gQuery->param("keytype")); + my($keyType) = $gQuery->param("keytype"); + + return if (! defined $gQuery->param("keyid")); + my($keyId) = $gQuery->param("keyid"); + + return RemoveItemFromBindings($keyType, $keyId,); +} + +sub UpdateBindingsForLabel +{ + return UpdateBindingsForBind(); +} + +sub ASCUrlDecode +{ + my($qstr) = @_; + $qstr =~ s/\+/ /g; + $qstr =~ s/%([0-9A-F]{2})/pack("C", hex($1))/eig; + return $qstr; +} + +sub ASCUrlEncode +{ + my($qstr) = @_; + $qstr =~ s/([^a-zA-Z0-9_ ])/sprintf("%%%.2X", unpack("C", $1))/eig; + $qstr =~ s/ /+/g; + return $qstr; +} + +sub LoadUserDatabase +{ + my($sn) = @_; + + $gUserObj{'SUBSCRIPTION'} = ""; + + $gUserObj{'BINDINGS'} = ""; + return; + +} + +sub SaveUserDatabase +{ + my($sn) = @_; + my($snfile) = "UserDatabase/$sn"; + + return; + +} diff --git a/base/tps/apache/cgi-bin/home.cgi b/base/tps/apache/cgi-bin/home.cgi new file mode 100755 index 000000000..5fdf5ecf8 --- /dev/null +++ b/base/tps/apache/cgi-bin/home.cgi @@ -0,0 +1,40 @@ +#!/usr/bin/perl +# +# --- BEGIN COPYRIGHT BLOCK --- +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; +# version 2.1 of the License. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301 USA +# +# Copyright (C) 2007 Red Hat, Inc. +# All rights reserved. +# --- END COPYRIGHT BLOCK --- +# +# +# +# +print "Content-type: text/xml\n\n"; +print "<\?xml version=\"1.0\" encoding=\"UTF-8\"\?>"; +print "<ServiceInfo>"; +print "<IssuerName>"; +print "Fedora Project"; # Vendor +print "</IssuerName>\n"; +print "<Services>"; +print "<Operation>"; +print "http://machine.fedora.redhat.com:7888/nk_service"; +print "</Operation>"; +print "<UI>"; +print "http://machine.fedora.redhat.com:7888/cgi-bin/esc.cgi"; +print "</UI>"; +print "</Services>"; +print "</ServiceInfo>"; diff --git a/base/tps/apache/cgi-bin/home/Enroll.html b/base/tps/apache/cgi-bin/home/Enroll.html new file mode 100755 index 000000000..218da280c --- /dev/null +++ b/base/tps/apache/cgi-bin/home/Enroll.html @@ -0,0 +1,79 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2009 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<html> +<head> +<meta http-equiv="Content-Type" content="text/html; charset=utf-8"> +<link rel=stylesheet href="/esc/home/style.css" type="text/css"> + +<title>Enrollment</title> +</head> +<script type="text/JavaScript" src="/esc/home/util.js"> +</script> +<body onload="InitializeBindingTable();" onunload=cleanup()> + +<progressmeter id="progress-id" hidden="true" align = "center"/> +<table width="100%" class="logobar"> + <tr> + <td> +<img alt="" src="/pki/esc/home/logo.jpg"> + </td> + <td> + <p class="headerText">Smartcard Enrollment</p> + </td> + </tr> +</table> + <table id="BindingTable" width="200px"align="center"> + <tr id="HeaderRow"> + </tr> + </table> + <p class="bodyText">You have plugged in your smartcard! After answering a few easy questions, you will be able to use your smartcard. + </p> + <p class="bodyText"> + Now we would like you to identify yourself. + </p> + <table> + <tr> + <td><p >LDAP User ID: </p></td> + <td> </td> + <td><input type="text" id="snametf" value=""></td> + <td> </td> + <td><p>LDAP Password: </p></td> + <td> </td> + <td><input type="password" id="snamepwd" value=""></td> + </tr> + + </table> + + <p class="bodyText"> Before you can use your smartcard, you will need a password to protect it.</p> + <table> + <tr> + <td><p >Password:</p></td> + <td><input type="password" id="pintf" name="pintf" value=""></td> + + <td><p >Re-Enter Password:</p></td> + <td><input type="password" id="reenterpintf" name="reenterpintf" value=""></td> + </table> + <br> + <table width="100%"> + <tr> + <td align="right"> + <input type="button" id="enrollbtn" name="enrollbtn" value="Enroll My Smartcard" onClick="DoEnrollCOOLKey();"> + </td> + </tr> + </table> +</body></html> diff --git a/base/tps/apache/cgi-bin/home/cachain.cgi b/base/tps/apache/cgi-bin/home/cachain.cgi new file mode 100755 index 000000000..ddbf5e6ae --- /dev/null +++ b/base/tps/apache/cgi-bin/home/cachain.cgi @@ -0,0 +1,52 @@ +#!/usr/bin/perl +# +# --- BEGIN COPYRIGHT BLOCK --- +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; +# version 2.1 of the License. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301 USA +# +# Copyright (C) 2007 Red Hat, Inc. +# All rights reserved. +# --- END COPYRIGHT BLOCK --- +# +# +# + +use LWP::UserAgent; + +my $cfg = "../../conf/CS.cfg"; +my $cahostport = `grep conn.ca1.hostport $cfg | cut -c19-`; + +chomp($cahostport); + +my $url = "https://$cahostport/ca/ee/ca/getCAChain?op=download&mimeType=application/x-x509-ca-cert"; + +my $agent = LWP::UserAgent->new; +$agent->timeout(30); + +my $request = HTTP::Request->new('GET', $url); +my $response = $agent->request($request); + +if ($response->is_success) { + print "Content-type: application/x-x509-ca-cert\n\n"; + print $response->content; + +} else { + print "Content-type: text/html\n\n"; + print "<html>"; + print "<link rel=stylesheet href='/esc/home/style.css' type='text/css'>"; + print "<center><h2>Error Importing CA Chain Information!</h2></center>"; + print "<center><h2>Please try again later.</h2></center>"; + print "</html>" +} diff --git a/base/tps/apache/cgi-bin/home/enroll.cgi b/base/tps/apache/cgi-bin/home/enroll.cgi new file mode 100755 index 000000000..c0f4bcabf --- /dev/null +++ b/base/tps/apache/cgi-bin/home/enroll.cgi @@ -0,0 +1,183 @@ +#! /usr/bin/perl -w +# +# --- BEGIN COPYRIGHT BLOCK --- +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; +# version 2.1 of the License. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301 USA +# +# Copyright (C) 2007 Red Hat, Inc. +# All rights reserved. +# --- END COPYRIGHT BLOCK --- +# +######################################################################## +# +# Script: esc.cgi +# Author: Kin Blas () +# Date: 12/19/2003 +# +# CGI.pm Docs: +# +# http://stein.cshl.org/WWW/software/CGI/ +# +######################################################################## + +use CGI; + +$gQuery = new CGI; + +$gQueryAction = "default"; +$gQueryOverrideAction = "default"; + +@gCookieNames = ("ascScreenName", + "ascSubscriptionType", + "ascBindings"); + +$gQueryAction = $gQuery->param("action") if (defined $gQuery->param("action")); + +$gQueryOverrideAction = $gQuery->param("override_action") + if (defined $gQuery->param("override_action")); + +if ($gQueryOverrideAction ne "default") +{ + $gQueryAction = $gQueryOverrideAction; +} + +######################################################################## +# +# If no action was provided, we default to showing our +# admin page! +# +# http://www.foo.com/esc.cgi +# +######################################################################## + +if ($gQueryAction eq "default") +{ + GenerateEnrollmentPage(); + exit 0; +} + + + +sub ExitError +{ + my($str) = @_; + print $gQuery->header(), $gQuery->start_html(), $str, $gQuery->end_html(); + exit 0; +} + +sub GetScreenName +{ + my $sn = ""; + + if (defined $gQuery->param("screenname")) + { + $sn = $gQuery->param("screenname"); + } else { + $sn = "default"; + } + + return $sn; +} + +sub GetKeyType +{ + my $keyType = 0; + + if (defined $gQuery->param("keytype")) + { + $keyType = $gQuery->param("keytype"); + } + + return $keyType; +} + +sub GetKeyID +{ + my $keyID = ""; + + if (defined $gQuery->param("keyid")) + { + $keyID = $gQuery->param("keyid"); + } + + return $keyID; +} + +sub GetKeyLabelArg +{ + my $keyLabel = ""; + + if (defined $gQuery->param("keylabel")) + { + $keyLabel = $gQuery->param("keylabel"); + } + + return $keyLabel; +} + +sub HaveScreenName +{ + return 1 if (GetScreenName() ne ""); + return 0; +} + +sub IsSubscriber +{ + my $subType = $gUserObj{'SUBSCRIPTION'}; + return 1 if ($subType eq "HouseKey" || $subType eq "NetKey"); + + return 0; +} + +sub GetNextAction +{ + my($nextActn) = "default"; + + if (defined $gQuery->param('nextaction')) + { + $nextActn = $gQuery->param('nextaction'); + } + elsif (defined $gQuery->param('action')) + { + $nextActn = $gQuery->param('action'); + } + + return $nextActn; +} + +sub GenerateEnrollmentPage +{ + my ($l); + + ExitError("Failed to load enrollment page!") if (!open(ENROLL_FILE, "< Enroll.html")); + + print $gQuery->header(); + + while ($l = <ENROLL_FILE>) + { + if ($l =~ /<!-- *SECURECOOL_SCREENNAME *-->/) + { + my $sn = GetScreenName(); + $l =~ s/<!-- *SECURECOOL_SCREENNAME *-->/$sn/g; + print $l; + } + else + { + print $l; + } + } + + close(ENROLL_FILE); +} diff --git a/base/tps/apache/cgi-bin/home/index.cgi b/base/tps/apache/cgi-bin/home/index.cgi new file mode 100755 index 000000000..1e54a8354 --- /dev/null +++ b/base/tps/apache/cgi-bin/home/index.cgi @@ -0,0 +1,51 @@ +#!/usr/bin/perl +# +# --- BEGIN COPYRIGHT BLOCK --- +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; +# version 2.1 of the License. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301 USA +# +# Copyright (C) 2007 Red Hat, Inc. +# All rights reserved. +# --- END COPYRIGHT BLOCK --- +# +# +# +# +print "Content-type: text/xml\n\n"; +print "<\?xml version=\"1.0\" encoding=\"UTF-8\"\?>"; +print "<ServiceInfo>"; +print "<IssuerName>"; +print "Fedora Project"; # Vendor +print "</IssuerName>\n"; +print "<Services>"; +print "<Operation>"; +print "http://[SERVER_NAME]:[PORT]/nk_service"; +print "</Operation>"; +print "<UI>"; +print "http://[SERVER_NAME]:[PORT]/cgi-bin/home/enroll.cgi"; +print "</UI>"; +print "<EnrolledTokenBrowserURL>"; +print "http://www.fedora.redhat.com"; # Company URL +print "</EnrolledTokenBrowserURL>"; +print "<EnrolledTokenURL>"; +print "</EnrolledTokenURL>"; +print "<TokenType>"; +print "userKey"; +print "</TokenType>"; +#print "<CAChainUI>"; +#print "http://[SERVER_NAME]:[PORT]/cgi-bin/home/cachain.cgi"; +#print "</CAChainUI>"; +print "</Services>"; +print "</ServiceInfo>"; diff --git a/base/tps/apache/cgi-bin/so/Enroll.html b/base/tps/apache/cgi-bin/so/Enroll.html new file mode 100755 index 000000000..3d2fa6daa --- /dev/null +++ b/base/tps/apache/cgi-bin/so/Enroll.html @@ -0,0 +1,138 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2009 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<html> +<head> +<meta http-equiv="Content-Type" content="text/html; charset=utf-8"> +<link rel=stylesheet href="/esc/so/style.css" type="text/css"> + +<title>Enrollment</title> +</head> +<script type="text/JavaScript" src="/esc/so/util.js"> +</script> + +<script type="text/javascript"> +<!-- +function UserSelectRowByKeyID(keyType, keyID) +{ + DoCoolKeySetConfigValue("Operation-" + keyID, + "http://$host:$port/nk_service"); + DoCoolKeySetConfigValue("TokenType-" + keyID, "userKey"); + SelectRowByKeyID(keyType, keyID); +} + +function UserOnDoneInitializeBindingTable() +{ + var arr = GetAvailableCOOLKeys(); + var i; + for (i=0; i < arr.length; i++) + { + var keyType = arr[i][0]; + var keyID = arr[i][1]; + var keyStatus = GetStatusForKeyID(keyType, keyID); + UserSelectRowByKeyID(keyType, keyID); + } +} + +function UserOnCOOLKeyStateError() +{ + toggleAjaxProgress('ajax-pb', 'off'); +} + + +function toggleAjaxProgress(id, i) +{ + var e = document.getElementById(id); + if (i == 'off') { + e.style.display = 'none'; + } else { + e.style.display = 'block'; + } +} + +function UserOnCOOLKeyStatusUpdate(data) +{ + var progress = document.getElementById("progress"); + + if(progress) + progress.innerHTML = data + "%"; +} + +// --> +</script> + +<body onload="InitializeBindingTable();" onunload=cleanup()> + +<progressmeter id="progress-id" hidden="true" align = "center"/> +<table width="100%" class="logobar"> + <tr> + <td> +<!--<img alt="" src="/pki/esc/so/images/logo.gif"> --> + </td> + <td align = "center"> + <p class="headerText">Security Officer Enrollment</p> + </td> + </tr> +</table> + <div id="pb" style="display:none;"> + <table id="BindingTable" width="200px"align="center"> + <tr id="HeaderRow"> + </tr> + </table> + </div> + <p class="bodyText">You have plugged in your smartcard! After answering a few easy questions, you will be able to enroll the smartcard for the Security Officer user. + </p> + <p class="bodyText"> + Now we would like you to identify yourself. + </p> + <table> + <tr> + <td><p >LDAP User ID: </p></td> + <td> </td> + <td><input type="text" id="snametf" value=""></td> + <td> </td> + <td><p>LDAP Password: </p></td> + <td> </td> + <td><input type="password" id="snamepwd" value=""></td> + </tr> + + </table> + + <p class="bodyText"> Before you can use your smartcard, you will need a password to protect it.</p> + <table> + <tr> + <td><p >Password:</p></td> + <td><input type="password" id="pintf" name="pintf" value=""></td> + + <td><p >Re-Enter Password:</p></td> + <td><input type="password" id="reenterpintf" name="reenterpintf" value=""></td> + </table> + <br> + <div id="ajax-pb" style="display:none;"> + <img src="/pki/esc/so/images/indicator.gif"> + <h2 id="progress" name="progress" value="0%" ></h2> + </table> + </div> + + <table width="100%"> + <tr> + <td align="right"> + <input type="button" id="enrollbtn" name="enrollbtn" value="Enroll My Smartcard" onClick="toggleAjaxProgress('ajax-pb','on');DoEnrollCOOLKey();"> + </td> + </tr> + </table> +</body></html> diff --git a/base/tps/apache/cgi-bin/so/enroll.cgi b/base/tps/apache/cgi-bin/so/enroll.cgi new file mode 100755 index 000000000..148cd78c0 --- /dev/null +++ b/base/tps/apache/cgi-bin/so/enroll.cgi @@ -0,0 +1,193 @@ +#! /usr/bin/perl -w +# +# --- BEGIN COPYRIGHT BLOCK --- +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; +# version 2.1 of the License. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301 USA +# +# Copyright (C) 2007 Red Hat, Inc. +# All rights reserved. +# --- END COPYRIGHT BLOCK --- +# +######################################################################## +# +# Script: esc.cgi +# Author: Kin Blas () +# Date: 12/19/2003 +# +# CGI.pm Docs: +# +# http://stein.cshl.org/WWW/software/CGI/ +# +######################################################################## + +[REQUIRE_CFG_PL] + +use CGI; + +my $port = get_port(); +my $host = get_host(); +my $secure_port = get_secure_port(); + +$gQuery = new CGI; + +$gQueryAction = "default"; +$gQueryOverrideAction = "default"; + +@gCookieNames = ("ascScreenName", + "ascSubscriptionType", + "ascBindings"); + +$gQueryAction = $gQuery->param("action") if (defined $gQuery->param("action")); + +$gQueryOverrideAction = $gQuery->param("override_action") + if (defined $gQuery->param("override_action")); + +if ($gQueryOverrideAction ne "default") +{ + $gQueryAction = $gQueryOverrideAction; +} + +######################################################################## +# +# If no action was provided, we default to showing our +# admin page! +# +# http://www.foo.com/esc.cgi +# +######################################################################## + +if ($gQueryAction eq "default") +{ + GenerateEnrollmentPage(); + exit 0; +} + + + +sub ExitError +{ + my($str) = @_; + print $gQuery->header(), $gQuery->start_html(), $str, $gQuery->end_html(); + exit 0; +} + +sub GetScreenName +{ + my $sn = ""; + + if (defined $gQuery->param("screenname")) + { + $sn = $gQuery->param("screenname"); + } else { + $sn = "default"; + } + + return $sn; +} + +sub GetKeyType +{ + my $keyType = 0; + + if (defined $gQuery->param("keytype")) + { + $keyType = $gQuery->param("keytype"); + } + + return $keyType; +} + +sub GetKeyID +{ + my $keyID = ""; + + if (defined $gQuery->param("keyid")) + { + $keyID = $gQuery->param("keyid"); + } + + return $keyID; +} + +sub GetKeyLabelArg +{ + my $keyLabel = ""; + + if (defined $gQuery->param("keylabel")) + { + $keyLabel = $gQuery->param("keylabel"); + } + + return $keyLabel; +} + +sub HaveScreenName +{ + return 1 if (GetScreenName() ne ""); + return 0; +} + +sub IsSubscriber +{ + my $subType = $gUserObj{'SUBSCRIPTION'}; + return 1 if ($subType eq "HouseKey" || $subType eq "NetKey"); + + return 0; +} + +sub GetNextAction +{ + my($nextActn) = "default"; + + if (defined $gQuery->param('nextaction')) + { + $nextActn = $gQuery->param('nextaction'); + } + elsif (defined $gQuery->param('action')) + { + $nextActn = $gQuery->param('action'); + } + + return $nextActn; +} + +sub GenerateEnrollmentPage +{ + my ($l); + + ExitError("Failed to load enrollment page!") if (!open(ENROLL_FILE, "< Enroll.html")); + + print $gQuery->header(); + + while ($l = <ENROLL_FILE>) + { + if ($l =~ /<!-- *SECURECOOL_SCREENNAME *-->/) + { + my $sn = GetScreenName(); + $l =~ s/<!-- *SECURECOOL_SCREENNAME *-->/$sn/g; + print $l; + } + else + { + $l =~ s/\$host/$host/g; + $l =~ s/\$port/$port/g; + $l =~ s/\$secure_port/$secure_port/g; + + print $l; + } + } + + close(ENROLL_FILE); +} diff --git a/base/tps/apache/cgi-bin/so/index.cgi b/base/tps/apache/cgi-bin/so/index.cgi new file mode 100755 index 000000000..7b3f2c68d --- /dev/null +++ b/base/tps/apache/cgi-bin/so/index.cgi @@ -0,0 +1,48 @@ +#!/usr/bin/perl +# +# --- BEGIN COPYRIGHT BLOCK --- +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; +# version 2.1 of the License. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301 USA +# +# Copyright (C) 2007 Red Hat, Inc. +# All rights reserved. +# --- END COPYRIGHT BLOCK --- +# +# +# +# +print "Content-type: text/xml\n\n"; +print "<\?xml version=\"1.0\" encoding=\"UTF-8\"\?>"; +print "<ServiceInfo>"; +print "<IssuerName>"; +print "Fedora Project"; # Vendor +print "</IssuerName>\n"; +print "<Services>"; +print "<Operation>"; +print "http://[SERVER_NAME]:[PORT]/nk_service"; +print "</Operation>"; +print "<UI>"; +print "http://[SERVER_NAME]:[PORT]/cgi-bin/so/enroll.cgi"; +print "</UI>"; +print "<EnrolledTokenBrowserURL>"; +print "</EnrolledTokenBrowserURL>"; +print "<EnrolledTokenURL>"; +print "http://[SERVER_NAME]:[PORT]/cgi-bin/sow/welcome.cgi"; +print "</EnrolledTokenURL>"; +print "<TokenType>"; +print "soKey"; +print "</TokenType>"; +print "</Services>"; +print "</ServiceInfo>"; diff --git a/base/tps/apache/cgi-bin/sow/ajax-list.cgi b/base/tps/apache/cgi-bin/sow/ajax-list.cgi new file mode 100755 index 000000000..0f4ac094f --- /dev/null +++ b/base/tps/apache/cgi-bin/sow/ajax-list.cgi @@ -0,0 +1,79 @@ +#! /usr/bin/perl -w +# +# --- BEGIN COPYRIGHT BLOCK --- +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; +# version 2.1 of the License. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301 USA +# +# Copyright (C) 2007 Red Hat, Inc. +# All rights reserved. +# --- END COPYRIGHT BLOCK --- +# + +use CGI; +use Mozilla::LDAP::Conn; +use PKI::TPS::Common; + +[REQUIRE_CFG_PL] + +sub main() +{ + + my $q = new CGI; + + my $host = get_ldap_host(); + my $port = get_ldap_port(); + my $secureconn = get_ldap_secure(); + my $basedn = get_base_dn(); + my $certdir = get_ldap_certdir(); + + my $letters = $q->param('letters'); + if ($letters eq "") { + # HACK: ajax.js posts parameters into POST URL + $letters = $ENV{'QUERY_STRING'}; + $letters =~ s/.*letters=//g; + $letters =~ s/\+/ /g; + } + + my $result = ""; + + print "Content-Type: text/html\n\n"; + + my $conn = PKI::TPS::Common::make_connection( + {host => $host, port => $port, cert => $certdir}, + $secureconn); + + return if (!$conn); + + my $entry = $conn->search ( { base =>$basedn, + scope => "sub", + filter => "cn=$letters*", + attrsonly => 0, + attrs => qw(cn uid), + sortattrs => qw(cn)} + ); + + while ($entry) { + my $cn = ($entry->getValues("cn"))[0] || ""; + my $uid = ($entry->getValues("uid"))[0] || ""; + $result .= $uid . "###" . $cn . "|"; + $entry $conn->nextEntry(); + } + + $conn->close(); + + print $result; +} + +&main(); diff --git a/base/tps/apache/cgi-bin/sow/cfg.pl b/base/tps/apache/cgi-bin/sow/cfg.pl new file mode 100755 index 000000000..64e612aaa --- /dev/null +++ b/base/tps/apache/cgi-bin/sow/cfg.pl @@ -0,0 +1,168 @@ +#! /usr/bin/perl +# +# --- BEGIN COPYRIGHT BLOCK --- +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; version 2 of the License. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# +# Copyright (C) 2007 Red Hat, Inc. +# All rights reserved. +# --- END COPYRIGHT BLOCK --- +# + +# +# Establish platform-dependent variables: +# +my $ldapsearch="/usr/bin/ldapsearch"; + +# +# Feel free to modify the following parameters: +# +my $ldapHost = "localhost"; +my $ldapPort = "389"; +my $basedn = "ou=People,dc=sfbay,dc=redhat,dc=com"; +my $port = "7888"; +my $secure_port = "7889"; +my $host = "localhost"; + +my $cfg = "/var/lib/pki-tps/conf/CS.cfg"; + +sub get_ldapsearch() +{ + return $ldapsearch; +} + +sub get_ldap_host() +{ + my $ldapport = `grep auth.instance.0.hostport $cfg | cut -c26-`; + chomp($ldapport); + my ($ldapHost, $p) = split(/:/, $ldapport); + return $ldapHost; +} + +sub get_ldap_port() +{ + my $ldapport = `grep auth.instance.0.hostport $cfg | cut -c26-`; + chomp($ldapport); + my ($p, $ldapPort) = split(/:/, $ldapport); + return $ldapPort; +} + +sub get_base_dn() +{ + my $basedn = `grep auth.instance.0.baseDN $cfg | cut -c24-`; + chomp($basedn); + return $basedn; +} + +sub get_port() +{ + my $port = `grep service.unsecurePort $cfg | cut -c22-`; + chomp($port); + return $port; +} + +sub get_secure_port() +{ + my $secure_port = `grep service.securePort $cfg | cut -c20-`; + chomp($secure_port); + return $secure_port; +} + +sub get_host() +{ + my $host = `grep service.machineName $cfg | cut -c21-`; + chomp($host); + return $host; +} + +sub is_agent() +{ + my ($dn) = @_; + + my $uid = $dn; + # need to map a subject dn into user DN + $uid =~ /uid=([^,]*)/; # retrieve the uid + $uid = $1; + + my $x_hostport = `grep -e "^tokendb.hostport" $cfg | cut -c18-`; + chomp($x_hostport); + my ($x_host, $x_port) = split(/:/, $x_hostport); + my $x_basedn = `grep -e "^tokendb.userBaseDN" $cfg | cut -c20-`; + chomp($x_basedn); + my $x_binddn = `grep -e "^tokendb.bindDN" $cfg | cut -c16-`; + chomp($x_binddn); + my $x_bindpwdpath = `grep -e "^tokendb.bindPassPath" $cfg | cut -c22-`; + chomp($x_bindpwdpath); + my $x_bindpwd = `grep -e "^tokendbBindPass" $x_bindpwdpath | cut -c17-`; + chomp($x_bindpwd); + + my $cmd = $ldapsearch . " " . + "-x" . + "-D \"" . $x_binddn . "\" " . + "-w \"" . $x_bindpwd . "\" " . + "-b \"" . "cn=TUS Officers,ou=Groups,".$x_basedn . "\" " . + "-h \"" . $x_host . "\" " . + "-p \"" . $x_port ."\" " . + "-LLL \"(uid=" . $uid . "*)\" | wc -l"; + + my $matched = `$cmd`; + + chomp($matched); + + if ($matched eq "0" || $matched eq "") { + return 0; + } else { + return 1; + } +} + +sub is_user() +{ + my ($dn) = @_; + + my $uid = $dn; + # need to map a subject dn into user DN + $uid =~ /uid=([^,]*)/; # retrieve the uid + $uid = $1; + + my $x_host = get_ldap_host(); + $x_port = get_ldap_port(); + my $x_basedn = get_base_dn(); + chomp($x_basedn); + my $x_binddn = `grep -e "^tokendb.bindDN" $cfg | cut -c16-`; + chomp($x_binddn); + my $x_bindpwdpath = `grep -e "^tokendb.bindPassPath" $cfg | cut -c22-`; + chomp($x_bindpwdpath); + my $x_bindpwd = `grep -e "^tokendbBindPass" $x_bindpwdpath | cut -c17-`; + chomp($x_bindpwd); + + my $cmd = $ldapsearch . " " . + "-x" . + "-D \"" . $x_binddn . "\" " . + "-w \"" . $x_bindpwd . "\" " . + "-b \"" . "ou=people,".$x_basedn . "\" " . + "-h \"" . $x_host . "\" " . + "-p \"" . $x_port ."\" " . + "-LLL \"(uid=" . $uid . "*)\" | wc -l"; + + + my $matched = `$cmd`; + + chomp($matched); + + if ($matched eq "0" || $matched eq "") { + return 0; + } else { + return 1; + } +} diff --git a/base/tps/apache/cgi-bin/sow/enroll.cgi b/base/tps/apache/cgi-bin/sow/enroll.cgi new file mode 100755 index 000000000..8a6431e52 --- /dev/null +++ b/base/tps/apache/cgi-bin/sow/enroll.cgi @@ -0,0 +1,246 @@ +#! /usr/bin/perl -w +# +# --- BEGIN COPYRIGHT BLOCK --- +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; +# version 2.1 of the License. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301 USA +# +# Copyright (C) 2007 Red Hat, Inc. +# All rights reserved. +# --- END COPYRIGHT BLOCK --- +# +######################################################################## +# +# Script: esc.cgi +# Author: Kin Blas () +# Date: 12/19/2003 +# +# CGI.pm Docs: +# +# http://stein.cshl.org/WWW/software/CGI/ +# +######################################################################## + +[REQUIRE_CFG_PL] + +use CGI; +use Mozilla::LDAP::Conn; +use PKI::TPS::Common; + +$gQuery = new CGI; + +sub authorize +{ + my $client_dn = $ENV{'SSL_CLIENT_S_DN'}; + $client_dn =~ tr/A-Z/a-z/; # all lower cases + $client_dn =~ s/\s+//g; # remove all spacing + + if (&is_agent($client_dn)) { + return 1; + } + return 0; +} + +sub DoPage +{ + if (!&authorize()) { + print $gQuery->redirect("/cgi-bin/sow/noaccess.cgi"); + return; + } + + $gQueryAction = "default"; + $gQueryOverrideAction = "default"; + + @gCookieNames = ("ascScreenName", + "ascSubscriptionType", + "ascBindings"); + + $gQueryAction = $gQuery->param("action") if + (defined $gQuery->param("action")); + + $gQueryOverrideAction = $gQuery->param("override_action") + if (defined $gQuery->param("override_action")); + + if ($gQueryOverrideAction ne "default") + { + $gQueryAction = $gQueryOverrideAction; + } + +######################################################################## +# +# If no action was provided, we default to showing our +# admin page! +# +# http://www.foo.com/esc.cgi +# +######################################################################## + + if ($gQueryAction eq "default") + { + GenerateEnrollmentPage(); + exit 0; + } +} + +sub ExitError +{ + my($str) = @_; + print $gQuery->header(), $gQuery->start_html(), $str, $gQuery->end_html(); + exit 0; +} + +sub GetScreenName +{ + my $sn = ""; + + if (defined $gQuery->param("screenname")) + { + $sn = $gQuery->param("screenname"); + } else { + $sn = "default"; + } + + return $sn; +} + +sub GetKeyType +{ + my $keyType = 0; + + if (defined $gQuery->param("keytype")) + { + $keyType = $gQuery->param("keytype"); + } + + return $keyType; +} + +sub GetKeyID +{ + my $keyID = ""; + + if (defined $gQuery->param("keyid")) + { + $keyID = $gQuery->param("keyid"); + } + + return $keyID; +} + +sub GetKeyLabelArg +{ + my $keyLabel = ""; + + if (defined $gQuery->param("keylabel")) + { + $keyLabel = $gQuery->param("keylabel"); + } + + return $keyLabel; +} + +sub HaveScreenName +{ + return 1 if (GetScreenName() ne ""); + return 0; +} + +sub IsSubscriber +{ + my $subType = $gUserObj{'SUBSCRIPTION'}; + return 1 if ($subType eq "HouseKey" || $subType eq "NetKey"); + + return 0; +} + +sub GetNextAction +{ + my($nextActn) = "default"; + + if (defined $gQuery->param('nextaction')) + { + $nextActn = $gQuery->param('nextaction'); + } + elsif (defined $gQuery->param('action')) + { + $nextActn = $gQuery->param('action'); + } + + return $nextActn; +} + +sub GenerateEnrollmentPage +{ + my ($l); + my $ldap_host = get_ldap_host(); + my $ldap_port = get_ldap_port(); + my $secureconn = get_ldap_secure(); + my $basedn = get_base_dn(); + my $port = get_port(); + my $host = get_host(); + my $secure_port = get_secure_port(); + my $certdir = get_ldap_certdir(); + + ExitError("Failed to load enrollment page!") if (!open(ENROLL_FILE, "< enroll.html")); + + print $gQuery->header(); + + my $uid = $gQuery->param("uid"); + + my $conn = PKI::TPS::Common::make_connection( + {host => $ldap_host, port => $ldap_port, cert => $certdir}, + $secureconn); + + ExitError("Failed to connect to the database. $msg") if (!$conn); + + my $entry = $conn->search ( $basedn, + "sub", + "uid=$uid", + 0 + ); + + if (!$entry) { + $conn->close(); + ExitError("User $uid not found"); + } + + my $givenName = ($entry->getValues("givenName"))[0] || "-"; + my $cn = ($entry->getValues("cn"))[0] || "-"; + my $sn = ($entry->getValues("sn"))[0] ||"-"; + $uid = ($entry->getValues("uid"))[0] || "-"; + my $mail = ($entry->getValues("mail"))[0] || "-"; + my $phone = ($entry->getValues("telephoneNumber"))[0] || "-"; + my $departmentNumber = ($entry->getValues("departmentNumber"))[0] || ""; + my $employeeNumber = ($entry->getValues("employeeNumber"))[0] || ""; + + while ($l = <ENROLL_FILE>) + { + $l =~ s/\$mail/$mail/g; + $l =~ s/\$uid/$uid/g; + $l =~ s/\$givenName/$givenName/g; + $l =~ s/\$sn/$sn/g; + $l =~ s/\$cn/$cn/g; + $l =~ s/\$phone/$phone/g; + $l =~ s/\$departmentNumber/$departmentNumber/g; + $l =~ s/\$employeeNumber/$employeeNumber/g; + $l =~ s/\$host/$host/g; + $l =~ s/\$port/$port/g; + $l =~ s/\$secure_port/$secure_port/g; + print $l; + } + + close(ENROLL_FILE); +} + +&DoPage(); diff --git a/base/tps/apache/cgi-bin/sow/enroll.html b/base/tps/apache/cgi-bin/sow/enroll.html new file mode 100755 index 000000000..7bc377ffe --- /dev/null +++ b/base/tps/apache/cgi-bin/sow/enroll.html @@ -0,0 +1,260 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2009 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<html> +<head> +<meta http-equiv="Content-Type" content="text/html; charset=utf-8"> +<link rel=stylesheet href="/esc/sow/style.css" type="text/css"> + +<title>Enrollment</title> +<script type="text/javascript" src="/esc/sow/js/prototype.js"></script> +<script type="text/javascript" src="/esc/sow/js/scriptaculous.js?load=effects"></script> +<script type="text/JavaScript" src="/esc/sow/util.js"></script> +<link rel="stylesheet" href="/esc/sow/css/style.css" media="screen" type="text/css"> +<script type="text/javascript"> +<!-- +function UserOnCOOLKeyStateError() +{ + toggleAjaxProgress('ajax-pb', 'off'); + toggleButton('enrollbtn', 'on'); + toggleButton('cancel', 'on'); +} + +function UserSelectRowByKeyID(keyType, keyID) +{ + DoCoolKeySetConfigValue("Operation-" + keyID, + "https://$host:$secure_port/nk_service"); + DoCoolKeySetConfigValue("TokenType-" + keyID, "userKey"); + SelectRowByKeyID(keyType, keyID); +} + +function updateKeyText(text) +{ + var f = document.getElementById('keytext'); + new Effect.Shake(f); + var text = document.createTextNode(text); + var len= f.childNodes.length; + for (i=0;i<len;i++){ + f.removeChild(f.childNodes[0]); + } + f.appendChild(text); +} + +var officerToken = null; + +function UserOnDoneInitializeBindingTable() +{ + document.body.onkeyup = onUserKeyUp; + var enrollbtn = document.getElementById('enrollbtn'); + enrollbtn.disabled = true; + var pintf = document.getElementById('pintf'); + pintf.focus(); + + // display existing blank smart + var arr = GetAvailableCOOLKeys(); + if (!arr || arr.length < 1) + return; + var i; + for (i=0; i < arr.length; i++) + { + var keyType = arr[i][0]; + var keyID = arr[i][1]; + var keyStatus = GetStatusForKeyID(keyType, keyID); + if (keyStatus == "BLANK") { + updateKeyText('A ' + keyStatus + ' smartcard "' + keyID + '" is detected!'); + UserSelectRowByKeyID(keyType, keyID); + } else if (keyStatus == "UNINITIALIZED") { + updateKeyText('An ' + keyStatus + ' smartcard "' + keyID + '" is detected!'); + UserSelectRowByKeyID(keyType, keyID); + } + if(keyStatus == "ENROLLED" ) { + var uid = GetCoolKeyIssuedTo(keyType,keyID); + if(uid) + { + isAgent = window.IsAgentOrUser(uid,"agent"); + } + if(isAgent == true) + { + officerToken = keyID; + } + } + + } +} + +function UserOnCOOLKeyInserted(keyType, keyID) +{ + var arr = GetAvailableCOOLKeys(); + var curKeyType = null; + var curKeyID = null; + var curKeyStatus = null; + var i = 0; + var enrollbtn = document.getElementById('enrollbtn'); + while(1) { + if (arr && arr.length <= 1 ) + { + toggleButton('enrollbtn','off'); + return; + } + if (arr && arr.length > 1 ) + { + toggleButton('enrollbtn','on'); + } + curKeyType = arr[i][0]; + curKeyID = arr[i][1]; + + var curKeyStatus = GetStatusForKeyID(curKeyType, curKeyID); + if(!(curKeyID == officerToken && curKeyStatus == "ENROLLED")) { + break; + } + i++; + } + + if (curKeyStatus == "ENROLLED" || curKeyStatus == "UNINITIALIZED") { + updateKeyText('An ' + curKeyStatus + ' smartcard "' + curKeyID + '" is detected!'); + } else { + updateKeyText('A ' + curKeyStatus + ' smartcard "' + curKeyID + '" is detected!'); + } + + var uid = null; + var isAgent = null; + UserSelectRowByKeyID(curKeyType, curKeyID); + + if(curKeyStatus == "ENROLLED") + { + uid = GetCoolKeyIssuedTo(curKeyType,curKeyID); + if(uid) + { + isAgent = window.IsAgentOrUser(uid,"agent"); + } + if(isAgent == true) + { + MyAlert("You can't Enroll a card that belongs to another Security Officer!"); + updateKeyText('A ' + curKeyStatus + ' smartcard "' + curKeyID + '" SECURITY OFFICER is detected!'); + toggleButton('enrollbtn','off'); + } + } +} + + +function UserOnCOOLKeyRemoved(keyType, keyID) +{ + updateKeyText('Please insert a blank smartcard now!'); +} + +function UserOnCOOLKeyStatusUpdate(data) +{ + var progress = document.getElementById("progress"); + if(progress) + progress.innerHTML = data + "%"; +} + +function toggleAjaxProgress(id, i) +{ + var e = document.getElementById(id); + if (i == 'off') { + e.style.display = 'none'; + } else { + e.style.display = 'block'; + } +} + +function toggleButton(id, i) +{ + var e = document.getElementById(id); + if (i == 'off') { + e.disabled = true; + } else { + e.disabled = false; + } +} + +function onUserKeyUp(e) +{ + var pintf = document.getElementById('pintf'); + var reenterpintf = document.getElementById('reenterpintf'); + var enrollbtn = document.getElementById('enrollbtn'); + if (e.keyCode == 13) { + if (e.target == pintf) { + reenterpintf.focus(); + } else { + pintf.focus(); + } + } + if (pintf.value != '' && pintf.value == reenterpintf.value) { + enrollbtn.disabled = false; + } else { + enrollbtn.disabled = true; + } + return e; +} + +// --> +</script> +</head> + +<body onload="InitializeBindingTable();" onunload=cleanup()> + +<progressmeter id="progress-id" hidden="true" align = "center"/> + +<div id="pb" style="display:none;"> + <table id="BindingTable" width="200px" align="center"> + <tr id="HeaderRow"> + </tr> + </table> +</div> +<div id="header"> + <div id="logo"> + <h3>Security Officer Station</h3> + </div> +</div> + +<div id="content"> + <div id="maintext"> + <div id="topmenu"> + | <a href="/cgi-bin/sow/main.cgi">Main</a> | + </div> + <blockquote><p>The security officer has identified the user as <strong>$cn</strong>. The User ID is <strong>$uid</strong>.</p> +</blockquote> +<h2><span id="keytext">Please insert new smartcard now!</span></h2> + <blockquote><p>The user must provide a password to protect the smart card.</p> </blockquote> + New Token Password:<br> + <input type="password" id="pintf" name="pintf" value=""><br/> + Re-Enter Token Password:<br> + <input type="password" id="reenterpintf" name="reenterpintf" value=""><br/> + <input type="hidden" id="snametf" value="$uid"> + User Password:<br> + <input type="password" id="snamepwd" value=""> + <table width="100%"> + <tr> +<td> +<div id="ajax-pb" style="display:none;"> + <img src="/pki/esc/sow/images/indicator.gif"> + <h2 id="progress" name="progress" value="0%" ></h2> + </table> + +</div> +</td> + <td align="right"> + <input type="button" id="enrollbtn" name="enrollbtn" value="Start Enrollment" onClick="toggleButton('enrollbtn','off');toggleButton('cancel', 'off');toggleAjaxProgress('ajax-pb','on');DoEnrollCOOLKey();"> + <input type="submit" id="cancel" name="cancel" value="Cancel" onClick="javascript:location.href='/cgi-bin/sow/search.cgi';"> + </td> + </tr> + </table> + </div> +</div> +</body></html> diff --git a/base/tps/apache/cgi-bin/sow/enroll_temp.cgi b/base/tps/apache/cgi-bin/sow/enroll_temp.cgi new file mode 100755 index 000000000..5817039a2 --- /dev/null +++ b/base/tps/apache/cgi-bin/sow/enroll_temp.cgi @@ -0,0 +1,246 @@ +#! /usr/bin/perl -w +# +# --- BEGIN COPYRIGHT BLOCK --- +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; +# version 2.1 of the License. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301 USA +# +# Copyright (C) 2007 Red Hat, Inc. +# All rights reserved. +# --- END COPYRIGHT BLOCK --- +# +######################################################################## +# +# Script: esc.cgi +# Author: Kin Blas () +# Date: 12/19/2003 +# +# CGI.pm Docs: +# +# http://stein.cshl.org/WWW/software/CGI/ +# +######################################################################## + +[REQUIRE_CFG_PL] + +use CGI; +use Mozilla::LDAP::Conn; +use PKI::TPS::Common; + +$gQuery = new CGI; + +sub authorize +{ + my $client_dn = $ENV{'SSL_CLIENT_S_DN'}; + $client_dn =~ tr/A-Z/a-z/; # all lower cases + $client_dn =~ s/\s+//g; # remove all spacing + + if (&is_agent($client_dn)) { + return 1; + } + return 0; +} + +sub DoPage +{ + if (!&authorize()) { + print $gQuery->redirect("/cgi-bin/sow/noaccess.cgi"); + return; + } + + $gQueryAction = "default"; + $gQueryOverrideAction = "default"; + + @gCookieNames = ("ascScreenName", + "ascSubscriptionType", + "ascBindings"); + + $gQueryAction = $gQuery->param("action") if + (defined $gQuery->param("action")); + + $gQueryOverrideAction = $gQuery->param("override_action") + if (defined $gQuery->param("override_action")); + + if ($gQueryOverrideAction ne "default") + { + $gQueryAction = $gQueryOverrideAction; + } + +######################################################################## +# +# If no action was provided, we default to showing our +# admin page! +# +# http://www.foo.com/esc.cgi +# +######################################################################## + + if ($gQueryAction eq "default") + { + GenerateEnrollmentPage(); + exit 0; + } +} + +sub ExitError +{ + my($str) = @_; + print $gQuery->header(), $gQuery->start_html(), $str, $gQuery->end_html(); + exit 0; +} + +sub GetScreenName +{ + my $sn = ""; + + if (defined $gQuery->param("screenname")) + { + $sn = $gQuery->param("screenname"); + } else { + $sn = "default"; + } + + return $sn; +} + +sub GetKeyType +{ + my $keyType = 0; + + if (defined $gQuery->param("keytype")) + { + $keyType = $gQuery->param("keytype"); + } + + return $keyType; +} + +sub GetKeyID +{ + my $keyID = ""; + + if (defined $gQuery->param("keyid")) + { + $keyID = $gQuery->param("keyid"); + } + + return $keyID; +} + +sub GetKeyLabelArg +{ + my $keyLabel = ""; + + if (defined $gQuery->param("keylabel")) + { + $keyLabel = $gQuery->param("keylabel"); + } + + return $keyLabel; +} + +sub HaveScreenName +{ + return 1 if (GetScreenName() ne ""); + return 0; +} + +sub IsSubscriber +{ + my $subType = $gUserObj{'SUBSCRIPTION'}; + return 1 if ($subType eq "HouseKey" || $subType eq "NetKey"); + + return 0; +} + +sub GetNextAction +{ + my($nextActn) = "default"; + + if (defined $gQuery->param('nextaction')) + { + $nextActn = $gQuery->param('nextaction'); + } + elsif (defined $gQuery->param('action')) + { + $nextActn = $gQuery->param('action'); + } + + return $nextActn; +} + +sub GenerateEnrollmentPage +{ + my ($l); + my $ldap_host = get_ldap_host(); + my $ldap_port = get_ldap_port(); + my $secureconn = get_ldap_secure(); + my $basedn = get_base_dn(); + my $port = get_port(); + my $host = get_host(); + my $secure_port = get_secure_port(); + my $certdir = get_ldap_certdir(); + + ExitError("Failed to load enrollment page!") if (!open(ENROLL_FILE, "< enroll_temp.html")); + + print $gQuery->header(); + + my $uid = $gQuery->param("uid"); + + my $conn = PKI::TPS::Common::make_connection( + {host => $ldap_host, port => $ldap_port, cert => $certdir}, + $secureconn); + + ExitError("Failed to connect to the database. $msg") if (!$conn); + + my $entry = $conn->search ( $basedn, + "sub", + "uid=$uid", + 0 + ); + + if (!$entry) { + $conn->close(); + ExitError("User $uid not found"); + } + + my $givenName = ($entry->getValues("givenName"))[0] || "-"; + my $cn = ($entry->getValues("cn"))[0] || "-"; + my $sn = ($entry->getValues("sn"))[0] ||"-"; + $uid = ($entry->getValues("uid"))[0] || "-"; + my $mail = ($entry->getValues("mail"))[0] || "-"; + my $phone = ($entry->getValues("telephoneNumber"))[0] || "-"; + my $departmentNumber = ($entry->getValues("departmentNumber"))[0] || ""; + my $employeeNumber = ($entry->getValues("employeeNumber"))[0] || ""; + + while ($l = <ENROLL_FILE>) + { + $l =~ s/\$mail/$mail/g; + $l =~ s/\$uid/$uid/g; + $l =~ s/\$givenName/$givenName/g; + $l =~ s/\$sn/$sn/g; + $l =~ s/\$cn/$cn/g; + $l =~ s/\$phone/$phone/g; + $l =~ s/\$departmentNumber/$departmentNumber/g; + $l =~ s/\$employeeNumber/$employeeNumber/g; + $l =~ s/\$host/$host/g; + $l =~ s/\$port/$port/g; + $l =~ s/\$secure_port/$secure_port/g; + print $l; + } + + close(ENROLL_FILE); +} + +&DoPage(); diff --git a/base/tps/apache/cgi-bin/sow/enroll_temp.html b/base/tps/apache/cgi-bin/sow/enroll_temp.html new file mode 100755 index 000000000..3f2b31ce6 --- /dev/null +++ b/base/tps/apache/cgi-bin/sow/enroll_temp.html @@ -0,0 +1,231 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2009 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<html> +<head> +<meta http-equiv="Content-Type" content="text/html; charset=utf-8"> +<link rel=stylesheet href="/esc/sow/style.css" type="text/css"> + +<title>Enrollment</title> +<script type="text/javascript" src="/esc/sow/js/prototype.js"></script> +<script type="text/javascript" src="/esc/sow/js/scriptaculous.js?load=effects"></script> +<script type="text/JavaScript" src="/esc/sow/util.js"></script> +<link rel="stylesheet" href="/esc/sow/style.css" media="screen" type="text/css"> +<script type="text/javascript"> +<!-- +function UserOnCOOLKeyStateError() +{ + toggleAjaxProgress('ajax-pb', 'off'); + toggleButton('enrollbtn', 'on'); + toggleButton('cancel', 'on'); +} + +function UserSelectRowByKeyID(keyType, keyID) +{ + DoCoolKeySetConfigValue("Operation-" + keyID, + "https://$host:$secure_port/nk_service"); + DoCoolKeySetConfigValue("TokenType-" + keyID, "userKey"); + SelectRowByKeyID(keyType, keyID); +} + +function updateKeyText(text) +{ + var f = document.getElementById('keytext'); + new Effect.Shake(f); + var text = document.createTextNode(text); + var len= f.childNodes.length; + for (i=0;i<len;i++){ + f.removeChild(f.childNodes[0]); + } + f.appendChild(text); +} + +var officerToken = null; +function UserOnDoneInitializeBindingTable() +{ + // display existing blank smart + var arr = GetAvailableCOOLKeys(); + if (!arr || arr.length < 1) + return; + var i; + for (i=0; i < arr.length; i++) + { + var keyType = arr[i][0]; + var keyID = arr[i][1]; + var keyStatus = GetStatusForKeyID(keyType, keyID); + if (keyStatus == "BLANK") { + updateKeyText('A ' + keyStatus + ' smartcard "' + keyID + '" is detected!'); + UserSelectRowByKeyID(keyType, keyID); + } else if (keyStatus == "UNINITIALIZED") { + updateKeyText('An ' + keyStatus + ' smartcard "' + keyID + '" is detected!'); + UserSelectRowByKeyID(keyType, keyID); + } + + if(keyStatus == "ENROLLED" ) { + var uid = GetCoolKeyIssuedTo(keyType,keyID); + if(uid) + { + isAgent = window.IsAgentOrUser(uid,"agent"); + } + if(isAgent == true) + { + officerToken = keyID; + } + } + + } +} + +function UserOnCOOLKeyInserted(keyType, keyID) +{ + var arr = GetAvailableCOOLKeys(); + var curKeyType = null; + var curKeyID = null; + var curKeyStatus = null; + var i = 0; + var enrollbtn = document.getElementById('enrollbtn'); + while(1) { + if (arr && arr.length <= 1 ) + { + toggleButton('enrollbtn','off'); + return; + } + if (arr && arr.length > 1 ) + { + toggleButton('enrollbtn','on'); + } + curKeyType = arr[i][0]; + curKeyID = arr[i][1]; + + var curKeyStatus = GetStatusForKeyID(curKeyType, curKeyID); + if(!(curKeyID == officerToken && curKeyStatus == "ENROLLED")) { + break; + } + i++; + } + + if (curKeyStatus == "ENROLLED" || curKeyStatus == "UNINITIALIZED") { + updateKeyText('An ' + curKeyStatus + ' smartcard "' + curKeyID + '" is detected!'); + } else { + updateKeyText('A ' + curKeyStatus + ' smartcard "' + curKeyID + '" is detected!'); + } + + var uid = null; + var isAgent = null; + UserSelectRowByKeyID(curKeyType, curKeyID); + + if(curKeyStatus == "ENROLLED") + { + uid = GetCoolKeyIssuedTo(curKeyType,curKeyID); + if(uid) + { + isAgent = window.IsAgentOrUser(uid,"agent"); + } + if(isAgent == true) + { + MyAlert("You can't Enroll a temporary card that belongs to another Security Officer!"); + updateKeyText('A ' + curKeyStatus + ' smartcard "' + curKeyID + '" SECURITY OFFICER is detected!'); + toggleButton('enrollbtn','off'); + } + } +} + +function UserOnCOOLKeyRemoved(keyType, keyID) +{ + updateKeyText('Please insert a blank smartcard now!'); +} + +function UserOnCOOLKeyStatusUpdate(data) +{ + var progress = document.getElementById("progress"); + if(progress) + progress.innerHTML = data + "%"; +} + + +function toggleAjaxProgress(id, i) +{ + var e = document.getElementById(id); + if (i == 'off') { + e.style.display = 'none'; + } else { + e.style.display = 'block'; + } +} + +function toggleButton(id, i) +{ + var e = document.getElementById(id); + if (i == 'off') { + e.disabled = true; + } else { + e.disabled = false; + } +} +// --> +</script> +</head> + +<body onload="InitializeBindingTable();" onunload=cleanup()> + +<progressmeter id="progress-id" hidden="true" align = "center"/> + +<div id="pb" style="display:none;"> + <table id="BindingTable" width="200px" align="center"> + <tr id="HeaderRow"> + </tr> + </table> +</div> +<div id="header"> + <div id="logo"> + <h3>Security Officer Station</h3> + </div> +</div> + +<div id="content"> + <div id="maintext"> + <div id="topmenu"> + | <a href="/cgi-bin/sow/main.cgi">Main</a> | + </div> + <blockquote><p>The security officer has identified the user as <strong>$cn</strong>. The User ID is <strong>$uid</strong>.</p> +</blockquote> +<h3><span id="keytext">Please insert new smartcard now!</span></h3> + <blockquote><p>The user must provide a password to protect the smart card.</p> </blockquote> + <h3>New Token Password:</h3> + <input type="password" id="pintf" name="pintf" value=""><br/> + <h3>Re-Enter Token Password:</h3> + <input type="password" id="reenterpintf" name="reenterpintf" value=""><br/> + <input type="hidden" id="snametf" value="$uid"> + <h3>User Password:</h3> + <input type="password" id="snamepwd" value=""><br/> + <table width="100%"> + <tr> +<td> +<div id="ajax-pb" style="display:none;"> + <img src="/pki/esc/sow/images/indicator.gif"> + <h2 id="progress" name="progress" value="0%" ></h2> +</div> +</td> + <td align="right"> + <input type="button" id="enrollbtn" name="enrollbtn" value="Start Enrollment" onClick="toggleButton('enrollbtn','off');toggleButton('cancel', 'off');toggleAjaxProgress('ajax-pb','on');DoEnrollTempCOOLKey();"> + <input type="submit" id="cancel" name="cancel" value="Cancel" onClick="javascript:location.href='/cgi-bin/sow/search.cgi';"> + </td> + </tr> + </table> + </div> +</div> +</body></html> diff --git a/base/tps/apache/cgi-bin/sow/format.cgi b/base/tps/apache/cgi-bin/sow/format.cgi new file mode 100755 index 000000000..9b310991d --- /dev/null +++ b/base/tps/apache/cgi-bin/sow/format.cgi @@ -0,0 +1,207 @@ +#! /usr/bin/perl -w +# +# --- BEGIN COPYRIGHT BLOCK --- +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; +# version 2.1 of the License. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301 USA +# +# Copyright (C) 2007 Red Hat, Inc. +# All rights reserved. +# --- END COPYRIGHT BLOCK --- +# +######################################################################## +# +# Script: esc.cgi +# Author: Kin Blas () +# Date: 12/19/2003 +# +# CGI.pm Docs: +# +# http://stein.cshl.org/WWW/software/CGI/ +# +######################################################################## + +[REQUIRE_CFG_PL] + +use CGI; + +my $ldapHost = get_ldap_host(); +my $ldapPort = get_ldap_port(); +my $basedn = get_base_dn(); +my $host = get_host(); +my $port = get_port(); +my $secure_port = get_secure_port(); + +$gQuery = new CGI; + +sub authorize +{ + my $client_dn = $ENV{'SSL_CLIENT_S_DN'}; + $client_dn =~ tr/A-Z/a-z/; # all lower cases + $client_dn =~ s/\s+//g; # remove all spacing + + if (&is_agent($client_dn)) { + return 1; + } + return 0; +} + +sub DoPage +{ + if (!&authorize()) { + print $gQuery->redirect("/cgi-bin/sow/noaccess.cgi"); + return; + } + + $gQueryAction = "default"; + $gQueryOverrideAction = "default"; + + @gCookieNames = ("ascScreenName", + "ascSubscriptionType", + "ascBindings"); + + $gQueryAction = $gQuery->param("action") if + (defined $gQuery->param("action")); + + $gQueryOverrideAction = $gQuery->param("override_action") + if (defined $gQuery->param("override_action")); + + if ($gQueryOverrideAction ne "default") + { + $gQueryAction = $gQueryOverrideAction; + } + +######################################################################## +# +# If no action was provided, we default to showing our +# admin page! +# +# http://www.foo.com/esc.cgi +# +######################################################################## + + if ($gQueryAction eq "default") + { + GeneratePage(); + exit 0; + } +} + +sub ExitError +{ + my($str) = @_; + print $gQuery->header(), $gQuery->start_html(), $str, $gQuery->end_html(); + exit 0; +} + +sub GetScreenName +{ + my $sn = ""; + + if (defined $gQuery->param("screenname")) + { + $sn = $gQuery->param("screenname"); + } else { + $sn = "default"; + } + + return $sn; +} + +sub GetKeyType +{ + my $keyType = 0; + + if (defined $gQuery->param("keytype")) + { + $keyType = $gQuery->param("keytype"); + } + + return $keyType; +} + +sub GetKeyID +{ + my $keyID = ""; + + if (defined $gQuery->param("keyid")) + { + $keyID = $gQuery->param("keyid"); + } + + return $keyID; +} + +sub GetKeyLabelArg +{ + my $keyLabel = ""; + + if (defined $gQuery->param("keylabel")) + { + $keyLabel = $gQuery->param("keylabel"); + } + + return $keyLabel; +} + +sub HaveScreenName +{ + return 1 if (GetScreenName() ne ""); + return 0; +} + +sub IsSubscriber +{ + my $subType = $gUserObj{'SUBSCRIPTION'}; + return 1 if ($subType eq "HouseKey" || $subType eq "NetKey"); + + return 0; +} + +sub GetNextAction +{ + my($nextActn) = "default"; + + if (defined $gQuery->param('nextaction')) + { + $nextActn = $gQuery->param('nextaction'); + } + elsif (defined $gQuery->param('action')) + { + $nextActn = $gQuery->param('action'); + } + + return $nextActn; +} + +sub GeneratePage +{ + my ($l); + + ExitError("Failed to load enrollment page!") if (!open(ENROLL_FILE, "< format.html")); + + print $gQuery->header(); + + while ($l = <ENROLL_FILE>) + { + $l =~ s/\$host/$host/g; + $l =~ s/\$port/$port/g; + $l =~ s/\$secure_port/$secure_port/g; + print $l; + } + + close(ENROLL_FILE); +} + +&DoPage(); diff --git a/base/tps/apache/cgi-bin/sow/format.html b/base/tps/apache/cgi-bin/sow/format.html new file mode 100755 index 000000000..3af35589b --- /dev/null +++ b/base/tps/apache/cgi-bin/sow/format.html @@ -0,0 +1,236 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2009 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<html> +<head> +<meta http-equiv="Content-Type" content="text/html; charset=utf-8"> +<link rel=stylesheet href="/esc/sow/style.css" type="text/css"> + +<title>Enrollment</title> +<script type="text/javascript" src="/esc/sow/js/prototype.js"></script> +<script type="text/javascript" src="/esc/sow/js/scriptaculous.js?load=effects"></script> +<script type="text/JavaScript" src="/esc/sow/util.js"></script> +<link rel="stylesheet" href="/esc/sow/css/style.css" media="screen" type="text/css"> +<script type="text/javascript"> +<!-- + +function UserOnCOOLKeyStateError() +{ + toggleAjaxProgress('ajax-pb', 'off'); + toggleButton('enrollbtn', 'on'); + toggleButton('cancel', 'on'); +} + +function UserOnCOOLKeyFormatComplete() +{ + toggleAjaxProgress('ajax-pb', 'off'); + toggleButton('enrollbtn', 'on'); + toggleButton('cancel', 'on'); +} + +function updateKeyText(text) +{ + var f = document.getElementById('keytext'); + new Effect.Shake(f); + var text = document.createTextNode(text); + var len= f.childNodes.length; + for (i=0;i<len;i++){ + f.removeChild(f.childNodes[0]); + } + f.appendChild(text); +} + +function UserSelectRowByKeyID(keyType, keyID) +{ + DoCoolKeySetConfigValue("Operation-" + keyID, + "https://$host:$secure_port/nk_service"); + DoCoolKeySetConfigValue("TokenType-" + keyID, "userKey"); + SelectRowByKeyID(keyType, keyID); +} + +var officerToken = null; + +function UserOnDoneInitializeBindingTable() +{ + // display existing blank smart + var arr = GetAvailableCOOLKeys(); + if (!arr || arr.length < 1) + return; + var i; + for (i=0; i < arr.length; i++) + { + var keyType = arr[i][0]; + var keyID = arr[i][1]; + var keyStatus = GetStatusForKeyID(keyType, keyID); + if (keyStatus == "BLANK") { + updateKeyText('A ' + keyStatus + ' smartcard "' + keyID + '" is detected!'); + UserSelectRowByKeyID(keyType, keyID); + } else if (keyStatus == "UNINITIALIZED") { + updateKeyText('An ' + keyStatus + ' smartcard "' + keyID + '" is detected!'); + UserSelectRowByKeyID(keyType, keyID); + } + + if(keyStatus == "ENROLLED" ) { + var uid = GetCoolKeyIssuedTo(keyType,keyID); + if(uid) + { + isAgent = window.IsAgentOrUser(uid,"agent"); + } + if(isAgent == true) + { + officerToken = keyID; + } + } + } + + if (arr && arr.length <= 1 ) + { + toggleButton('enrollbtn','off'); + } +} + +function UserOnCOOLKeyInserted(keyType, keyID) +{ + var arr = GetAvailableCOOLKeys(); + var curKeyType = null; + var curKeyID = null; + var curKeyStatus = null; + var i = 0; + while(1) { + if (arr && arr.length <= 1 ) + { + toggleButton('enrollbtn','off'); + return; + } + if (arr && arr.length > 1 ) + { + toggleButton('enrollbtn','on'); + } + curKeyType = arr[i][0]; + curKeyID = arr[i][1]; + + var curKeyStatus = GetStatusForKeyID(curKeyType, curKeyID); + if(!(curKeyID == officerToken && curKeyStatus == "ENROLLED")) { + break; + } + i++; + } + + if (curKeyStatus == "ENROLLED" || curKeyStatus == "UNINITIALIZED") { + updateKeyText('An ' + curKeyStatus + ' smartcard "' + curKeyID + '" is detected!'); + } else { + updateKeyText('A ' + curKeyStatus + ' smartcard "' + curKeyID + '" is detected!'); + } + + var uid = null; + var isAgent = null; + UserSelectRowByKeyID(curKeyType, curKeyID); + + if(curKeyStatus == "ENROLLED") + { + uid = GetCoolKeyIssuedTo(curKeyType,curKeyID); + if(uid) + { + isAgent = window.IsAgentOrUser(uid,"agent"); + } + if(isAgent == true) + { + MyAlert("You can't Format a card that belongs to another Security Officer!"); + updateKeyText('A ' + curKeyStatus + ' smartcard "' + curKeyID + '" SECURITY OFFICER is detected!'); + toggleButton('enrollbtn','off'); + } + } +} + +function UserOnCOOLKeyRemoved(keyType, keyID) +{ + updateKeyText('Please insert a blank smartcard now!'); +} + +function UserOnCOOLKeyStatusUpdate(data) +{ + var progress = document.getElementById("progress"); + + if(progress) + progress.innerHTML = data + "%"; +} + +function toggleAjaxProgress(id, i) +{ + var e = document.getElementById(id); + if (i == 'off') { + e.style.display = 'none'; + } else { + e.style.display = 'block'; + } +} + +function toggleButton(id, i) +{ + var e = document.getElementById(id); + if (i == 'off') { + e.disabled = true; + } else { + e.disabled = false; + } +} +// --> +</script> +</head> + +<body onload="InitializeBindingTable();" onunload="cleanup();"> + +<progressmeter id="progress-id" hidden="true" align = "center"/> + +<div id="pb" style="display:none;"> + <table id="BindingTable" width="200px" align="center"> + <tr id="HeaderRow"> + </tr> + </table> +</div> +<div id="header"> + <div id="logo"> + <h3>Security Officer Station</h3> + </div> +</div> + +<div id="content"> + <div id="maintext"> + <div id="topmenu"> + | <a href="/cgi-bin/sow/main.cgi">Main</a> | + </div> +<br/> +<blockquote>This will erase the phone home URL and format the user token.</blockquote> +<h3><span id="keytext">Please insert new smartcard now!</span></h3> + <br/> + <table width="100%"> + <tr> +<td> +<div id="ajax-pb" style="display:none;"> + <img src="/pki/esc/sow/images/indicator.gif"> + <h2 id="progress" name="progress" value="0%" ></h2> +</div> +</td> + <td align="right"> + <input type="button" id="enrollbtn" name="enrollbtn" value="Format" onClick="toggleButton('enrollbtn','off');toggleButton('cancel', 'off');toggleAjaxProgress('ajax-pb','on');DoFormatCOOLKey();"> + <input type="submit" id="cancel" name="cancel" value="Cancel" onClick="javascript:location.href='/cgi-bin/sow/search.cgi';"> + </td> + </tr> + </table> + </div> +</div> +</body></html> diff --git a/base/tps/apache/cgi-bin/sow/formatso.cgi b/base/tps/apache/cgi-bin/sow/formatso.cgi new file mode 100755 index 000000000..d53129139 --- /dev/null +++ b/base/tps/apache/cgi-bin/sow/formatso.cgi @@ -0,0 +1,207 @@ +#! /usr/bin/perl -w +# +# --- BEGIN COPYRIGHT BLOCK --- +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; +# version 2.1 of the License. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301 USA +# +# Copyright (C) 2007 Red Hat, Inc. +# All rights reserved. +# --- END COPYRIGHT BLOCK --- +# +######################################################################## +# +# Script: esc.cgi +# Author: Kin Blas () +# Date: 12/19/2003 +# +# CGI.pm Docs: +# +# http://stein.cshl.org/WWW/software/CGI/ +# +######################################################################## + +[REQUIRE_CFG_PL] + +use CGI; + +my $ldapHost = get_ldap_host(); +my $ldapPort = get_ldap_port(); +my $basedn = get_base_dn(); +my $host = get_host(); +my $port = get_port(); +my $secure_port = get_secure_port(); + +$gQuery = new CGI; + +sub authorize +{ + my $client_dn = $ENV{'SSL_CLIENT_S_DN'}; + $client_dn =~ tr/A-Z/a-z/; # all lower cases + $client_dn =~ s/\s+//g; # remove all spacing + + if (&is_agent($client_dn)) { + return 1; + } + return 0; +} + +sub DoPage +{ + if (!&authorize()) { + print $gQuery->redirect("/cgi-bin/sow/noaccess.cgi"); + return; + } + + $gQueryAction = "default"; + $gQueryOverrideAction = "default"; + + @gCookieNames = ("ascScreenName", + "ascSubscriptionType", + "ascBindings"); + + $gQueryAction = $gQuery->param("action") if + (defined $gQuery->param("action")); + + $gQueryOverrideAction = $gQuery->param("override_action") + if (defined $gQuery->param("override_action")); + + if ($gQueryOverrideAction ne "default") + { + $gQueryAction = $gQueryOverrideAction; + } + +######################################################################## +# +# If no action was provided, we default to showing our +# admin page! +# +# http://www.foo.com/esc.cgi +# +######################################################################## + + if ($gQueryAction eq "default") + { + GeneratePage(); + exit 0; + } +} + +sub ExitError +{ + my($str) = @_; + print $gQuery->header(), $gQuery->start_html(), $str, $gQuery->end_html(); + exit 0; +} + +sub GetScreenName +{ + my $sn = ""; + + if (defined $gQuery->param("screenname")) + { + $sn = $gQuery->param("screenname"); + } else { + $sn = "default"; + } + + return $sn; +} + +sub GetKeyType +{ + my $keyType = 0; + + if (defined $gQuery->param("keytype")) + { + $keyType = $gQuery->param("keytype"); + } + + return $keyType; +} + +sub GetKeyID +{ + my $keyID = ""; + + if (defined $gQuery->param("keyid")) + { + $keyID = $gQuery->param("keyid"); + } + + return $keyID; +} + +sub GetKeyLabelArg +{ + my $keyLabel = ""; + + if (defined $gQuery->param("keylabel")) + { + $keyLabel = $gQuery->param("keylabel"); + } + + return $keyLabel; +} + +sub HaveScreenName +{ + return 1 if (GetScreenName() ne ""); + return 0; +} + +sub IsSubscriber +{ + my $subType = $gUserObj{'SUBSCRIPTION'}; + return 1 if ($subType eq "HouseKey" || $subType eq "NetKey"); + + return 0; +} + +sub GetNextAction +{ + my($nextActn) = "default"; + + if (defined $gQuery->param('nextaction')) + { + $nextActn = $gQuery->param('nextaction'); + } + elsif (defined $gQuery->param('action')) + { + $nextActn = $gQuery->param('action'); + } + + return $nextActn; +} + +sub GeneratePage +{ + my ($l); + + ExitError("Failed to load enrollment page!") if (!open(ENROLL_FILE, "< formatso.html")); + + print $gQuery->header(); + + while ($l = <ENROLL_FILE>) + { + $l =~ s/\$host/$host/g; + $l =~ s/\$port/$port/g; + $l =~ s/\$secure_port/$secure_port/g; + print $l; + } + + close(ENROLL_FILE); +} + +&DoPage(); diff --git a/base/tps/apache/cgi-bin/sow/formatso.html b/base/tps/apache/cgi-bin/sow/formatso.html new file mode 100755 index 000000000..d09666c5a --- /dev/null +++ b/base/tps/apache/cgi-bin/sow/formatso.html @@ -0,0 +1,186 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2009 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<html> +<head> +<meta http-equiv="Content-Type" content="text/html; charset=utf-8"> +<link rel=stylesheet href="/esc/sow/style.css" type="text/css"> + +<title>Enrollment</title> +<script type="text/javascript" src="/esc/sow/js/prototype.js"></script> +<script type="text/javascript" src="/esc/sow/js/scriptaculous.js?load=effects"></script> +<script type="text/JavaScript" src="/esc/sow/util.js"></script> +<link rel="stylesheet" href="/esc/sow/css/style.css" media="screen" type="text/css"> +<script type="text/javascript"> +<!-- +function UserOnCOOLKeyStateError() +{ + toggleAjaxProgress('ajax-pb', 'off'); + toggleButton('enrollbtn', 'on'); + toggleButton('cancel', 'on'); +} + +function UserOnCOOLKeyFormatComplete() +{ + toggleAjaxProgress('ajax-pb', 'off'); + toggleButton('enrollbtn', 'on'); + toggleButton('cancel', 'on'); +} + +function updateKeyText(text) +{ + var f = document.getElementById('keytext'); + new Effect.Shake(f); + var text = document.createTextNode(text); + var len= f.childNodes.length; + for (i=0;i<len;i++){ + f.removeChild(f.childNodes[0]); + } + f.appendChild(text); +} + +function UserOnCOOLKeyStatusUpdate(data) +{ + var progress = document.getElementById("progress"); + + if(progress) + progress.innerHTML = data + "%"; +} + +function UserSelectRowByKeyID(keyType, keyID) +{ + DoCoolKeySetConfigValue("Operation-" + keyID, + "https://$host:$secure_port/nk_service"); + DoCoolKeySetConfigValue("TokenType-" + keyID, "userKey"); + SelectRowByKeyID(keyType, keyID); +} + +function UserOnDoneInitializeBindingTable() +{ + // display existing blank smart + var arr = GetAvailableCOOLKeys(); + if (!arr || arr.length < 1) + return; + var i; + for (i=0; i < arr.length; i++) + { + var keyType = arr[i][0]; + var keyID = arr[i][1]; + UserOnCOOLKeyInserted(keyType,keyID); + } +} + +function UserOnCOOLKeyInserted(keyType, keyID) +{ + var keyStatus = GetStatusForKeyID(keyType, keyID); + if (keyStatus == "ENROLLED" || keyStatus == "UNINITIALIZED") { + updateKeyText('An ' + keyStatus + ' smartcard "' + keyID + '" is detected!'); + } else { + updateKeyText('A ' + keyStatus + ' smartcard "' + keyID + '" is detected!'); + } + UserSelectRowByKeyID(keyType, keyID); + var uid = null; + var isUser = false; + + if(keyStatus == "ENROLLED") + { + uid = GetCoolKeyIssuedTo(keyType,keyID); + + if(uid) + { + isUser = IsAgentOrUser(uid,"user"); + } + if(isUser == true) + { + MyAlert("You can't Format a User card here! Try another card."); + + updateKeyText('A ' + keyStatus + ' smartcard "' + keyID + '" USER is detected!'); + toggleButton('enrollbtn','off'); + } + } +} + +function UserOnCOOLKeyRemoved(keyType, keyID) +{ + updateKeyText('Please insert a blank smartcard now!'); +} + +function toggleAjaxProgress(id, i) +{ + var e = document.getElementById(id); + if (i == 'off') { + e.style.display = 'none'; + } else { + e.style.display = 'block'; + } +} + +function toggleButton(id, i) +{ + var e = document.getElementById(id); + if (i == 'off') { + e.disabled = true; + } else { + e.disabled = false; + } +} +// --> +</script> +</head> + +<body onload="InitializeBindingTable();" onunload=cleanup()> + +<progressmeter id="progress-id" hidden="true" align = "center"/> + +<div id="pb" style="display:none;"> + <table id="BindingTable" width="200px" align="center"> + <tr id="HeaderRow"> + </tr> + </table> +</div> +<div id="header"> + <div id="logo"> + <h3>Security Officer Station</h3> + </div> +</div> + +<div id="content"> + <div id="maintext"> + <div id="topmenu"> + | <a href="/cgi-bin/sow/main.cgi">Main</a> | + </div> +<br/> +<blockquote>This will erase the phone home URL and format the SO token, so that you can start the demonstration all over again. <br/><br/>WARNING: You will not be able to access the security officer station after this operation.</blockquote> +<h3><span id="keytext">Please insert new smartcard now!</span></h3> + <br/> + <table width="100%"> + <tr> +<td> +<div id="ajax-pb" style="display:none;"> + <img src="/pki/esc/sow/images/indicator.gif"> + <h2 id="progress" name="progress" value="0%" ></h2> +</div> +</td> + <td align="right"> + <input type="button" id="enrollbtn" name="enrollbtn" value="Format" onClick="toggleButton('enrollbtn','off');toggleButton('cancel', 'off');toggleAjaxProgress('ajax-pb','on');DoFormatSoCOOLKey();"> + <input type="submit" id="cancel" name="cancel" value="Cancel" onClick="javascript:location.href='/cgi-bin/sow/search.cgi';"> + </td> + </tr> + </table> + </div> +</div> +</body></html> diff --git a/base/tps/apache/cgi-bin/sow/index.cgi b/base/tps/apache/cgi-bin/sow/index.cgi new file mode 100755 index 000000000..7f7a98869 --- /dev/null +++ b/base/tps/apache/cgi-bin/sow/index.cgi @@ -0,0 +1,42 @@ +#!/usr/bin/perl +# +# --- BEGIN COPYRIGHT BLOCK --- +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; +# version 2.1 of the License. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301 USA +# +# Copyright (C) 2007 Red Hat, Inc. +# All rights reserved. +# --- END COPYRIGHT BLOCK --- +# +# +# +# +print "Content-type: text/xml\n\n"; +print "<\?xml version=\"1.0\" encoding=\"UTF-8\"\?>"; +print "<ServiceInfo>"; +print "<IssuerName>"; +print "Fedora Project"; # Vendor +print "</IssuerName>\n"; +print "<Services>"; +print "<Operation>"; +print "https://[SERVER_NAME]:[SECURE_PORT]/nk_service"; +print "</Operation>"; +print "<UI>"; +print "https://[SERVER_NAME]:[SECURE_PORT]/cgi-bin/sow/search.cgi"; +print "</UI>"; +print "<EnrolledTokenBrowserURL>"; +print "</EnrolledTokenBrowserURL>"; +print "</Services>"; +print "</ServiceInfo>"; diff --git a/base/tps/apache/cgi-bin/sow/is_agent.cgi b/base/tps/apache/cgi-bin/sow/is_agent.cgi new file mode 100755 index 000000000..c6b6a87f7 --- /dev/null +++ b/base/tps/apache/cgi-bin/sow/is_agent.cgi @@ -0,0 +1,69 @@ +#! /usr/bin/perl -w +# +# --- BEGIN COPYRIGHT BLOCK --- +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; +# version 2.1 of the License. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301 USA +# +# Copyright (C) 2007 Red Hat, Inc. +# All rights reserved. +# --- END COPYRIGHT BLOCK --- +# + +use CGI; + +[REQUIRE_CFG_PL] + + +my $ldapHost = get_ldap_host(); +my $ldapPort = get_ldap_port(); +my $basedn = get_base_dn(); + +my $q = new CGI; + +sub authorize +{ + my $client_dn = $ENV{'SSL_CLIENT_S_DN'}; + $client_dn =~ tr/A-Z/a-z/; # all lower cases + $client_dn =~ s/\s+//g; # remove all spacing + + if (&is_agent($client_dn)) { + return 1; + } + return 0; +} + +sub DoIsAgent +{ + + print "Content-type: text/xml\n\n"; + + if (!&authorize()) { + return; + } + + my $uid = $q->param('uid'); + + if(&is_agent("uid=$uid")) + { + print "<response>yes</response>\n"; + } + else + { + print "<response>no</response>\n"; + } + +} + +&DoIsAgent(); diff --git a/base/tps/apache/cgi-bin/sow/is_user.cgi b/base/tps/apache/cgi-bin/sow/is_user.cgi new file mode 100755 index 000000000..d7a551421 --- /dev/null +++ b/base/tps/apache/cgi-bin/sow/is_user.cgi @@ -0,0 +1,71 @@ +#! /usr/bin/perl -w +# +# --- BEGIN COPYRIGHT BLOCK --- +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; +# version 2.1 of the License. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301 USA +# +# Copyright (C) 2007 Red Hat, Inc. +# All rights reserved. +# --- END COPYRIGHT BLOCK --- +# + +use CGI; + +use CGI::Carp qw(fatalsToBrowser); + +[REQUIRE_CFG_PL] + + +my $ldapHost = get_ldap_host(); +my $ldapPort = get_ldap_port(); +my $basedn = get_base_dn(); + +my $q = new CGI; + +sub authorize +{ + my $client_dn = $ENV{'SSL_CLIENT_S_DN'}; + $client_dn =~ tr/A-Z/a-z/; # all lower cases + $client_dn =~ s/\s+//g; # remove all spacing + + if (&is_agent($client_dn)) { + return 1; + } + return 0; +} + +sub DoIsUser +{ + + print "Content-type: text/xml\n\n"; + + if (!&authorize()) { + return; + } + + my $uid = $q->param('uid'); + + if(&is_user("uid=$uid")) + { + print "<response>yes</response>\n"; + } + else + { + print "<response>no</response>\n"; + } + +} + +&DoIsUser(); diff --git a/base/tps/apache/cgi-bin/sow/main.cgi b/base/tps/apache/cgi-bin/sow/main.cgi new file mode 100755 index 000000000..c6f65e42e --- /dev/null +++ b/base/tps/apache/cgi-bin/sow/main.cgi @@ -0,0 +1,70 @@ +#! /usr/bin/perl -w +# +# --- BEGIN COPYRIGHT BLOCK --- +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; +# version 2.1 of the License. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301 USA +# +# Copyright (C) 2007 Red Hat, Inc. +# All rights reserved. +# --- END COPYRIGHT BLOCK --- +# + +use CGI; + +[REQUIRE_CFG_PL] + + +my $ldapHost = get_ldap_host(); +my $ldapPort = get_ldap_port(); +my $basedn = get_base_dn(); + +my $q = new CGI; + +sub authorize +{ + my $client_dn = $ENV{'SSL_CLIENT_S_DN'}; + $client_dn =~ tr/A-Z/a-z/; # all lower cases + $client_dn =~ s/\s+//g; # remove all spacing + + if (&is_agent($client_dn)) { + return 1; + } + return 0; +} + +sub DoPage +{ + if (!&authorize()) { + print $q->redirect("/cgi-bin/sow/noaccess.cgi"); + return; + } + + my $error = $q->param('error'); + $error = "" if !defined $error; + + open(FILE, "< main.html"); + + print $q->header(); + + while ($l = <FILE>) + { + $l =~ s/\$error/$error/g; + print $l; + } + + close(FILE); +} + +&DoPage(); diff --git a/base/tps/apache/cgi-bin/sow/main.html b/base/tps/apache/cgi-bin/sow/main.html new file mode 100755 index 000000000..e7de688bc --- /dev/null +++ b/base/tps/apache/cgi-bin/sow/main.html @@ -0,0 +1,67 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2009 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<html> +<head> +<meta http-equiv="Content-Type" content="text/html; charset=utf-8"> +<link rel=stylesheet href="/esc/sow/style.css" type="text/css"> + +<title>Security Officer</title> +<link rel="stylesheet" href="/esc/sow/css/style.css" media="screen" type="text/css"> +</head> + +<body> + +<div id="header"> + <div id="logo"> + <h3>Security Officer Station</h3> + </div> +</div> + +<div id="content"> + <div id="maintext"> + <div id="topmenu"> + | <a href="/cgi-bin/sow/main.cgi">Main</a> | + </div> + <blockquote><p>User Token Functions</p></blockquote> +<ul style="font-size:1.2em;"> + <a href="search.cgi">Enroll New Card</a> - enroll a new user smart card<br /> + <a href="search_temp.cgi">Enroll Temporay Card</a> - enroll a temporary smart card<br /> + <a href="format.cgi">Format Card</a> - format a user card<br /> + <a href="seturl.cgi">Set Home URL</a> - set phone home URL to a user card<br /> +</ul> + <blockquote><p>Misc Functions</p></blockquote> +<ul style="font-size:1.2em;"> + <a href="formatso.cgi">Format SO Card</a> - format a SO card<br /> +</ul> + + <br/> +<font color="red">$error</font> + <br/> + <table width="100%"> + <tr> + <td align="right"> + </td> + </tr> + </table> +</form> + + </div> +</div> + +</body> +</html> diff --git a/base/tps/apache/cgi-bin/sow/noaccess.cgi b/base/tps/apache/cgi-bin/sow/noaccess.cgi new file mode 100755 index 000000000..17166bcb6 --- /dev/null +++ b/base/tps/apache/cgi-bin/sow/noaccess.cgi @@ -0,0 +1,56 @@ +#! /usr/bin/perl -w +# +# --- BEGIN COPYRIGHT BLOCK --- +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; +# version 2.1 of the License. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301 USA +# +# Copyright (C) 2007 Red Hat, Inc. +# All rights reserved. +# --- END COPYRIGHT BLOCK --- +# + +use CGI; + +[REQUIRE_CFG_PL] + + +my $host = get_host(); +my $secure_port = get_secure_port(); +my $port = get_port(); + +my $q = new CGI; + +sub DoPage +{ + + my $error = $q->param('error'); + + open(FILE, "< noaccess.html"); + + print $q->header(); + + while ($l = <FILE>) + { + $l =~ s/\$error/$error/g; + $l =~ s/\$host/$host/g; + $l =~ s/\$secure_port/$secure_port/g; + $l =~ s/\$port/$port/g; + print $l; + } + + close(FILE); +} + +&DoPage(); diff --git a/base/tps/apache/cgi-bin/sow/noaccess.html b/base/tps/apache/cgi-bin/sow/noaccess.html new file mode 100755 index 000000000..06e9fa2d8 --- /dev/null +++ b/base/tps/apache/cgi-bin/sow/noaccess.html @@ -0,0 +1,63 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2009 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<html> +<head> +<meta http-equiv="Content-Type" content="text/html; charset=utf-8"> +<link rel=stylesheet href="/esc/sow/style.css" type="text/css"> + +<title>Security Officer</title> +<link rel="stylesheet" href="/esc/sow/css/style.css" media="screen" type="text/css"> +</head> + +<body> + +<div id="header"> + <div id="logo"> + <h3>Security Officer Station</h3> + </div> +</div> + +<div id="content"> + <div id="maintext"> + <div id="topmenu"> + </div> + <blockquote><p>Sorry, you do not have permission to perform the requested operation.</p></blockquote> +<form method=post action="http://$host:$port/cgi-bin/sow/welcome.cgi"> + <table> + <tr> + </tr> + + </table> + + <br/> +<font color="red">$error</font> + <br/> + <table width="100%"> + <tr> + <td align="right"> + <input type="submit" id="search" name="search" value="Start Over"> + </td> + </tr> + </table> +</form> + + </div> +</div> + +</body> +</html> diff --git a/base/tps/apache/cgi-bin/sow/read.cgi b/base/tps/apache/cgi-bin/sow/read.cgi new file mode 100755 index 000000000..8a5793c2b --- /dev/null +++ b/base/tps/apache/cgi-bin/sow/read.cgi @@ -0,0 +1,128 @@ +#! /usr/bin/perl -w +# +# --- BEGIN COPYRIGHT BLOCK --- +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; +# version 2.1 of the License. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301 USA +# +# Copyright (C) 2007 Red Hat, Inc. +# All rights reserved. +# --- END COPYRIGHT BLOCK --- +# + +use CGI; +use Mozilla::LDAP::Conn; +use PKI::TPS::Common; + +[REQUIRE_CFG_PL] + +sub authorize +{ + my $client_dn = $ENV{'SSL_CLIENT_S_DN'}; + $client_dn =~ tr/A-Z/a-z/; # all lower cases + $client_dn =~ s/\s+//g; # remove all spacing + + if (&is_agent($client_dn)) { + return 1; + } + return 0; +} + +sub DoPage +{ + my $q = new CGI; + my $host = get_ldap_host(); + my $port = get_ldap_port(); + my $secureconn = get_ldap_secure(); + my $basedn = get_base_dn(); + my $certdir = get_ldap_certdir(); + + if (!&authorize()) { + print $q->redirect("/cgi-bin/sow/noaccess.cgi"); + return; + } + + my $name = $q->param('name'); + my $uid = $q->param('name_ID'); + $name = "" if !defined $name; + + if ($name eq "") { + print $q->redirect("/cgi-bin/sow/search.cgi?error=Name cannot be empty"); + return; + } + + my $conn = PKI::TPS::Common::make_connection( + {host => $host, port => $port, cert => $certdir}, + $secureconn); + + if (!$conn) { + print $q->redirect("/cgi-bin/sow/search.cgi?error=Failed to connect to the database."); + return; + }; + + my $entry = $conn->search ( $basedn, + "sub", + "cn=$name", + 0 + ); + + if (!$entry) { + $conn->close(); + print $q->redirect("/cgi-bin/sow/search.cgi?error=User $name not found"); + return; + } + + my $givenName = ($entry->getValues("givenName"))[0] || "-"; + my $cn = ($entry->getValues("cn"))[0] || "-"; + my $sn = ($entry->getValues("sn"))[0] ||"-"; + $uid = ($entry->getValues("uid"))[0] || "-"; + my $mail = ($entry->getValues("mail"))[0] || "-"; + my $phone = ($entry->getValues("telephoneNumber"))[0] || "-"; + my $photoLarge = ($entry->getValues("photoLarge"))[0] || ""; # photo (full size) + my $photoSmall = ($entry->getValues("photoSmall"))[0] || ""; # photo (thumb) + my $height = ($entry->getValues("height"))[0] || ""; + my $weight = ($entry->getValues("weight"))[0] || ""; + my $eyecolor = ($entry->getValues("eyeColor"))[0] || ""; + + $conn->close(); + + if ($uid eq "-") { + print $q->redirect("/cgi-bin/sow/search.cgi?error=User $name not found"); + return; + } + + open(FILE, "< read.html"); + + print $q->header(); + + while ($l = <FILE>) + { + $l =~ s/\$mail/$mail/g; + $l =~ s/\$uid/$uid/g; + $l =~ s/\$givenName/$givenName/g; + $l =~ s/\$sn/$sn/g; + $l =~ s/\$cn/$cn/g; + $l =~ s/\$phone/$phone/g; + $l =~ s/\$photoLarge/$photoLarge/g; + $l =~ s/\$photoSmall/$photoSmall/g; + $l =~ s/\$height/$height/g; + $l =~ s/\$weight/$weight/g; + $l =~ s/\$eyecolor/$eyecolor/g; + print $l; + } + + close(FILE); +} + +&DoPage(); diff --git a/base/tps/apache/cgi-bin/sow/read.html b/base/tps/apache/cgi-bin/sow/read.html new file mode 100755 index 000000000..1e660c84f --- /dev/null +++ b/base/tps/apache/cgi-bin/sow/read.html @@ -0,0 +1,78 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2009 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<html> +<head> +<meta http-equiv="Content-Type" content="text/html; charset=utf-8"> +<link rel=stylesheet href="/esc/sow/css/style.css" type="text/css"> + +<title>Security Officer</title> +<script type="text/javascript" src="/esc/sow/js/prototype.js"></script> +<script type="text/javascript" src="/esc/sow/js/scriptaculous.js?load=effects"></script> +<link rel="stylesheet" href="/esc/sow/css/style.css" media="screen" type="text/css"> +</head> + +<body> + +<div id="header"> + <div id="logo"> + <h3>Security Officer Station</h3> + </div> +</div> + +<div id="content"> + <div id="maintext"> + <div id="topmenu"> + | <a href="/cgi-bin/sow/main.cgi">Main</a> | + </div> + <blockquote><p>Please check user's identification and verify the user information. If the information is correct, please insert a new smart card and continue.</p></blockquote> + <table> + <tr> + <td> +<script type="text/javascript"> + if ('$departmentNumber' != '') { + document.writeln('<img alt="" border=0 src="$photoSmall">'); + } +</script> + </td> + <td> + <span class="heading">UID:</span> $uid<br/> + <span class="heading">Given Name:</span> $givenName<br/> + <span class="heading">Last Name:</span> $sn<br/> + <span class="heading">Email:</span>$mail<br/> + <span class="heading">Height:</span> $height<br/> + <span class="heading">Weight:</span> $weight<br/> + <span class="heading">Eye Color:</span> $eyecolor<br/> + </td> + </table> + <br/> + + <form method=post action="enroll.cgi"> + <input type=hidden name=uid value="$uid"> + <table width="100%"> + <tr> + <td align="right"> + <input type="submit" id="search" name="Enroll" value="Continue"> + </td> + </tr> + </table> + </form> + </div> +</div> + +</body> +</html> diff --git a/base/tps/apache/cgi-bin/sow/read_temp.cgi b/base/tps/apache/cgi-bin/sow/read_temp.cgi new file mode 100755 index 000000000..31c6fd7e3 --- /dev/null +++ b/base/tps/apache/cgi-bin/sow/read_temp.cgi @@ -0,0 +1,125 @@ +#! /usr/bin/perl -w +# +# --- BEGIN COPYRIGHT BLOCK --- +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; +# version 2.1 of the License. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301 USA +# +# Copyright (C) 2007 Red Hat, Inc. +# All rights reserved. +# --- END COPYRIGHT BLOCK --- +# + +use CGI; +use Mozilla::LDAP::Conn; +use PKI::TPS::Common; + +[REQUIRE_CFG_PL] + + +sub authorize +{ + my $client_dn = $ENV{'SSL_CLIENT_S_DN'}; + $client_dn =~ tr/A-Z/a-z/; # all lower cases + $client_dn =~ s/\s+//g; # remove all spacing + + if (&is_agent($client_dn)) { + return 1; + } + return 0; +} + +sub DoPage +{ + my $q = new CGI; + my $host = get_ldap_host(); + my $port = get_ldap_port(); + my $secureconn = get_ldap_secure(); + my $basedn = get_base_dn(); + my $certdir = get_ldap_certdir(); + + if (!&authorize()) { + print $q->redirect("/cgi-bin/sow/noaccess.cgi"); + return; + } + + my $name = $q->param('name'); + my $uid = $q->param('name_ID'); + $name = "" if !defined $name; + + if ($name eq "") { + print $q->redirect("/cgi-bin/sow/search.cgi?error=Name cannot be empty"); + return; + } + + my $conn = PKI::TPS::Common::make_connection( + {host => $host, port => $port, cert => $certdir}, + $secureconn); + + + my $entry = $conn->search ( $basedn, + "sub", + "cn=$name", + 0 + ); + + if (!$entry) { + $conn->close(); + print $q->redirect("/cgi-bin/sow/search.cgi?error=User $name not found"); + return; + } + + my $givenName = ($entry->getValues("givenName"))[0] || "-"; + my $cn = ($entry->getValues("cn"))[0] || "-"; + my $sn = ($entry->getValues("sn"))[0] ||"-"; + $uid = ($entry->getValues("uid"))[0] || "-"; + my $mail = ($entry->getValues("mail"))[0] || "-"; + my $phone = ($entry->getValues("telephoneNumber"))[0] || "-"; + my $photoLarge = ($entry->getValues("photoLarge"))[0] || ""; # photo (full size) + my $photoSmall = ($entry->getValues("photoSmall"))[0] || ""; # photo (thumb) + my $height = ($entry->getValues("height"))[0] || ""; + my $weight = ($entry->getValues("weight"))[0] || ""; + my $eyecolor = ($entry->getValues("eyeColor"))[0] || ""; + + $conn->close(); + + if ($uid eq "-") { + print $q->redirect("/cgi-bin/sow/search.cgi?error=User $name not found"); + return; + } + + open(FILE, "< read_temp.html"); + + print $q->header(); + + while ($l = <FILE>) + { + $l =~ s/\$mail/$mail/g; + $l =~ s/\$uid/$uid/g; + $l =~ s/\$givenName/$givenName/g; + $l =~ s/\$sn/$sn/g; + $l =~ s/\$cn/$cn/g; + $l =~ s/\$phone/$phone/g; + $l =~ s/\$photoLarge/$photoLarge/g; + $l =~ s/\$photoSmall/$photoSmall/g; + $l =~ s/\$height/$height/g; + $l =~ s/\$weight/$weight/g; + $l =~ s/\$eyecolor/$eyecolor/g; + print $l; + } + + close(FILE); +} + +&DoPage(); diff --git a/base/tps/apache/cgi-bin/sow/read_temp.html b/base/tps/apache/cgi-bin/sow/read_temp.html new file mode 100755 index 000000000..1e660c84f --- /dev/null +++ b/base/tps/apache/cgi-bin/sow/read_temp.html @@ -0,0 +1,78 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2009 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<html> +<head> +<meta http-equiv="Content-Type" content="text/html; charset=utf-8"> +<link rel=stylesheet href="/esc/sow/css/style.css" type="text/css"> + +<title>Security Officer</title> +<script type="text/javascript" src="/esc/sow/js/prototype.js"></script> +<script type="text/javascript" src="/esc/sow/js/scriptaculous.js?load=effects"></script> +<link rel="stylesheet" href="/esc/sow/css/style.css" media="screen" type="text/css"> +</head> + +<body> + +<div id="header"> + <div id="logo"> + <h3>Security Officer Station</h3> + </div> +</div> + +<div id="content"> + <div id="maintext"> + <div id="topmenu"> + | <a href="/cgi-bin/sow/main.cgi">Main</a> | + </div> + <blockquote><p>Please check user's identification and verify the user information. If the information is correct, please insert a new smart card and continue.</p></blockquote> + <table> + <tr> + <td> +<script type="text/javascript"> + if ('$departmentNumber' != '') { + document.writeln('<img alt="" border=0 src="$photoSmall">'); + } +</script> + </td> + <td> + <span class="heading">UID:</span> $uid<br/> + <span class="heading">Given Name:</span> $givenName<br/> + <span class="heading">Last Name:</span> $sn<br/> + <span class="heading">Email:</span>$mail<br/> + <span class="heading">Height:</span> $height<br/> + <span class="heading">Weight:</span> $weight<br/> + <span class="heading">Eye Color:</span> $eyecolor<br/> + </td> + </table> + <br/> + + <form method=post action="enroll.cgi"> + <input type=hidden name=uid value="$uid"> + <table width="100%"> + <tr> + <td align="right"> + <input type="submit" id="search" name="Enroll" value="Continue"> + </td> + </tr> + </table> + </form> + </div> +</div> + +</body> +</html> diff --git a/base/tps/apache/cgi-bin/sow/search.cgi b/base/tps/apache/cgi-bin/sow/search.cgi new file mode 100755 index 000000000..e681ed100 --- /dev/null +++ b/base/tps/apache/cgi-bin/sow/search.cgi @@ -0,0 +1,70 @@ +#! /usr/bin/perl -w +# +# --- BEGIN COPYRIGHT BLOCK --- +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; +# version 2.1 of the License. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301 USA +# +# Copyright (C) 2007 Red Hat, Inc. +# All rights reserved. +# --- END COPYRIGHT BLOCK --- +# + +use CGI; + +[REQUIRE_CFG_PL] + + +my $ldapHost = get_ldap_host(); +my $ldapPort = get_ldap_port(); +my $basedn = get_base_dn(); + +my $q = new CGI; + +sub authorize +{ + my $client_dn = $ENV{'SSL_CLIENT_S_DN'}; + $client_dn =~ tr/A-Z/a-z/; # all lower cases + $client_dn =~ s/\s+//g; # remove all spacing + + if (&is_agent($client_dn)) { + return 1; + } + return 0; +} + +sub DoPage +{ + if (!&authorize()) { + print $q->redirect("/cgi-bin/sow/noaccess.cgi"); + return; + } + + my $error = $q->param('error'); + $error = "" if !defined $error; + + open(FILE, "< search.html"); + + print $q->header(); + + while ($l = <FILE>) + { + $l =~ s/\$error/$error/g; + print $l; + } + + close(FILE); +} + +&DoPage(); diff --git a/base/tps/apache/cgi-bin/sow/search.html b/base/tps/apache/cgi-bin/sow/search.html new file mode 100755 index 000000000..789a4a015 --- /dev/null +++ b/base/tps/apache/cgi-bin/sow/search.html @@ -0,0 +1,71 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2009 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<html> +<head> +<meta http-equiv="Content-Type" content="text/html; charset=utf-8"> +<link rel=stylesheet href="/esc/sow/style.css" type="text/css"> + +<title>Security Officer</title> +<link rel="stylesheet" href="/esc/sow/css/style.css" media="screen" type="text/css"> +</head> + +<body> + +<div id="header"> + <div id="logo"> + <h3>Security Officer Station</h3> + </div> +</div> + +<div id="content"> + <div id="maintext"> + <div id="topmenu"> + | <a href="/cgi-bin/sow/main.cgi">Main</a> | + </div> + <blockquote><p>Please locate the user who is requesting a new smart card.</p></blockquote> +<form method=post action="read.cgi"> +<div style="font-size:0.8em;"> + <table> + <tr> + <td><h3>Name: </h3></td> + <td> </td> + <td><input type="text" id="name" name="name" value="" autocomplete="off"></td> + <input type="hidden" id="name_hidden" name="name_ID"><!-- THE ID OF the country will be inserted into this hidden input --></td> + <td> </td> + </tr> + + </table> +</div> + + <br/> +<font color="red">$error</font> + <br/> + <table width="100%"> + <tr> + <td align="right"> + <input type="submit" id="search" name="search" value="Continue"> + </td> + </tr> + </table> +</form> + + </div> +</div> + +</body> +</html> diff --git a/base/tps/apache/cgi-bin/sow/search_temp.cgi b/base/tps/apache/cgi-bin/sow/search_temp.cgi new file mode 100755 index 000000000..5d752a49d --- /dev/null +++ b/base/tps/apache/cgi-bin/sow/search_temp.cgi @@ -0,0 +1,70 @@ +#! /usr/bin/perl -w +# +# --- BEGIN COPYRIGHT BLOCK --- +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; +# version 2.1 of the License. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301 USA +# +# Copyright (C) 2007 Red Hat, Inc. +# All rights reserved. +# --- END COPYRIGHT BLOCK --- +# + +use CGI; + +[REQUIRE_CFG_PL] + + +my $ldapHost = get_ldap_host(); +my $ldapPort = get_ldap_port(); +my $basedn = get_base_dn(); + +my $q = new CGI; + +sub authorize +{ + my $client_dn = $ENV{'SSL_CLIENT_S_DN'}; + $client_dn =~ tr/A-Z/a-z/; # all lower cases + $client_dn =~ s/\s+//g; # remove all spacing + + if (&is_agent($client_dn)) { + return 1; + } + return 0; +} + +sub DoPage +{ + if (!&authorize()) { + print $q->redirect("/cgi-bin/sow/noaccess.cgi"); + return; + } + + my $error = $q->param('error'); + $error = "" if !defined $error; + + open(FILE, "< search_temp.html"); + + print $q->header(); + + while ($l = <FILE>) + { + $l =~ s/\$error/$error/g; + print $l; + } + + close(FILE); +} + +&DoPage(); diff --git a/base/tps/apache/cgi-bin/sow/search_temp.html b/base/tps/apache/cgi-bin/sow/search_temp.html new file mode 100755 index 000000000..507f223ef --- /dev/null +++ b/base/tps/apache/cgi-bin/sow/search_temp.html @@ -0,0 +1,71 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2009 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<html> +<head> +<meta http-equiv="Content-Type" content="text/html; charset=utf-8"> +<link rel=stylesheet href="/esc/sow/style.css" type="text/css"> + +<title>Security Officer</title> +<link rel="stylesheet" href="/esc/sow/css/style.css" media="screen" type="text/css"> +</head> + +<body> + +<div id="header"> + <div id="logo"> + <h3>Security Officer Station</h3> + </div> +</div> + +<div id="content"> + <div id="maintext"> + <div id="topmenu"> + | <a href="/cgi-bin/sow/main.cgi">Main</a> | + </div> + <blockquote><p>Please locate the user who is requesting a temporary smart card.</p></blockquote> +<form method=post action="read_temp.cgi"> +<div style="font-size:0.8em;"> + <table> + <tr> + <td><h3>Name: </h3></td> + <td> </td> + <td><input type="text" id="name" name="name" value="" autocomplete="off"></td> + <input type="hidden" id="name_hidden" name="name_ID"><!-- THE ID OF the country will be inserted into this hidden input --></td> + <td> </td> + </tr> + + </table> +</div> + + <br/> +<font color="red">$error</font> + <br/> + <table width="100%"> + <tr> + <td align="right"> + <input type="submit" id="search" name="search" value="Continue"> + </td> + </tr> + </table> +</form> + + </div> +</div> + +</body> +</html> diff --git a/base/tps/apache/cgi-bin/sow/seturl.cgi b/base/tps/apache/cgi-bin/sow/seturl.cgi new file mode 100755 index 000000000..dfac46d8f --- /dev/null +++ b/base/tps/apache/cgi-bin/sow/seturl.cgi @@ -0,0 +1,207 @@ +#! /usr/bin/perl -w +# +# --- BEGIN COPYRIGHT BLOCK --- +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; +# version 2.1 of the License. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301 USA +# +# Copyright (C) 2007 Red Hat, Inc. +# All rights reserved. +# --- END COPYRIGHT BLOCK --- +# +######################################################################## +# +# Script: esc.cgi +# Author: Kin Blas () +# Date: 12/19/2003 +# +# CGI.pm Docs: +# +# http://stein.cshl.org/WWW/software/CGI/ +# +######################################################################## + +[REQUIRE_CFG_PL] + +use CGI; + +my $ldapHost = get_ldap_host(); +my $ldapPort = get_ldap_port(); +my $basedn = get_base_dn(); +my $host = get_host(); +my $port = get_port(); +my $secure_port = get_secure_port(); + +$gQuery = new CGI; + +sub authorize +{ + my $client_dn = $ENV{'SSL_CLIENT_S_DN'}; + $client_dn =~ tr/A-Z/a-z/; # all lower cases + $client_dn =~ s/\s+//g; # remove all spacing + + if (&is_agent($client_dn)) { + return 1; + } + return 0; +} + +sub DoPage +{ + if (!&authorize()) { + print $gQuery->redirect("/cgi-bin/sow/noaccess.cgi"); + return; + } + + $gQueryAction = "default"; + $gQueryOverrideAction = "default"; + + @gCookieNames = ("ascScreenName", + "ascSubscriptionType", + "ascBindings"); + + $gQueryAction = $gQuery->param("action") if + (defined $gQuery->param("action")); + + $gQueryOverrideAction = $gQuery->param("override_action") + if (defined $gQuery->param("override_action")); + + if ($gQueryOverrideAction ne "default") + { + $gQueryAction = $gQueryOverrideAction; + } + +######################################################################## +# +# If no action was provided, we default to showing our +# admin page! +# +# http://www.foo.com/esc.cgi +# +######################################################################## + + if ($gQueryAction eq "default") + { + GeneratePage(); + exit 0; + } +} + +sub ExitError +{ + my($str) = @_; + print $gQuery->header(), $gQuery->start_html(), $str, $gQuery->end_html(); + exit 0; +} + +sub GetScreenName +{ + my $sn = ""; + + if (defined $gQuery->param("screenname")) + { + $sn = $gQuery->param("screenname"); + } else { + $sn = "default"; + } + + return $sn; +} + +sub GetKeyType +{ + my $keyType = 0; + + if (defined $gQuery->param("keytype")) + { + $keyType = $gQuery->param("keytype"); + } + + return $keyType; +} + +sub GetKeyID +{ + my $keyID = ""; + + if (defined $gQuery->param("keyid")) + { + $keyID = $gQuery->param("keyid"); + } + + return $keyID; +} + +sub GetKeyLabelArg +{ + my $keyLabel = ""; + + if (defined $gQuery->param("keylabel")) + { + $keyLabel = $gQuery->param("keylabel"); + } + + return $keyLabel; +} + +sub HaveScreenName +{ + return 1 if (GetScreenName() ne ""); + return 0; +} + +sub IsSubscriber +{ + my $subType = $gUserObj{'SUBSCRIPTION'}; + return 1 if ($subType eq "HouseKey" || $subType eq "NetKey"); + + return 0; +} + +sub GetNextAction +{ + my($nextActn) = "default"; + + if (defined $gQuery->param('nextaction')) + { + $nextActn = $gQuery->param('nextaction'); + } + elsif (defined $gQuery->param('action')) + { + $nextActn = $gQuery->param('action'); + } + + return $nextActn; +} + +sub GeneratePage +{ + my ($l); + + ExitError("Failed to load enrollment page!") if (!open(ENROLL_FILE, "< seturl.html")); + + print $gQuery->header(); + + while ($l = <ENROLL_FILE>) + { + $l =~ s/\$host/$host/g; + $l =~ s/\$port/$port/g; + $l =~ s/\$secure_port/$secure_port/g; + print $l; + } + + close(ENROLL_FILE); +} + +&DoPage(); diff --git a/base/tps/apache/cgi-bin/sow/seturl.html b/base/tps/apache/cgi-bin/sow/seturl.html new file mode 100755 index 000000000..966ab7a1b --- /dev/null +++ b/base/tps/apache/cgi-bin/sow/seturl.html @@ -0,0 +1,174 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2009 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<html> +<head> +<meta http-equiv="Content-Type" content="text/html; charset=utf-8"> +<link rel=stylesheet href="/esc/sow/style.css" type="text/css"> + +<title>Enrollment</title> +<script type="text/javascript" src="/esc/sow/js/prototype.js"></script> +<script type="text/javascript" src="/esc/sow/js/scriptaculous.js?load=effects"></script> +<script type="text/JavaScript" src="/esc/sow/util.js"></script> +<link rel="stylesheet" href="/esc/sow/css/style.css" media="screen" type="text/css"> +<script type="text/javascript"> +<!-- +function UserOnCOOLKeyStateError() +{ + toggleAjaxProgress('ajax-pb', 'off'); + toggleButton('enrollbtn', 'on'); + toggleButton('cancel', 'on'); +} + +function UserOnCOOLKeyFormatComplete() +{ + toggleAjaxProgress('ajax-pb', 'off'); + toggleButton('enrollbtn', 'on'); + toggleButton('cancel', 'on'); +} + +function updateKeyText(text) +{ + var f = document.getElementById('keytext'); + new Effect.Shake(f); + var text = document.createTextNode(text); + var len= f.childNodes.length; + for (i=0;i<len;i++){ + f.removeChild(f.childNodes[0]); + } + f.appendChild(text); +} + +function UserSelectRowByKeyID(keyType, keyID) +{ + DoCoolKeySetConfigValue("Operation-" + keyID, + "https://$host:$secure_port/nk_service"); + DoCoolKeySetConfigValue("TokenType-" + keyID, "userKey"); + SelectRowByKeyID(keyType, keyID); +} + +function UserOnDoneInitializeBindingTable() +{ + // display existing blank smart + var arr = GetAvailableCOOLKeys(); + if (!arr || arr.length < 1) + return; + var i; + for (i=0; i < arr.length; i++) + { + var keyType = arr[i][0]; + var keyID = arr[i][1]; + var keyStatus = GetStatusForKeyID(keyType, keyID); + if (keyStatus == "BLANK") { + updateKeyText('A ' + keyStatus + ' smartcard "' + keyID + '" is detected!'); + UserSelectRowByKeyID(keyType, keyID); + } else if (keyStatus == "UNINITIALIZED") { + updateKeyText('An ' + keyStatus + ' smartcard "' + keyID + '" is detected!'); + UserSelectRowByKeyID(keyType, keyID); + } + } +} + +function UserOnCOOLKeyStatusUpdate(data) +{ + var progress = document.getElementById("progress"); + + if(progress) + progress.innerHTML = data + "%"; +} + +function UserOnCOOLKeyInserted(keyType, keyID) +{ + var keyStatus = GetStatusForKeyID(keyType, keyID); + if (keyStatus == "ENROLLED" || keyStatus == "UNINITIALIZED") { + updateKeyText('An ' + keyStatus + ' smartcard "' + keyID + '" is detected!'); + } else { + updateKeyText('A ' + keyStatus + ' smartcard "' + keyID + '" is detected!'); + } + UserSelectRowByKeyID(keyType, keyID); +} + +function UserOnCOOLKeyRemoved(keyType, keyID) +{ + updateKeyText('Please insert a blank smartcard now!'); +} + +function toggleAjaxProgress(id, i) +{ + var e = document.getElementById(id); + if (i == 'off') { + e.style.display = 'none'; + } else { + e.style.display = 'block'; + } +} + +function toggleButton(id, i) +{ + var e = document.getElementById(id); + if (i == 'off') { + e.disabled = true; + } else { + e.disabled = false; + } +} +// --> +</script> +</head> + +<body onload="InitializeBindingTable();" onunload=cleanup()> + +<progressmeter id="progress-id" hidden="true" align = "center"/> + +<div id="pb" style="display:none;"> + <table id="BindingTable" width="200px" align="center"> + <tr id="HeaderRow"> + </tr> + </table> +</div> +<div id="header"> + <div id="logo"> + <h3>Security Officer Station</h3> + </div> +</div> + +<div id="content"> + <div id="maintext"> + <div id="topmenu"> + | <a href="/cgi-bin/sow/main.cgi">Main</a> | + </div> +<br/> +<blockquote>This will burn a phone home URL on the user token.</blockquote> +<h3><span id="keytext">Please insert new smartcard now!</span></h3> + <br/> + <table width="100%"> + <tr> +<td> +<div id="ajax-pb" style="display:none;"> + <img src="/pki/esc/sow/images/indicator.gif"> + <h2 id="progress" name="progress" value="0%" ></h2> +</div> +</td> + <td align="right"> + <input type="button" id="enrollbtn" name="enrollbtn" value="Format" onClick="toggleButton('enrollbtn','off');toggleButton('cancel', 'off');toggleAjaxProgress('ajax-pb','on');DoSetURLCOOLKey();"> + <input type="submit" id="cancel" name="cancel" value="Cancel" onClick="javascript:location.href='/cgi-bin/sow/search.cgi';"> + </td> + </tr> + </table> + </div> +</div> +</body></html> diff --git a/base/tps/apache/cgi-bin/sow/welcome.cgi b/base/tps/apache/cgi-bin/sow/welcome.cgi new file mode 100755 index 000000000..bc76dd3fa --- /dev/null +++ b/base/tps/apache/cgi-bin/sow/welcome.cgi @@ -0,0 +1,57 @@ +#! /usr/bin/perl -w +# +# --- BEGIN COPYRIGHT BLOCK --- +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; +# version 2.1 of the License. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301 USA +# +# Copyright (C) 2007 Red Hat, Inc. +# All rights reserved. +# --- END COPYRIGHT BLOCK --- +# + +use CGI; + +[REQUIRE_CFG_PL] + + +my $host = get_host(); +my $secure_port = get_secure_port(); +my $port = get_port(); + +my $q = new CGI; + +sub DoPage +{ + + my $error = $q->param('error'); + $error = "" if !defined $error; + + open(FILE, "< welcome.html"); + + print $q->header(); + + while ($l = <FILE>) + { + $l =~ s/\$error/$error/g; + $l =~ s/\$host/$host/g; + $l =~ s/\$secure_port/$secure_port/g; + $l =~ s/\$port/$port/g; + print $l; + } + + close(FILE); +} + +&DoPage(); diff --git a/base/tps/apache/cgi-bin/sow/welcome.html b/base/tps/apache/cgi-bin/sow/welcome.html new file mode 100755 index 000000000..718dce94b --- /dev/null +++ b/base/tps/apache/cgi-bin/sow/welcome.html @@ -0,0 +1,63 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2009 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<html> +<head> +<meta http-equiv="Content-Type" content="text/html; charset=utf-8"> +<link rel=stylesheet href="/esc/sow/style.css" type="text/css"> + +<title>Security Officer</title> +<link rel="stylesheet" href="/esc/sow/css/style.css" media="screen" type="text/css"> +</head> + +<body> + +<div id="header"> + <div id="logo"> + <h3>Security Officer Station</h3> + </div> +</div> + +<div id="content"> + <div id="maintext"> + <div id="topmenu"> + </div> + <blockquote><p>Welcome to the security officer interface, you will be asked to identify yourself with your token. Please click the continue button below.</p></blockquote> +<form method=post action="https://$host:$secure_port/cgi-bin/sow/main.cgi"> + <table> + <tr> + </tr> + + </table> + + <br/> +<font color="red">$error</font> + <br/> + <table width="100%"> + <tr> + <td align="right"> + <input type="submit" id="search" name="search" value="Continue"> + </td> + </tr> + </table> +</form> + + </div> +</div> + +</body> +</html> |