diff options
Diffstat (limited to 'base/tps/apache/cgi-bin/sow')
29 files changed, 3696 insertions, 0 deletions
diff --git a/base/tps/apache/cgi-bin/sow/ajax-list.cgi b/base/tps/apache/cgi-bin/sow/ajax-list.cgi new file mode 100755 index 000000000..0f4ac094f --- /dev/null +++ b/base/tps/apache/cgi-bin/sow/ajax-list.cgi @@ -0,0 +1,79 @@ +#! /usr/bin/perl -w +# +# --- BEGIN COPYRIGHT BLOCK --- +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; +# version 2.1 of the License. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301 USA +# +# Copyright (C) 2007 Red Hat, Inc. +# All rights reserved. +# --- END COPYRIGHT BLOCK --- +# + +use CGI; +use Mozilla::LDAP::Conn; +use PKI::TPS::Common; + +[REQUIRE_CFG_PL] + +sub main() +{ + + my $q = new CGI; + + my $host = get_ldap_host(); + my $port = get_ldap_port(); + my $secureconn = get_ldap_secure(); + my $basedn = get_base_dn(); + my $certdir = get_ldap_certdir(); + + my $letters = $q->param('letters'); + if ($letters eq "") { + # HACK: ajax.js posts parameters into POST URL + $letters = $ENV{'QUERY_STRING'}; + $letters =~ s/.*letters=//g; + $letters =~ s/\+/ /g; + } + + my $result = ""; + + print "Content-Type: text/html\n\n"; + + my $conn = PKI::TPS::Common::make_connection( + {host => $host, port => $port, cert => $certdir}, + $secureconn); + + return if (!$conn); + + my $entry = $conn->search ( { base =>$basedn, + scope => "sub", + filter => "cn=$letters*", + attrsonly => 0, + attrs => qw(cn uid), + sortattrs => qw(cn)} + ); + + while ($entry) { + my $cn = ($entry->getValues("cn"))[0] || ""; + my $uid = ($entry->getValues("uid"))[0] || ""; + $result .= $uid . "###" . $cn . "|"; + $entry $conn->nextEntry(); + } + + $conn->close(); + + print $result; +} + +&main(); diff --git a/base/tps/apache/cgi-bin/sow/cfg.pl b/base/tps/apache/cgi-bin/sow/cfg.pl new file mode 100755 index 000000000..64e612aaa --- /dev/null +++ b/base/tps/apache/cgi-bin/sow/cfg.pl @@ -0,0 +1,168 @@ +#! /usr/bin/perl +# +# --- BEGIN COPYRIGHT BLOCK --- +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; version 2 of the License. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# +# Copyright (C) 2007 Red Hat, Inc. +# All rights reserved. +# --- END COPYRIGHT BLOCK --- +# + +# +# Establish platform-dependent variables: +# +my $ldapsearch="/usr/bin/ldapsearch"; + +# +# Feel free to modify the following parameters: +# +my $ldapHost = "localhost"; +my $ldapPort = "389"; +my $basedn = "ou=People,dc=sfbay,dc=redhat,dc=com"; +my $port = "7888"; +my $secure_port = "7889"; +my $host = "localhost"; + +my $cfg = "/var/lib/pki-tps/conf/CS.cfg"; + +sub get_ldapsearch() +{ + return $ldapsearch; +} + +sub get_ldap_host() +{ + my $ldapport = `grep auth.instance.0.hostport $cfg | cut -c26-`; + chomp($ldapport); + my ($ldapHost, $p) = split(/:/, $ldapport); + return $ldapHost; +} + +sub get_ldap_port() +{ + my $ldapport = `grep auth.instance.0.hostport $cfg | cut -c26-`; + chomp($ldapport); + my ($p, $ldapPort) = split(/:/, $ldapport); + return $ldapPort; +} + +sub get_base_dn() +{ + my $basedn = `grep auth.instance.0.baseDN $cfg | cut -c24-`; + chomp($basedn); + return $basedn; +} + +sub get_port() +{ + my $port = `grep service.unsecurePort $cfg | cut -c22-`; + chomp($port); + return $port; +} + +sub get_secure_port() +{ + my $secure_port = `grep service.securePort $cfg | cut -c20-`; + chomp($secure_port); + return $secure_port; +} + +sub get_host() +{ + my $host = `grep service.machineName $cfg | cut -c21-`; + chomp($host); + return $host; +} + +sub is_agent() +{ + my ($dn) = @_; + + my $uid = $dn; + # need to map a subject dn into user DN + $uid =~ /uid=([^,]*)/; # retrieve the uid + $uid = $1; + + my $x_hostport = `grep -e "^tokendb.hostport" $cfg | cut -c18-`; + chomp($x_hostport); + my ($x_host, $x_port) = split(/:/, $x_hostport); + my $x_basedn = `grep -e "^tokendb.userBaseDN" $cfg | cut -c20-`; + chomp($x_basedn); + my $x_binddn = `grep -e "^tokendb.bindDN" $cfg | cut -c16-`; + chomp($x_binddn); + my $x_bindpwdpath = `grep -e "^tokendb.bindPassPath" $cfg | cut -c22-`; + chomp($x_bindpwdpath); + my $x_bindpwd = `grep -e "^tokendbBindPass" $x_bindpwdpath | cut -c17-`; + chomp($x_bindpwd); + + my $cmd = $ldapsearch . " " . + "-x" . + "-D \"" . $x_binddn . "\" " . + "-w \"" . $x_bindpwd . "\" " . + "-b \"" . "cn=TUS Officers,ou=Groups,".$x_basedn . "\" " . + "-h \"" . $x_host . "\" " . + "-p \"" . $x_port ."\" " . + "-LLL \"(uid=" . $uid . "*)\" | wc -l"; + + my $matched = `$cmd`; + + chomp($matched); + + if ($matched eq "0" || $matched eq "") { + return 0; + } else { + return 1; + } +} + +sub is_user() +{ + my ($dn) = @_; + + my $uid = $dn; + # need to map a subject dn into user DN + $uid =~ /uid=([^,]*)/; # retrieve the uid + $uid = $1; + + my $x_host = get_ldap_host(); + $x_port = get_ldap_port(); + my $x_basedn = get_base_dn(); + chomp($x_basedn); + my $x_binddn = `grep -e "^tokendb.bindDN" $cfg | cut -c16-`; + chomp($x_binddn); + my $x_bindpwdpath = `grep -e "^tokendb.bindPassPath" $cfg | cut -c22-`; + chomp($x_bindpwdpath); + my $x_bindpwd = `grep -e "^tokendbBindPass" $x_bindpwdpath | cut -c17-`; + chomp($x_bindpwd); + + my $cmd = $ldapsearch . " " . + "-x" . + "-D \"" . $x_binddn . "\" " . + "-w \"" . $x_bindpwd . "\" " . + "-b \"" . "ou=people,".$x_basedn . "\" " . + "-h \"" . $x_host . "\" " . + "-p \"" . $x_port ."\" " . + "-LLL \"(uid=" . $uid . "*)\" | wc -l"; + + + my $matched = `$cmd`; + + chomp($matched); + + if ($matched eq "0" || $matched eq "") { + return 0; + } else { + return 1; + } +} diff --git a/base/tps/apache/cgi-bin/sow/enroll.cgi b/base/tps/apache/cgi-bin/sow/enroll.cgi new file mode 100755 index 000000000..8a6431e52 --- /dev/null +++ b/base/tps/apache/cgi-bin/sow/enroll.cgi @@ -0,0 +1,246 @@ +#! /usr/bin/perl -w +# +# --- BEGIN COPYRIGHT BLOCK --- +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; +# version 2.1 of the License. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301 USA +# +# Copyright (C) 2007 Red Hat, Inc. +# All rights reserved. +# --- END COPYRIGHT BLOCK --- +# +######################################################################## +# +# Script: esc.cgi +# Author: Kin Blas () +# Date: 12/19/2003 +# +# CGI.pm Docs: +# +# http://stein.cshl.org/WWW/software/CGI/ +# +######################################################################## + +[REQUIRE_CFG_PL] + +use CGI; +use Mozilla::LDAP::Conn; +use PKI::TPS::Common; + +$gQuery = new CGI; + +sub authorize +{ + my $client_dn = $ENV{'SSL_CLIENT_S_DN'}; + $client_dn =~ tr/A-Z/a-z/; # all lower cases + $client_dn =~ s/\s+//g; # remove all spacing + + if (&is_agent($client_dn)) { + return 1; + } + return 0; +} + +sub DoPage +{ + if (!&authorize()) { + print $gQuery->redirect("/cgi-bin/sow/noaccess.cgi"); + return; + } + + $gQueryAction = "default"; + $gQueryOverrideAction = "default"; + + @gCookieNames = ("ascScreenName", + "ascSubscriptionType", + "ascBindings"); + + $gQueryAction = $gQuery->param("action") if + (defined $gQuery->param("action")); + + $gQueryOverrideAction = $gQuery->param("override_action") + if (defined $gQuery->param("override_action")); + + if ($gQueryOverrideAction ne "default") + { + $gQueryAction = $gQueryOverrideAction; + } + +######################################################################## +# +# If no action was provided, we default to showing our +# admin page! +# +# http://www.foo.com/esc.cgi +# +######################################################################## + + if ($gQueryAction eq "default") + { + GenerateEnrollmentPage(); + exit 0; + } +} + +sub ExitError +{ + my($str) = @_; + print $gQuery->header(), $gQuery->start_html(), $str, $gQuery->end_html(); + exit 0; +} + +sub GetScreenName +{ + my $sn = ""; + + if (defined $gQuery->param("screenname")) + { + $sn = $gQuery->param("screenname"); + } else { + $sn = "default"; + } + + return $sn; +} + +sub GetKeyType +{ + my $keyType = 0; + + if (defined $gQuery->param("keytype")) + { + $keyType = $gQuery->param("keytype"); + } + + return $keyType; +} + +sub GetKeyID +{ + my $keyID = ""; + + if (defined $gQuery->param("keyid")) + { + $keyID = $gQuery->param("keyid"); + } + + return $keyID; +} + +sub GetKeyLabelArg +{ + my $keyLabel = ""; + + if (defined $gQuery->param("keylabel")) + { + $keyLabel = $gQuery->param("keylabel"); + } + + return $keyLabel; +} + +sub HaveScreenName +{ + return 1 if (GetScreenName() ne ""); + return 0; +} + +sub IsSubscriber +{ + my $subType = $gUserObj{'SUBSCRIPTION'}; + return 1 if ($subType eq "HouseKey" || $subType eq "NetKey"); + + return 0; +} + +sub GetNextAction +{ + my($nextActn) = "default"; + + if (defined $gQuery->param('nextaction')) + { + $nextActn = $gQuery->param('nextaction'); + } + elsif (defined $gQuery->param('action')) + { + $nextActn = $gQuery->param('action'); + } + + return $nextActn; +} + +sub GenerateEnrollmentPage +{ + my ($l); + my $ldap_host = get_ldap_host(); + my $ldap_port = get_ldap_port(); + my $secureconn = get_ldap_secure(); + my $basedn = get_base_dn(); + my $port = get_port(); + my $host = get_host(); + my $secure_port = get_secure_port(); + my $certdir = get_ldap_certdir(); + + ExitError("Failed to load enrollment page!") if (!open(ENROLL_FILE, "< enroll.html")); + + print $gQuery->header(); + + my $uid = $gQuery->param("uid"); + + my $conn = PKI::TPS::Common::make_connection( + {host => $ldap_host, port => $ldap_port, cert => $certdir}, + $secureconn); + + ExitError("Failed to connect to the database. $msg") if (!$conn); + + my $entry = $conn->search ( $basedn, + "sub", + "uid=$uid", + 0 + ); + + if (!$entry) { + $conn->close(); + ExitError("User $uid not found"); + } + + my $givenName = ($entry->getValues("givenName"))[0] || "-"; + my $cn = ($entry->getValues("cn"))[0] || "-"; + my $sn = ($entry->getValues("sn"))[0] ||"-"; + $uid = ($entry->getValues("uid"))[0] || "-"; + my $mail = ($entry->getValues("mail"))[0] || "-"; + my $phone = ($entry->getValues("telephoneNumber"))[0] || "-"; + my $departmentNumber = ($entry->getValues("departmentNumber"))[0] || ""; + my $employeeNumber = ($entry->getValues("employeeNumber"))[0] || ""; + + while ($l = <ENROLL_FILE>) + { + $l =~ s/\$mail/$mail/g; + $l =~ s/\$uid/$uid/g; + $l =~ s/\$givenName/$givenName/g; + $l =~ s/\$sn/$sn/g; + $l =~ s/\$cn/$cn/g; + $l =~ s/\$phone/$phone/g; + $l =~ s/\$departmentNumber/$departmentNumber/g; + $l =~ s/\$employeeNumber/$employeeNumber/g; + $l =~ s/\$host/$host/g; + $l =~ s/\$port/$port/g; + $l =~ s/\$secure_port/$secure_port/g; + print $l; + } + + close(ENROLL_FILE); +} + +&DoPage(); diff --git a/base/tps/apache/cgi-bin/sow/enroll.html b/base/tps/apache/cgi-bin/sow/enroll.html new file mode 100755 index 000000000..7bc377ffe --- /dev/null +++ b/base/tps/apache/cgi-bin/sow/enroll.html @@ -0,0 +1,260 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2009 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<html> +<head> +<meta http-equiv="Content-Type" content="text/html; charset=utf-8"> +<link rel=stylesheet href="/esc/sow/style.css" type="text/css"> + +<title>Enrollment</title> +<script type="text/javascript" src="/esc/sow/js/prototype.js"></script> +<script type="text/javascript" src="/esc/sow/js/scriptaculous.js?load=effects"></script> +<script type="text/JavaScript" src="/esc/sow/util.js"></script> +<link rel="stylesheet" href="/esc/sow/css/style.css" media="screen" type="text/css"> +<script type="text/javascript"> +<!-- +function UserOnCOOLKeyStateError() +{ + toggleAjaxProgress('ajax-pb', 'off'); + toggleButton('enrollbtn', 'on'); + toggleButton('cancel', 'on'); +} + +function UserSelectRowByKeyID(keyType, keyID) +{ + DoCoolKeySetConfigValue("Operation-" + keyID, + "https://$host:$secure_port/nk_service"); + DoCoolKeySetConfigValue("TokenType-" + keyID, "userKey"); + SelectRowByKeyID(keyType, keyID); +} + +function updateKeyText(text) +{ + var f = document.getElementById('keytext'); + new Effect.Shake(f); + var text = document.createTextNode(text); + var len= f.childNodes.length; + for (i=0;i<len;i++){ + f.removeChild(f.childNodes[0]); + } + f.appendChild(text); +} + +var officerToken = null; + +function UserOnDoneInitializeBindingTable() +{ + document.body.onkeyup = onUserKeyUp; + var enrollbtn = document.getElementById('enrollbtn'); + enrollbtn.disabled = true; + var pintf = document.getElementById('pintf'); + pintf.focus(); + + // display existing blank smart + var arr = GetAvailableCOOLKeys(); + if (!arr || arr.length < 1) + return; + var i; + for (i=0; i < arr.length; i++) + { + var keyType = arr[i][0]; + var keyID = arr[i][1]; + var keyStatus = GetStatusForKeyID(keyType, keyID); + if (keyStatus == "BLANK") { + updateKeyText('A ' + keyStatus + ' smartcard "' + keyID + '" is detected!'); + UserSelectRowByKeyID(keyType, keyID); + } else if (keyStatus == "UNINITIALIZED") { + updateKeyText('An ' + keyStatus + ' smartcard "' + keyID + '" is detected!'); + UserSelectRowByKeyID(keyType, keyID); + } + if(keyStatus == "ENROLLED" ) { + var uid = GetCoolKeyIssuedTo(keyType,keyID); + if(uid) + { + isAgent = window.IsAgentOrUser(uid,"agent"); + } + if(isAgent == true) + { + officerToken = keyID; + } + } + + } +} + +function UserOnCOOLKeyInserted(keyType, keyID) +{ + var arr = GetAvailableCOOLKeys(); + var curKeyType = null; + var curKeyID = null; + var curKeyStatus = null; + var i = 0; + var enrollbtn = document.getElementById('enrollbtn'); + while(1) { + if (arr && arr.length <= 1 ) + { + toggleButton('enrollbtn','off'); + return; + } + if (arr && arr.length > 1 ) + { + toggleButton('enrollbtn','on'); + } + curKeyType = arr[i][0]; + curKeyID = arr[i][1]; + + var curKeyStatus = GetStatusForKeyID(curKeyType, curKeyID); + if(!(curKeyID == officerToken && curKeyStatus == "ENROLLED")) { + break; + } + i++; + } + + if (curKeyStatus == "ENROLLED" || curKeyStatus == "UNINITIALIZED") { + updateKeyText('An ' + curKeyStatus + ' smartcard "' + curKeyID + '" is detected!'); + } else { + updateKeyText('A ' + curKeyStatus + ' smartcard "' + curKeyID + '" is detected!'); + } + + var uid = null; + var isAgent = null; + UserSelectRowByKeyID(curKeyType, curKeyID); + + if(curKeyStatus == "ENROLLED") + { + uid = GetCoolKeyIssuedTo(curKeyType,curKeyID); + if(uid) + { + isAgent = window.IsAgentOrUser(uid,"agent"); + } + if(isAgent == true) + { + MyAlert("You can't Enroll a card that belongs to another Security Officer!"); + updateKeyText('A ' + curKeyStatus + ' smartcard "' + curKeyID + '" SECURITY OFFICER is detected!'); + toggleButton('enrollbtn','off'); + } + } +} + + +function UserOnCOOLKeyRemoved(keyType, keyID) +{ + updateKeyText('Please insert a blank smartcard now!'); +} + +function UserOnCOOLKeyStatusUpdate(data) +{ + var progress = document.getElementById("progress"); + if(progress) + progress.innerHTML = data + "%"; +} + +function toggleAjaxProgress(id, i) +{ + var e = document.getElementById(id); + if (i == 'off') { + e.style.display = 'none'; + } else { + e.style.display = 'block'; + } +} + +function toggleButton(id, i) +{ + var e = document.getElementById(id); + if (i == 'off') { + e.disabled = true; + } else { + e.disabled = false; + } +} + +function onUserKeyUp(e) +{ + var pintf = document.getElementById('pintf'); + var reenterpintf = document.getElementById('reenterpintf'); + var enrollbtn = document.getElementById('enrollbtn'); + if (e.keyCode == 13) { + if (e.target == pintf) { + reenterpintf.focus(); + } else { + pintf.focus(); + } + } + if (pintf.value != '' && pintf.value == reenterpintf.value) { + enrollbtn.disabled = false; + } else { + enrollbtn.disabled = true; + } + return e; +} + +// --> +</script> +</head> + +<body onload="InitializeBindingTable();" onunload=cleanup()> + +<progressmeter id="progress-id" hidden="true" align = "center"/> + +<div id="pb" style="display:none;"> + <table id="BindingTable" width="200px" align="center"> + <tr id="HeaderRow"> + </tr> + </table> +</div> +<div id="header"> + <div id="logo"> + <h3>Security Officer Station</h3> + </div> +</div> + +<div id="content"> + <div id="maintext"> + <div id="topmenu"> + | <a href="/cgi-bin/sow/main.cgi">Main</a> | + </div> + <blockquote><p>The security officer has identified the user as <strong>$cn</strong>. The User ID is <strong>$uid</strong>.</p> +</blockquote> +<h2><span id="keytext">Please insert new smartcard now!</span></h2> + <blockquote><p>The user must provide a password to protect the smart card.</p> </blockquote> + New Token Password:<br> + <input type="password" id="pintf" name="pintf" value=""><br/> + Re-Enter Token Password:<br> + <input type="password" id="reenterpintf" name="reenterpintf" value=""><br/> + <input type="hidden" id="snametf" value="$uid"> + User Password:<br> + <input type="password" id="snamepwd" value=""> + <table width="100%"> + <tr> +<td> +<div id="ajax-pb" style="display:none;"> + <img src="/pki/esc/sow/images/indicator.gif"> + <h2 id="progress" name="progress" value="0%" ></h2> + </table> + +</div> +</td> + <td align="right"> + <input type="button" id="enrollbtn" name="enrollbtn" value="Start Enrollment" onClick="toggleButton('enrollbtn','off');toggleButton('cancel', 'off');toggleAjaxProgress('ajax-pb','on');DoEnrollCOOLKey();"> + <input type="submit" id="cancel" name="cancel" value="Cancel" onClick="javascript:location.href='/cgi-bin/sow/search.cgi';"> + </td> + </tr> + </table> + </div> +</div> +</body></html> diff --git a/base/tps/apache/cgi-bin/sow/enroll_temp.cgi b/base/tps/apache/cgi-bin/sow/enroll_temp.cgi new file mode 100755 index 000000000..5817039a2 --- /dev/null +++ b/base/tps/apache/cgi-bin/sow/enroll_temp.cgi @@ -0,0 +1,246 @@ +#! /usr/bin/perl -w +# +# --- BEGIN COPYRIGHT BLOCK --- +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; +# version 2.1 of the License. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301 USA +# +# Copyright (C) 2007 Red Hat, Inc. +# All rights reserved. +# --- END COPYRIGHT BLOCK --- +# +######################################################################## +# +# Script: esc.cgi +# Author: Kin Blas () +# Date: 12/19/2003 +# +# CGI.pm Docs: +# +# http://stein.cshl.org/WWW/software/CGI/ +# +######################################################################## + +[REQUIRE_CFG_PL] + +use CGI; +use Mozilla::LDAP::Conn; +use PKI::TPS::Common; + +$gQuery = new CGI; + +sub authorize +{ + my $client_dn = $ENV{'SSL_CLIENT_S_DN'}; + $client_dn =~ tr/A-Z/a-z/; # all lower cases + $client_dn =~ s/\s+//g; # remove all spacing + + if (&is_agent($client_dn)) { + return 1; + } + return 0; +} + +sub DoPage +{ + if (!&authorize()) { + print $gQuery->redirect("/cgi-bin/sow/noaccess.cgi"); + return; + } + + $gQueryAction = "default"; + $gQueryOverrideAction = "default"; + + @gCookieNames = ("ascScreenName", + "ascSubscriptionType", + "ascBindings"); + + $gQueryAction = $gQuery->param("action") if + (defined $gQuery->param("action")); + + $gQueryOverrideAction = $gQuery->param("override_action") + if (defined $gQuery->param("override_action")); + + if ($gQueryOverrideAction ne "default") + { + $gQueryAction = $gQueryOverrideAction; + } + +######################################################################## +# +# If no action was provided, we default to showing our +# admin page! +# +# http://www.foo.com/esc.cgi +# +######################################################################## + + if ($gQueryAction eq "default") + { + GenerateEnrollmentPage(); + exit 0; + } +} + +sub ExitError +{ + my($str) = @_; + print $gQuery->header(), $gQuery->start_html(), $str, $gQuery->end_html(); + exit 0; +} + +sub GetScreenName +{ + my $sn = ""; + + if (defined $gQuery->param("screenname")) + { + $sn = $gQuery->param("screenname"); + } else { + $sn = "default"; + } + + return $sn; +} + +sub GetKeyType +{ + my $keyType = 0; + + if (defined $gQuery->param("keytype")) + { + $keyType = $gQuery->param("keytype"); + } + + return $keyType; +} + +sub GetKeyID +{ + my $keyID = ""; + + if (defined $gQuery->param("keyid")) + { + $keyID = $gQuery->param("keyid"); + } + + return $keyID; +} + +sub GetKeyLabelArg +{ + my $keyLabel = ""; + + if (defined $gQuery->param("keylabel")) + { + $keyLabel = $gQuery->param("keylabel"); + } + + return $keyLabel; +} + +sub HaveScreenName +{ + return 1 if (GetScreenName() ne ""); + return 0; +} + +sub IsSubscriber +{ + my $subType = $gUserObj{'SUBSCRIPTION'}; + return 1 if ($subType eq "HouseKey" || $subType eq "NetKey"); + + return 0; +} + +sub GetNextAction +{ + my($nextActn) = "default"; + + if (defined $gQuery->param('nextaction')) + { + $nextActn = $gQuery->param('nextaction'); + } + elsif (defined $gQuery->param('action')) + { + $nextActn = $gQuery->param('action'); + } + + return $nextActn; +} + +sub GenerateEnrollmentPage +{ + my ($l); + my $ldap_host = get_ldap_host(); + my $ldap_port = get_ldap_port(); + my $secureconn = get_ldap_secure(); + my $basedn = get_base_dn(); + my $port = get_port(); + my $host = get_host(); + my $secure_port = get_secure_port(); + my $certdir = get_ldap_certdir(); + + ExitError("Failed to load enrollment page!") if (!open(ENROLL_FILE, "< enroll_temp.html")); + + print $gQuery->header(); + + my $uid = $gQuery->param("uid"); + + my $conn = PKI::TPS::Common::make_connection( + {host => $ldap_host, port => $ldap_port, cert => $certdir}, + $secureconn); + + ExitError("Failed to connect to the database. $msg") if (!$conn); + + my $entry = $conn->search ( $basedn, + "sub", + "uid=$uid", + 0 + ); + + if (!$entry) { + $conn->close(); + ExitError("User $uid not found"); + } + + my $givenName = ($entry->getValues("givenName"))[0] || "-"; + my $cn = ($entry->getValues("cn"))[0] || "-"; + my $sn = ($entry->getValues("sn"))[0] ||"-"; + $uid = ($entry->getValues("uid"))[0] || "-"; + my $mail = ($entry->getValues("mail"))[0] || "-"; + my $phone = ($entry->getValues("telephoneNumber"))[0] || "-"; + my $departmentNumber = ($entry->getValues("departmentNumber"))[0] || ""; + my $employeeNumber = ($entry->getValues("employeeNumber"))[0] || ""; + + while ($l = <ENROLL_FILE>) + { + $l =~ s/\$mail/$mail/g; + $l =~ s/\$uid/$uid/g; + $l =~ s/\$givenName/$givenName/g; + $l =~ s/\$sn/$sn/g; + $l =~ s/\$cn/$cn/g; + $l =~ s/\$phone/$phone/g; + $l =~ s/\$departmentNumber/$departmentNumber/g; + $l =~ s/\$employeeNumber/$employeeNumber/g; + $l =~ s/\$host/$host/g; + $l =~ s/\$port/$port/g; + $l =~ s/\$secure_port/$secure_port/g; + print $l; + } + + close(ENROLL_FILE); +} + +&DoPage(); diff --git a/base/tps/apache/cgi-bin/sow/enroll_temp.html b/base/tps/apache/cgi-bin/sow/enroll_temp.html new file mode 100755 index 000000000..3f2b31ce6 --- /dev/null +++ b/base/tps/apache/cgi-bin/sow/enroll_temp.html @@ -0,0 +1,231 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2009 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<html> +<head> +<meta http-equiv="Content-Type" content="text/html; charset=utf-8"> +<link rel=stylesheet href="/esc/sow/style.css" type="text/css"> + +<title>Enrollment</title> +<script type="text/javascript" src="/esc/sow/js/prototype.js"></script> +<script type="text/javascript" src="/esc/sow/js/scriptaculous.js?load=effects"></script> +<script type="text/JavaScript" src="/esc/sow/util.js"></script> +<link rel="stylesheet" href="/esc/sow/style.css" media="screen" type="text/css"> +<script type="text/javascript"> +<!-- +function UserOnCOOLKeyStateError() +{ + toggleAjaxProgress('ajax-pb', 'off'); + toggleButton('enrollbtn', 'on'); + toggleButton('cancel', 'on'); +} + +function UserSelectRowByKeyID(keyType, keyID) +{ + DoCoolKeySetConfigValue("Operation-" + keyID, + "https://$host:$secure_port/nk_service"); + DoCoolKeySetConfigValue("TokenType-" + keyID, "userKey"); + SelectRowByKeyID(keyType, keyID); +} + +function updateKeyText(text) +{ + var f = document.getElementById('keytext'); + new Effect.Shake(f); + var text = document.createTextNode(text); + var len= f.childNodes.length; + for (i=0;i<len;i++){ + f.removeChild(f.childNodes[0]); + } + f.appendChild(text); +} + +var officerToken = null; +function UserOnDoneInitializeBindingTable() +{ + // display existing blank smart + var arr = GetAvailableCOOLKeys(); + if (!arr || arr.length < 1) + return; + var i; + for (i=0; i < arr.length; i++) + { + var keyType = arr[i][0]; + var keyID = arr[i][1]; + var keyStatus = GetStatusForKeyID(keyType, keyID); + if (keyStatus == "BLANK") { + updateKeyText('A ' + keyStatus + ' smartcard "' + keyID + '" is detected!'); + UserSelectRowByKeyID(keyType, keyID); + } else if (keyStatus == "UNINITIALIZED") { + updateKeyText('An ' + keyStatus + ' smartcard "' + keyID + '" is detected!'); + UserSelectRowByKeyID(keyType, keyID); + } + + if(keyStatus == "ENROLLED" ) { + var uid = GetCoolKeyIssuedTo(keyType,keyID); + if(uid) + { + isAgent = window.IsAgentOrUser(uid,"agent"); + } + if(isAgent == true) + { + officerToken = keyID; + } + } + + } +} + +function UserOnCOOLKeyInserted(keyType, keyID) +{ + var arr = GetAvailableCOOLKeys(); + var curKeyType = null; + var curKeyID = null; + var curKeyStatus = null; + var i = 0; + var enrollbtn = document.getElementById('enrollbtn'); + while(1) { + if (arr && arr.length <= 1 ) + { + toggleButton('enrollbtn','off'); + return; + } + if (arr && arr.length > 1 ) + { + toggleButton('enrollbtn','on'); + } + curKeyType = arr[i][0]; + curKeyID = arr[i][1]; + + var curKeyStatus = GetStatusForKeyID(curKeyType, curKeyID); + if(!(curKeyID == officerToken && curKeyStatus == "ENROLLED")) { + break; + } + i++; + } + + if (curKeyStatus == "ENROLLED" || curKeyStatus == "UNINITIALIZED") { + updateKeyText('An ' + curKeyStatus + ' smartcard "' + curKeyID + '" is detected!'); + } else { + updateKeyText('A ' + curKeyStatus + ' smartcard "' + curKeyID + '" is detected!'); + } + + var uid = null; + var isAgent = null; + UserSelectRowByKeyID(curKeyType, curKeyID); + + if(curKeyStatus == "ENROLLED") + { + uid = GetCoolKeyIssuedTo(curKeyType,curKeyID); + if(uid) + { + isAgent = window.IsAgentOrUser(uid,"agent"); + } + if(isAgent == true) + { + MyAlert("You can't Enroll a temporary card that belongs to another Security Officer!"); + updateKeyText('A ' + curKeyStatus + ' smartcard "' + curKeyID + '" SECURITY OFFICER is detected!'); + toggleButton('enrollbtn','off'); + } + } +} + +function UserOnCOOLKeyRemoved(keyType, keyID) +{ + updateKeyText('Please insert a blank smartcard now!'); +} + +function UserOnCOOLKeyStatusUpdate(data) +{ + var progress = document.getElementById("progress"); + if(progress) + progress.innerHTML = data + "%"; +} + + +function toggleAjaxProgress(id, i) +{ + var e = document.getElementById(id); + if (i == 'off') { + e.style.display = 'none'; + } else { + e.style.display = 'block'; + } +} + +function toggleButton(id, i) +{ + var e = document.getElementById(id); + if (i == 'off') { + e.disabled = true; + } else { + e.disabled = false; + } +} +// --> +</script> +</head> + +<body onload="InitializeBindingTable();" onunload=cleanup()> + +<progressmeter id="progress-id" hidden="true" align = "center"/> + +<div id="pb" style="display:none;"> + <table id="BindingTable" width="200px" align="center"> + <tr id="HeaderRow"> + </tr> + </table> +</div> +<div id="header"> + <div id="logo"> + <h3>Security Officer Station</h3> + </div> +</div> + +<div id="content"> + <div id="maintext"> + <div id="topmenu"> + | <a href="/cgi-bin/sow/main.cgi">Main</a> | + </div> + <blockquote><p>The security officer has identified the user as <strong>$cn</strong>. The User ID is <strong>$uid</strong>.</p> +</blockquote> +<h3><span id="keytext">Please insert new smartcard now!</span></h3> + <blockquote><p>The user must provide a password to protect the smart card.</p> </blockquote> + <h3>New Token Password:</h3> + <input type="password" id="pintf" name="pintf" value=""><br/> + <h3>Re-Enter Token Password:</h3> + <input type="password" id="reenterpintf" name="reenterpintf" value=""><br/> + <input type="hidden" id="snametf" value="$uid"> + <h3>User Password:</h3> + <input type="password" id="snamepwd" value=""><br/> + <table width="100%"> + <tr> +<td> +<div id="ajax-pb" style="display:none;"> + <img src="/pki/esc/sow/images/indicator.gif"> + <h2 id="progress" name="progress" value="0%" ></h2> +</div> +</td> + <td align="right"> + <input type="button" id="enrollbtn" name="enrollbtn" value="Start Enrollment" onClick="toggleButton('enrollbtn','off');toggleButton('cancel', 'off');toggleAjaxProgress('ajax-pb','on');DoEnrollTempCOOLKey();"> + <input type="submit" id="cancel" name="cancel" value="Cancel" onClick="javascript:location.href='/cgi-bin/sow/search.cgi';"> + </td> + </tr> + </table> + </div> +</div> +</body></html> diff --git a/base/tps/apache/cgi-bin/sow/format.cgi b/base/tps/apache/cgi-bin/sow/format.cgi new file mode 100755 index 000000000..9b310991d --- /dev/null +++ b/base/tps/apache/cgi-bin/sow/format.cgi @@ -0,0 +1,207 @@ +#! /usr/bin/perl -w +# +# --- BEGIN COPYRIGHT BLOCK --- +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; +# version 2.1 of the License. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301 USA +# +# Copyright (C) 2007 Red Hat, Inc. +# All rights reserved. +# --- END COPYRIGHT BLOCK --- +# +######################################################################## +# +# Script: esc.cgi +# Author: Kin Blas () +# Date: 12/19/2003 +# +# CGI.pm Docs: +# +# http://stein.cshl.org/WWW/software/CGI/ +# +######################################################################## + +[REQUIRE_CFG_PL] + +use CGI; + +my $ldapHost = get_ldap_host(); +my $ldapPort = get_ldap_port(); +my $basedn = get_base_dn(); +my $host = get_host(); +my $port = get_port(); +my $secure_port = get_secure_port(); + +$gQuery = new CGI; + +sub authorize +{ + my $client_dn = $ENV{'SSL_CLIENT_S_DN'}; + $client_dn =~ tr/A-Z/a-z/; # all lower cases + $client_dn =~ s/\s+//g; # remove all spacing + + if (&is_agent($client_dn)) { + return 1; + } + return 0; +} + +sub DoPage +{ + if (!&authorize()) { + print $gQuery->redirect("/cgi-bin/sow/noaccess.cgi"); + return; + } + + $gQueryAction = "default"; + $gQueryOverrideAction = "default"; + + @gCookieNames = ("ascScreenName", + "ascSubscriptionType", + "ascBindings"); + + $gQueryAction = $gQuery->param("action") if + (defined $gQuery->param("action")); + + $gQueryOverrideAction = $gQuery->param("override_action") + if (defined $gQuery->param("override_action")); + + if ($gQueryOverrideAction ne "default") + { + $gQueryAction = $gQueryOverrideAction; + } + +######################################################################## +# +# If no action was provided, we default to showing our +# admin page! +# +# http://www.foo.com/esc.cgi +# +######################################################################## + + if ($gQueryAction eq "default") + { + GeneratePage(); + exit 0; + } +} + +sub ExitError +{ + my($str) = @_; + print $gQuery->header(), $gQuery->start_html(), $str, $gQuery->end_html(); + exit 0; +} + +sub GetScreenName +{ + my $sn = ""; + + if (defined $gQuery->param("screenname")) + { + $sn = $gQuery->param("screenname"); + } else { + $sn = "default"; + } + + return $sn; +} + +sub GetKeyType +{ + my $keyType = 0; + + if (defined $gQuery->param("keytype")) + { + $keyType = $gQuery->param("keytype"); + } + + return $keyType; +} + +sub GetKeyID +{ + my $keyID = ""; + + if (defined $gQuery->param("keyid")) + { + $keyID = $gQuery->param("keyid"); + } + + return $keyID; +} + +sub GetKeyLabelArg +{ + my $keyLabel = ""; + + if (defined $gQuery->param("keylabel")) + { + $keyLabel = $gQuery->param("keylabel"); + } + + return $keyLabel; +} + +sub HaveScreenName +{ + return 1 if (GetScreenName() ne ""); + return 0; +} + +sub IsSubscriber +{ + my $subType = $gUserObj{'SUBSCRIPTION'}; + return 1 if ($subType eq "HouseKey" || $subType eq "NetKey"); + + return 0; +} + +sub GetNextAction +{ + my($nextActn) = "default"; + + if (defined $gQuery->param('nextaction')) + { + $nextActn = $gQuery->param('nextaction'); + } + elsif (defined $gQuery->param('action')) + { + $nextActn = $gQuery->param('action'); + } + + return $nextActn; +} + +sub GeneratePage +{ + my ($l); + + ExitError("Failed to load enrollment page!") if (!open(ENROLL_FILE, "< format.html")); + + print $gQuery->header(); + + while ($l = <ENROLL_FILE>) + { + $l =~ s/\$host/$host/g; + $l =~ s/\$port/$port/g; + $l =~ s/\$secure_port/$secure_port/g; + print $l; + } + + close(ENROLL_FILE); +} + +&DoPage(); diff --git a/base/tps/apache/cgi-bin/sow/format.html b/base/tps/apache/cgi-bin/sow/format.html new file mode 100755 index 000000000..3af35589b --- /dev/null +++ b/base/tps/apache/cgi-bin/sow/format.html @@ -0,0 +1,236 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2009 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<html> +<head> +<meta http-equiv="Content-Type" content="text/html; charset=utf-8"> +<link rel=stylesheet href="/esc/sow/style.css" type="text/css"> + +<title>Enrollment</title> +<script type="text/javascript" src="/esc/sow/js/prototype.js"></script> +<script type="text/javascript" src="/esc/sow/js/scriptaculous.js?load=effects"></script> +<script type="text/JavaScript" src="/esc/sow/util.js"></script> +<link rel="stylesheet" href="/esc/sow/css/style.css" media="screen" type="text/css"> +<script type="text/javascript"> +<!-- + +function UserOnCOOLKeyStateError() +{ + toggleAjaxProgress('ajax-pb', 'off'); + toggleButton('enrollbtn', 'on'); + toggleButton('cancel', 'on'); +} + +function UserOnCOOLKeyFormatComplete() +{ + toggleAjaxProgress('ajax-pb', 'off'); + toggleButton('enrollbtn', 'on'); + toggleButton('cancel', 'on'); +} + +function updateKeyText(text) +{ + var f = document.getElementById('keytext'); + new Effect.Shake(f); + var text = document.createTextNode(text); + var len= f.childNodes.length; + for (i=0;i<len;i++){ + f.removeChild(f.childNodes[0]); + } + f.appendChild(text); +} + +function UserSelectRowByKeyID(keyType, keyID) +{ + DoCoolKeySetConfigValue("Operation-" + keyID, + "https://$host:$secure_port/nk_service"); + DoCoolKeySetConfigValue("TokenType-" + keyID, "userKey"); + SelectRowByKeyID(keyType, keyID); +} + +var officerToken = null; + +function UserOnDoneInitializeBindingTable() +{ + // display existing blank smart + var arr = GetAvailableCOOLKeys(); + if (!arr || arr.length < 1) + return; + var i; + for (i=0; i < arr.length; i++) + { + var keyType = arr[i][0]; + var keyID = arr[i][1]; + var keyStatus = GetStatusForKeyID(keyType, keyID); + if (keyStatus == "BLANK") { + updateKeyText('A ' + keyStatus + ' smartcard "' + keyID + '" is detected!'); + UserSelectRowByKeyID(keyType, keyID); + } else if (keyStatus == "UNINITIALIZED") { + updateKeyText('An ' + keyStatus + ' smartcard "' + keyID + '" is detected!'); + UserSelectRowByKeyID(keyType, keyID); + } + + if(keyStatus == "ENROLLED" ) { + var uid = GetCoolKeyIssuedTo(keyType,keyID); + if(uid) + { + isAgent = window.IsAgentOrUser(uid,"agent"); + } + if(isAgent == true) + { + officerToken = keyID; + } + } + } + + if (arr && arr.length <= 1 ) + { + toggleButton('enrollbtn','off'); + } +} + +function UserOnCOOLKeyInserted(keyType, keyID) +{ + var arr = GetAvailableCOOLKeys(); + var curKeyType = null; + var curKeyID = null; + var curKeyStatus = null; + var i = 0; + while(1) { + if (arr && arr.length <= 1 ) + { + toggleButton('enrollbtn','off'); + return; + } + if (arr && arr.length > 1 ) + { + toggleButton('enrollbtn','on'); + } + curKeyType = arr[i][0]; + curKeyID = arr[i][1]; + + var curKeyStatus = GetStatusForKeyID(curKeyType, curKeyID); + if(!(curKeyID == officerToken && curKeyStatus == "ENROLLED")) { + break; + } + i++; + } + + if (curKeyStatus == "ENROLLED" || curKeyStatus == "UNINITIALIZED") { + updateKeyText('An ' + curKeyStatus + ' smartcard "' + curKeyID + '" is detected!'); + } else { + updateKeyText('A ' + curKeyStatus + ' smartcard "' + curKeyID + '" is detected!'); + } + + var uid = null; + var isAgent = null; + UserSelectRowByKeyID(curKeyType, curKeyID); + + if(curKeyStatus == "ENROLLED") + { + uid = GetCoolKeyIssuedTo(curKeyType,curKeyID); + if(uid) + { + isAgent = window.IsAgentOrUser(uid,"agent"); + } + if(isAgent == true) + { + MyAlert("You can't Format a card that belongs to another Security Officer!"); + updateKeyText('A ' + curKeyStatus + ' smartcard "' + curKeyID + '" SECURITY OFFICER is detected!'); + toggleButton('enrollbtn','off'); + } + } +} + +function UserOnCOOLKeyRemoved(keyType, keyID) +{ + updateKeyText('Please insert a blank smartcard now!'); +} + +function UserOnCOOLKeyStatusUpdate(data) +{ + var progress = document.getElementById("progress"); + + if(progress) + progress.innerHTML = data + "%"; +} + +function toggleAjaxProgress(id, i) +{ + var e = document.getElementById(id); + if (i == 'off') { + e.style.display = 'none'; + } else { + e.style.display = 'block'; + } +} + +function toggleButton(id, i) +{ + var e = document.getElementById(id); + if (i == 'off') { + e.disabled = true; + } else { + e.disabled = false; + } +} +// --> +</script> +</head> + +<body onload="InitializeBindingTable();" onunload="cleanup();"> + +<progressmeter id="progress-id" hidden="true" align = "center"/> + +<div id="pb" style="display:none;"> + <table id="BindingTable" width="200px" align="center"> + <tr id="HeaderRow"> + </tr> + </table> +</div> +<div id="header"> + <div id="logo"> + <h3>Security Officer Station</h3> + </div> +</div> + +<div id="content"> + <div id="maintext"> + <div id="topmenu"> + | <a href="/cgi-bin/sow/main.cgi">Main</a> | + </div> +<br/> +<blockquote>This will erase the phone home URL and format the user token.</blockquote> +<h3><span id="keytext">Please insert new smartcard now!</span></h3> + <br/> + <table width="100%"> + <tr> +<td> +<div id="ajax-pb" style="display:none;"> + <img src="/pki/esc/sow/images/indicator.gif"> + <h2 id="progress" name="progress" value="0%" ></h2> +</div> +</td> + <td align="right"> + <input type="button" id="enrollbtn" name="enrollbtn" value="Format" onClick="toggleButton('enrollbtn','off');toggleButton('cancel', 'off');toggleAjaxProgress('ajax-pb','on');DoFormatCOOLKey();"> + <input type="submit" id="cancel" name="cancel" value="Cancel" onClick="javascript:location.href='/cgi-bin/sow/search.cgi';"> + </td> + </tr> + </table> + </div> +</div> +</body></html> diff --git a/base/tps/apache/cgi-bin/sow/formatso.cgi b/base/tps/apache/cgi-bin/sow/formatso.cgi new file mode 100755 index 000000000..d53129139 --- /dev/null +++ b/base/tps/apache/cgi-bin/sow/formatso.cgi @@ -0,0 +1,207 @@ +#! /usr/bin/perl -w +# +# --- BEGIN COPYRIGHT BLOCK --- +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; +# version 2.1 of the License. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301 USA +# +# Copyright (C) 2007 Red Hat, Inc. +# All rights reserved. +# --- END COPYRIGHT BLOCK --- +# +######################################################################## +# +# Script: esc.cgi +# Author: Kin Blas () +# Date: 12/19/2003 +# +# CGI.pm Docs: +# +# http://stein.cshl.org/WWW/software/CGI/ +# +######################################################################## + +[REQUIRE_CFG_PL] + +use CGI; + +my $ldapHost = get_ldap_host(); +my $ldapPort = get_ldap_port(); +my $basedn = get_base_dn(); +my $host = get_host(); +my $port = get_port(); +my $secure_port = get_secure_port(); + +$gQuery = new CGI; + +sub authorize +{ + my $client_dn = $ENV{'SSL_CLIENT_S_DN'}; + $client_dn =~ tr/A-Z/a-z/; # all lower cases + $client_dn =~ s/\s+//g; # remove all spacing + + if (&is_agent($client_dn)) { + return 1; + } + return 0; +} + +sub DoPage +{ + if (!&authorize()) { + print $gQuery->redirect("/cgi-bin/sow/noaccess.cgi"); + return; + } + + $gQueryAction = "default"; + $gQueryOverrideAction = "default"; + + @gCookieNames = ("ascScreenName", + "ascSubscriptionType", + "ascBindings"); + + $gQueryAction = $gQuery->param("action") if + (defined $gQuery->param("action")); + + $gQueryOverrideAction = $gQuery->param("override_action") + if (defined $gQuery->param("override_action")); + + if ($gQueryOverrideAction ne "default") + { + $gQueryAction = $gQueryOverrideAction; + } + +######################################################################## +# +# If no action was provided, we default to showing our +# admin page! +# +# http://www.foo.com/esc.cgi +# +######################################################################## + + if ($gQueryAction eq "default") + { + GeneratePage(); + exit 0; + } +} + +sub ExitError +{ + my($str) = @_; + print $gQuery->header(), $gQuery->start_html(), $str, $gQuery->end_html(); + exit 0; +} + +sub GetScreenName +{ + my $sn = ""; + + if (defined $gQuery->param("screenname")) + { + $sn = $gQuery->param("screenname"); + } else { + $sn = "default"; + } + + return $sn; +} + +sub GetKeyType +{ + my $keyType = 0; + + if (defined $gQuery->param("keytype")) + { + $keyType = $gQuery->param("keytype"); + } + + return $keyType; +} + +sub GetKeyID +{ + my $keyID = ""; + + if (defined $gQuery->param("keyid")) + { + $keyID = $gQuery->param("keyid"); + } + + return $keyID; +} + +sub GetKeyLabelArg +{ + my $keyLabel = ""; + + if (defined $gQuery->param("keylabel")) + { + $keyLabel = $gQuery->param("keylabel"); + } + + return $keyLabel; +} + +sub HaveScreenName +{ + return 1 if (GetScreenName() ne ""); + return 0; +} + +sub IsSubscriber +{ + my $subType = $gUserObj{'SUBSCRIPTION'}; + return 1 if ($subType eq "HouseKey" || $subType eq "NetKey"); + + return 0; +} + +sub GetNextAction +{ + my($nextActn) = "default"; + + if (defined $gQuery->param('nextaction')) + { + $nextActn = $gQuery->param('nextaction'); + } + elsif (defined $gQuery->param('action')) + { + $nextActn = $gQuery->param('action'); + } + + return $nextActn; +} + +sub GeneratePage +{ + my ($l); + + ExitError("Failed to load enrollment page!") if (!open(ENROLL_FILE, "< formatso.html")); + + print $gQuery->header(); + + while ($l = <ENROLL_FILE>) + { + $l =~ s/\$host/$host/g; + $l =~ s/\$port/$port/g; + $l =~ s/\$secure_port/$secure_port/g; + print $l; + } + + close(ENROLL_FILE); +} + +&DoPage(); diff --git a/base/tps/apache/cgi-bin/sow/formatso.html b/base/tps/apache/cgi-bin/sow/formatso.html new file mode 100755 index 000000000..d09666c5a --- /dev/null +++ b/base/tps/apache/cgi-bin/sow/formatso.html @@ -0,0 +1,186 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2009 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<html> +<head> +<meta http-equiv="Content-Type" content="text/html; charset=utf-8"> +<link rel=stylesheet href="/esc/sow/style.css" type="text/css"> + +<title>Enrollment</title> +<script type="text/javascript" src="/esc/sow/js/prototype.js"></script> +<script type="text/javascript" src="/esc/sow/js/scriptaculous.js?load=effects"></script> +<script type="text/JavaScript" src="/esc/sow/util.js"></script> +<link rel="stylesheet" href="/esc/sow/css/style.css" media="screen" type="text/css"> +<script type="text/javascript"> +<!-- +function UserOnCOOLKeyStateError() +{ + toggleAjaxProgress('ajax-pb', 'off'); + toggleButton('enrollbtn', 'on'); + toggleButton('cancel', 'on'); +} + +function UserOnCOOLKeyFormatComplete() +{ + toggleAjaxProgress('ajax-pb', 'off'); + toggleButton('enrollbtn', 'on'); + toggleButton('cancel', 'on'); +} + +function updateKeyText(text) +{ + var f = document.getElementById('keytext'); + new Effect.Shake(f); + var text = document.createTextNode(text); + var len= f.childNodes.length; + for (i=0;i<len;i++){ + f.removeChild(f.childNodes[0]); + } + f.appendChild(text); +} + +function UserOnCOOLKeyStatusUpdate(data) +{ + var progress = document.getElementById("progress"); + + if(progress) + progress.innerHTML = data + "%"; +} + +function UserSelectRowByKeyID(keyType, keyID) +{ + DoCoolKeySetConfigValue("Operation-" + keyID, + "https://$host:$secure_port/nk_service"); + DoCoolKeySetConfigValue("TokenType-" + keyID, "userKey"); + SelectRowByKeyID(keyType, keyID); +} + +function UserOnDoneInitializeBindingTable() +{ + // display existing blank smart + var arr = GetAvailableCOOLKeys(); + if (!arr || arr.length < 1) + return; + var i; + for (i=0; i < arr.length; i++) + { + var keyType = arr[i][0]; + var keyID = arr[i][1]; + UserOnCOOLKeyInserted(keyType,keyID); + } +} + +function UserOnCOOLKeyInserted(keyType, keyID) +{ + var keyStatus = GetStatusForKeyID(keyType, keyID); + if (keyStatus == "ENROLLED" || keyStatus == "UNINITIALIZED") { + updateKeyText('An ' + keyStatus + ' smartcard "' + keyID + '" is detected!'); + } else { + updateKeyText('A ' + keyStatus + ' smartcard "' + keyID + '" is detected!'); + } + UserSelectRowByKeyID(keyType, keyID); + var uid = null; + var isUser = false; + + if(keyStatus == "ENROLLED") + { + uid = GetCoolKeyIssuedTo(keyType,keyID); + + if(uid) + { + isUser = IsAgentOrUser(uid,"user"); + } + if(isUser == true) + { + MyAlert("You can't Format a User card here! Try another card."); + + updateKeyText('A ' + keyStatus + ' smartcard "' + keyID + '" USER is detected!'); + toggleButton('enrollbtn','off'); + } + } +} + +function UserOnCOOLKeyRemoved(keyType, keyID) +{ + updateKeyText('Please insert a blank smartcard now!'); +} + +function toggleAjaxProgress(id, i) +{ + var e = document.getElementById(id); + if (i == 'off') { + e.style.display = 'none'; + } else { + e.style.display = 'block'; + } +} + +function toggleButton(id, i) +{ + var e = document.getElementById(id); + if (i == 'off') { + e.disabled = true; + } else { + e.disabled = false; + } +} +// --> +</script> +</head> + +<body onload="InitializeBindingTable();" onunload=cleanup()> + +<progressmeter id="progress-id" hidden="true" align = "center"/> + +<div id="pb" style="display:none;"> + <table id="BindingTable" width="200px" align="center"> + <tr id="HeaderRow"> + </tr> + </table> +</div> +<div id="header"> + <div id="logo"> + <h3>Security Officer Station</h3> + </div> +</div> + +<div id="content"> + <div id="maintext"> + <div id="topmenu"> + | <a href="/cgi-bin/sow/main.cgi">Main</a> | + </div> +<br/> +<blockquote>This will erase the phone home URL and format the SO token, so that you can start the demonstration all over again. <br/><br/>WARNING: You will not be able to access the security officer station after this operation.</blockquote> +<h3><span id="keytext">Please insert new smartcard now!</span></h3> + <br/> + <table width="100%"> + <tr> +<td> +<div id="ajax-pb" style="display:none;"> + <img src="/pki/esc/sow/images/indicator.gif"> + <h2 id="progress" name="progress" value="0%" ></h2> +</div> +</td> + <td align="right"> + <input type="button" id="enrollbtn" name="enrollbtn" value="Format" onClick="toggleButton('enrollbtn','off');toggleButton('cancel', 'off');toggleAjaxProgress('ajax-pb','on');DoFormatSoCOOLKey();"> + <input type="submit" id="cancel" name="cancel" value="Cancel" onClick="javascript:location.href='/cgi-bin/sow/search.cgi';"> + </td> + </tr> + </table> + </div> +</div> +</body></html> diff --git a/base/tps/apache/cgi-bin/sow/index.cgi b/base/tps/apache/cgi-bin/sow/index.cgi new file mode 100755 index 000000000..7f7a98869 --- /dev/null +++ b/base/tps/apache/cgi-bin/sow/index.cgi @@ -0,0 +1,42 @@ +#!/usr/bin/perl +# +# --- BEGIN COPYRIGHT BLOCK --- +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; +# version 2.1 of the License. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301 USA +# +# Copyright (C) 2007 Red Hat, Inc. +# All rights reserved. +# --- END COPYRIGHT BLOCK --- +# +# +# +# +print "Content-type: text/xml\n\n"; +print "<\?xml version=\"1.0\" encoding=\"UTF-8\"\?>"; +print "<ServiceInfo>"; +print "<IssuerName>"; +print "Fedora Project"; # Vendor +print "</IssuerName>\n"; +print "<Services>"; +print "<Operation>"; +print "https://[SERVER_NAME]:[SECURE_PORT]/nk_service"; +print "</Operation>"; +print "<UI>"; +print "https://[SERVER_NAME]:[SECURE_PORT]/cgi-bin/sow/search.cgi"; +print "</UI>"; +print "<EnrolledTokenBrowserURL>"; +print "</EnrolledTokenBrowserURL>"; +print "</Services>"; +print "</ServiceInfo>"; diff --git a/base/tps/apache/cgi-bin/sow/is_agent.cgi b/base/tps/apache/cgi-bin/sow/is_agent.cgi new file mode 100755 index 000000000..c6b6a87f7 --- /dev/null +++ b/base/tps/apache/cgi-bin/sow/is_agent.cgi @@ -0,0 +1,69 @@ +#! /usr/bin/perl -w +# +# --- BEGIN COPYRIGHT BLOCK --- +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; +# version 2.1 of the License. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301 USA +# +# Copyright (C) 2007 Red Hat, Inc. +# All rights reserved. +# --- END COPYRIGHT BLOCK --- +# + +use CGI; + +[REQUIRE_CFG_PL] + + +my $ldapHost = get_ldap_host(); +my $ldapPort = get_ldap_port(); +my $basedn = get_base_dn(); + +my $q = new CGI; + +sub authorize +{ + my $client_dn = $ENV{'SSL_CLIENT_S_DN'}; + $client_dn =~ tr/A-Z/a-z/; # all lower cases + $client_dn =~ s/\s+//g; # remove all spacing + + if (&is_agent($client_dn)) { + return 1; + } + return 0; +} + +sub DoIsAgent +{ + + print "Content-type: text/xml\n\n"; + + if (!&authorize()) { + return; + } + + my $uid = $q->param('uid'); + + if(&is_agent("uid=$uid")) + { + print "<response>yes</response>\n"; + } + else + { + print "<response>no</response>\n"; + } + +} + +&DoIsAgent(); diff --git a/base/tps/apache/cgi-bin/sow/is_user.cgi b/base/tps/apache/cgi-bin/sow/is_user.cgi new file mode 100755 index 000000000..d7a551421 --- /dev/null +++ b/base/tps/apache/cgi-bin/sow/is_user.cgi @@ -0,0 +1,71 @@ +#! /usr/bin/perl -w +# +# --- BEGIN COPYRIGHT BLOCK --- +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; +# version 2.1 of the License. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301 USA +# +# Copyright (C) 2007 Red Hat, Inc. +# All rights reserved. +# --- END COPYRIGHT BLOCK --- +# + +use CGI; + +use CGI::Carp qw(fatalsToBrowser); + +[REQUIRE_CFG_PL] + + +my $ldapHost = get_ldap_host(); +my $ldapPort = get_ldap_port(); +my $basedn = get_base_dn(); + +my $q = new CGI; + +sub authorize +{ + my $client_dn = $ENV{'SSL_CLIENT_S_DN'}; + $client_dn =~ tr/A-Z/a-z/; # all lower cases + $client_dn =~ s/\s+//g; # remove all spacing + + if (&is_agent($client_dn)) { + return 1; + } + return 0; +} + +sub DoIsUser +{ + + print "Content-type: text/xml\n\n"; + + if (!&authorize()) { + return; + } + + my $uid = $q->param('uid'); + + if(&is_user("uid=$uid")) + { + print "<response>yes</response>\n"; + } + else + { + print "<response>no</response>\n"; + } + +} + +&DoIsUser(); diff --git a/base/tps/apache/cgi-bin/sow/main.cgi b/base/tps/apache/cgi-bin/sow/main.cgi new file mode 100755 index 000000000..c6f65e42e --- /dev/null +++ b/base/tps/apache/cgi-bin/sow/main.cgi @@ -0,0 +1,70 @@ +#! /usr/bin/perl -w +# +# --- BEGIN COPYRIGHT BLOCK --- +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; +# version 2.1 of the License. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301 USA +# +# Copyright (C) 2007 Red Hat, Inc. +# All rights reserved. +# --- END COPYRIGHT BLOCK --- +# + +use CGI; + +[REQUIRE_CFG_PL] + + +my $ldapHost = get_ldap_host(); +my $ldapPort = get_ldap_port(); +my $basedn = get_base_dn(); + +my $q = new CGI; + +sub authorize +{ + my $client_dn = $ENV{'SSL_CLIENT_S_DN'}; + $client_dn =~ tr/A-Z/a-z/; # all lower cases + $client_dn =~ s/\s+//g; # remove all spacing + + if (&is_agent($client_dn)) { + return 1; + } + return 0; +} + +sub DoPage +{ + if (!&authorize()) { + print $q->redirect("/cgi-bin/sow/noaccess.cgi"); + return; + } + + my $error = $q->param('error'); + $error = "" if !defined $error; + + open(FILE, "< main.html"); + + print $q->header(); + + while ($l = <FILE>) + { + $l =~ s/\$error/$error/g; + print $l; + } + + close(FILE); +} + +&DoPage(); diff --git a/base/tps/apache/cgi-bin/sow/main.html b/base/tps/apache/cgi-bin/sow/main.html new file mode 100755 index 000000000..e7de688bc --- /dev/null +++ b/base/tps/apache/cgi-bin/sow/main.html @@ -0,0 +1,67 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2009 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<html> +<head> +<meta http-equiv="Content-Type" content="text/html; charset=utf-8"> +<link rel=stylesheet href="/esc/sow/style.css" type="text/css"> + +<title>Security Officer</title> +<link rel="stylesheet" href="/esc/sow/css/style.css" media="screen" type="text/css"> +</head> + +<body> + +<div id="header"> + <div id="logo"> + <h3>Security Officer Station</h3> + </div> +</div> + +<div id="content"> + <div id="maintext"> + <div id="topmenu"> + | <a href="/cgi-bin/sow/main.cgi">Main</a> | + </div> + <blockquote><p>User Token Functions</p></blockquote> +<ul style="font-size:1.2em;"> + <a href="search.cgi">Enroll New Card</a> - enroll a new user smart card<br /> + <a href="search_temp.cgi">Enroll Temporay Card</a> - enroll a temporary smart card<br /> + <a href="format.cgi">Format Card</a> - format a user card<br /> + <a href="seturl.cgi">Set Home URL</a> - set phone home URL to a user card<br /> +</ul> + <blockquote><p>Misc Functions</p></blockquote> +<ul style="font-size:1.2em;"> + <a href="formatso.cgi">Format SO Card</a> - format a SO card<br /> +</ul> + + <br/> +<font color="red">$error</font> + <br/> + <table width="100%"> + <tr> + <td align="right"> + </td> + </tr> + </table> +</form> + + </div> +</div> + +</body> +</html> diff --git a/base/tps/apache/cgi-bin/sow/noaccess.cgi b/base/tps/apache/cgi-bin/sow/noaccess.cgi new file mode 100755 index 000000000..17166bcb6 --- /dev/null +++ b/base/tps/apache/cgi-bin/sow/noaccess.cgi @@ -0,0 +1,56 @@ +#! /usr/bin/perl -w +# +# --- BEGIN COPYRIGHT BLOCK --- +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; +# version 2.1 of the License. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301 USA +# +# Copyright (C) 2007 Red Hat, Inc. +# All rights reserved. +# --- END COPYRIGHT BLOCK --- +# + +use CGI; + +[REQUIRE_CFG_PL] + + +my $host = get_host(); +my $secure_port = get_secure_port(); +my $port = get_port(); + +my $q = new CGI; + +sub DoPage +{ + + my $error = $q->param('error'); + + open(FILE, "< noaccess.html"); + + print $q->header(); + + while ($l = <FILE>) + { + $l =~ s/\$error/$error/g; + $l =~ s/\$host/$host/g; + $l =~ s/\$secure_port/$secure_port/g; + $l =~ s/\$port/$port/g; + print $l; + } + + close(FILE); +} + +&DoPage(); diff --git a/base/tps/apache/cgi-bin/sow/noaccess.html b/base/tps/apache/cgi-bin/sow/noaccess.html new file mode 100755 index 000000000..06e9fa2d8 --- /dev/null +++ b/base/tps/apache/cgi-bin/sow/noaccess.html @@ -0,0 +1,63 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2009 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<html> +<head> +<meta http-equiv="Content-Type" content="text/html; charset=utf-8"> +<link rel=stylesheet href="/esc/sow/style.css" type="text/css"> + +<title>Security Officer</title> +<link rel="stylesheet" href="/esc/sow/css/style.css" media="screen" type="text/css"> +</head> + +<body> + +<div id="header"> + <div id="logo"> + <h3>Security Officer Station</h3> + </div> +</div> + +<div id="content"> + <div id="maintext"> + <div id="topmenu"> + </div> + <blockquote><p>Sorry, you do not have permission to perform the requested operation.</p></blockquote> +<form method=post action="http://$host:$port/cgi-bin/sow/welcome.cgi"> + <table> + <tr> + </tr> + + </table> + + <br/> +<font color="red">$error</font> + <br/> + <table width="100%"> + <tr> + <td align="right"> + <input type="submit" id="search" name="search" value="Start Over"> + </td> + </tr> + </table> +</form> + + </div> +</div> + +</body> +</html> diff --git a/base/tps/apache/cgi-bin/sow/read.cgi b/base/tps/apache/cgi-bin/sow/read.cgi new file mode 100755 index 000000000..8a5793c2b --- /dev/null +++ b/base/tps/apache/cgi-bin/sow/read.cgi @@ -0,0 +1,128 @@ +#! /usr/bin/perl -w +# +# --- BEGIN COPYRIGHT BLOCK --- +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; +# version 2.1 of the License. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301 USA +# +# Copyright (C) 2007 Red Hat, Inc. +# All rights reserved. +# --- END COPYRIGHT BLOCK --- +# + +use CGI; +use Mozilla::LDAP::Conn; +use PKI::TPS::Common; + +[REQUIRE_CFG_PL] + +sub authorize +{ + my $client_dn = $ENV{'SSL_CLIENT_S_DN'}; + $client_dn =~ tr/A-Z/a-z/; # all lower cases + $client_dn =~ s/\s+//g; # remove all spacing + + if (&is_agent($client_dn)) { + return 1; + } + return 0; +} + +sub DoPage +{ + my $q = new CGI; + my $host = get_ldap_host(); + my $port = get_ldap_port(); + my $secureconn = get_ldap_secure(); + my $basedn = get_base_dn(); + my $certdir = get_ldap_certdir(); + + if (!&authorize()) { + print $q->redirect("/cgi-bin/sow/noaccess.cgi"); + return; + } + + my $name = $q->param('name'); + my $uid = $q->param('name_ID'); + $name = "" if !defined $name; + + if ($name eq "") { + print $q->redirect("/cgi-bin/sow/search.cgi?error=Name cannot be empty"); + return; + } + + my $conn = PKI::TPS::Common::make_connection( + {host => $host, port => $port, cert => $certdir}, + $secureconn); + + if (!$conn) { + print $q->redirect("/cgi-bin/sow/search.cgi?error=Failed to connect to the database."); + return; + }; + + my $entry = $conn->search ( $basedn, + "sub", + "cn=$name", + 0 + ); + + if (!$entry) { + $conn->close(); + print $q->redirect("/cgi-bin/sow/search.cgi?error=User $name not found"); + return; + } + + my $givenName = ($entry->getValues("givenName"))[0] || "-"; + my $cn = ($entry->getValues("cn"))[0] || "-"; + my $sn = ($entry->getValues("sn"))[0] ||"-"; + $uid = ($entry->getValues("uid"))[0] || "-"; + my $mail = ($entry->getValues("mail"))[0] || "-"; + my $phone = ($entry->getValues("telephoneNumber"))[0] || "-"; + my $photoLarge = ($entry->getValues("photoLarge"))[0] || ""; # photo (full size) + my $photoSmall = ($entry->getValues("photoSmall"))[0] || ""; # photo (thumb) + my $height = ($entry->getValues("height"))[0] || ""; + my $weight = ($entry->getValues("weight"))[0] || ""; + my $eyecolor = ($entry->getValues("eyeColor"))[0] || ""; + + $conn->close(); + + if ($uid eq "-") { + print $q->redirect("/cgi-bin/sow/search.cgi?error=User $name not found"); + return; + } + + open(FILE, "< read.html"); + + print $q->header(); + + while ($l = <FILE>) + { + $l =~ s/\$mail/$mail/g; + $l =~ s/\$uid/$uid/g; + $l =~ s/\$givenName/$givenName/g; + $l =~ s/\$sn/$sn/g; + $l =~ s/\$cn/$cn/g; + $l =~ s/\$phone/$phone/g; + $l =~ s/\$photoLarge/$photoLarge/g; + $l =~ s/\$photoSmall/$photoSmall/g; + $l =~ s/\$height/$height/g; + $l =~ s/\$weight/$weight/g; + $l =~ s/\$eyecolor/$eyecolor/g; + print $l; + } + + close(FILE); +} + +&DoPage(); diff --git a/base/tps/apache/cgi-bin/sow/read.html b/base/tps/apache/cgi-bin/sow/read.html new file mode 100755 index 000000000..1e660c84f --- /dev/null +++ b/base/tps/apache/cgi-bin/sow/read.html @@ -0,0 +1,78 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2009 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<html> +<head> +<meta http-equiv="Content-Type" content="text/html; charset=utf-8"> +<link rel=stylesheet href="/esc/sow/css/style.css" type="text/css"> + +<title>Security Officer</title> +<script type="text/javascript" src="/esc/sow/js/prototype.js"></script> +<script type="text/javascript" src="/esc/sow/js/scriptaculous.js?load=effects"></script> +<link rel="stylesheet" href="/esc/sow/css/style.css" media="screen" type="text/css"> +</head> + +<body> + +<div id="header"> + <div id="logo"> + <h3>Security Officer Station</h3> + </div> +</div> + +<div id="content"> + <div id="maintext"> + <div id="topmenu"> + | <a href="/cgi-bin/sow/main.cgi">Main</a> | + </div> + <blockquote><p>Please check user's identification and verify the user information. If the information is correct, please insert a new smart card and continue.</p></blockquote> + <table> + <tr> + <td> +<script type="text/javascript"> + if ('$departmentNumber' != '') { + document.writeln('<img alt="" border=0 src="$photoSmall">'); + } +</script> + </td> + <td> + <span class="heading">UID:</span> $uid<br/> + <span class="heading">Given Name:</span> $givenName<br/> + <span class="heading">Last Name:</span> $sn<br/> + <span class="heading">Email:</span>$mail<br/> + <span class="heading">Height:</span> $height<br/> + <span class="heading">Weight:</span> $weight<br/> + <span class="heading">Eye Color:</span> $eyecolor<br/> + </td> + </table> + <br/> + + <form method=post action="enroll.cgi"> + <input type=hidden name=uid value="$uid"> + <table width="100%"> + <tr> + <td align="right"> + <input type="submit" id="search" name="Enroll" value="Continue"> + </td> + </tr> + </table> + </form> + </div> +</div> + +</body> +</html> diff --git a/base/tps/apache/cgi-bin/sow/read_temp.cgi b/base/tps/apache/cgi-bin/sow/read_temp.cgi new file mode 100755 index 000000000..31c6fd7e3 --- /dev/null +++ b/base/tps/apache/cgi-bin/sow/read_temp.cgi @@ -0,0 +1,125 @@ +#! /usr/bin/perl -w +# +# --- BEGIN COPYRIGHT BLOCK --- +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; +# version 2.1 of the License. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301 USA +# +# Copyright (C) 2007 Red Hat, Inc. +# All rights reserved. +# --- END COPYRIGHT BLOCK --- +# + +use CGI; +use Mozilla::LDAP::Conn; +use PKI::TPS::Common; + +[REQUIRE_CFG_PL] + + +sub authorize +{ + my $client_dn = $ENV{'SSL_CLIENT_S_DN'}; + $client_dn =~ tr/A-Z/a-z/; # all lower cases + $client_dn =~ s/\s+//g; # remove all spacing + + if (&is_agent($client_dn)) { + return 1; + } + return 0; +} + +sub DoPage +{ + my $q = new CGI; + my $host = get_ldap_host(); + my $port = get_ldap_port(); + my $secureconn = get_ldap_secure(); + my $basedn = get_base_dn(); + my $certdir = get_ldap_certdir(); + + if (!&authorize()) { + print $q->redirect("/cgi-bin/sow/noaccess.cgi"); + return; + } + + my $name = $q->param('name'); + my $uid = $q->param('name_ID'); + $name = "" if !defined $name; + + if ($name eq "") { + print $q->redirect("/cgi-bin/sow/search.cgi?error=Name cannot be empty"); + return; + } + + my $conn = PKI::TPS::Common::make_connection( + {host => $host, port => $port, cert => $certdir}, + $secureconn); + + + my $entry = $conn->search ( $basedn, + "sub", + "cn=$name", + 0 + ); + + if (!$entry) { + $conn->close(); + print $q->redirect("/cgi-bin/sow/search.cgi?error=User $name not found"); + return; + } + + my $givenName = ($entry->getValues("givenName"))[0] || "-"; + my $cn = ($entry->getValues("cn"))[0] || "-"; + my $sn = ($entry->getValues("sn"))[0] ||"-"; + $uid = ($entry->getValues("uid"))[0] || "-"; + my $mail = ($entry->getValues("mail"))[0] || "-"; + my $phone = ($entry->getValues("telephoneNumber"))[0] || "-"; + my $photoLarge = ($entry->getValues("photoLarge"))[0] || ""; # photo (full size) + my $photoSmall = ($entry->getValues("photoSmall"))[0] || ""; # photo (thumb) + my $height = ($entry->getValues("height"))[0] || ""; + my $weight = ($entry->getValues("weight"))[0] || ""; + my $eyecolor = ($entry->getValues("eyeColor"))[0] || ""; + + $conn->close(); + + if ($uid eq "-") { + print $q->redirect("/cgi-bin/sow/search.cgi?error=User $name not found"); + return; + } + + open(FILE, "< read_temp.html"); + + print $q->header(); + + while ($l = <FILE>) + { + $l =~ s/\$mail/$mail/g; + $l =~ s/\$uid/$uid/g; + $l =~ s/\$givenName/$givenName/g; + $l =~ s/\$sn/$sn/g; + $l =~ s/\$cn/$cn/g; + $l =~ s/\$phone/$phone/g; + $l =~ s/\$photoLarge/$photoLarge/g; + $l =~ s/\$photoSmall/$photoSmall/g; + $l =~ s/\$height/$height/g; + $l =~ s/\$weight/$weight/g; + $l =~ s/\$eyecolor/$eyecolor/g; + print $l; + } + + close(FILE); +} + +&DoPage(); diff --git a/base/tps/apache/cgi-bin/sow/read_temp.html b/base/tps/apache/cgi-bin/sow/read_temp.html new file mode 100755 index 000000000..1e660c84f --- /dev/null +++ b/base/tps/apache/cgi-bin/sow/read_temp.html @@ -0,0 +1,78 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2009 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<html> +<head> +<meta http-equiv="Content-Type" content="text/html; charset=utf-8"> +<link rel=stylesheet href="/esc/sow/css/style.css" type="text/css"> + +<title>Security Officer</title> +<script type="text/javascript" src="/esc/sow/js/prototype.js"></script> +<script type="text/javascript" src="/esc/sow/js/scriptaculous.js?load=effects"></script> +<link rel="stylesheet" href="/esc/sow/css/style.css" media="screen" type="text/css"> +</head> + +<body> + +<div id="header"> + <div id="logo"> + <h3>Security Officer Station</h3> + </div> +</div> + +<div id="content"> + <div id="maintext"> + <div id="topmenu"> + | <a href="/cgi-bin/sow/main.cgi">Main</a> | + </div> + <blockquote><p>Please check user's identification and verify the user information. If the information is correct, please insert a new smart card and continue.</p></blockquote> + <table> + <tr> + <td> +<script type="text/javascript"> + if ('$departmentNumber' != '') { + document.writeln('<img alt="" border=0 src="$photoSmall">'); + } +</script> + </td> + <td> + <span class="heading">UID:</span> $uid<br/> + <span class="heading">Given Name:</span> $givenName<br/> + <span class="heading">Last Name:</span> $sn<br/> + <span class="heading">Email:</span>$mail<br/> + <span class="heading">Height:</span> $height<br/> + <span class="heading">Weight:</span> $weight<br/> + <span class="heading">Eye Color:</span> $eyecolor<br/> + </td> + </table> + <br/> + + <form method=post action="enroll.cgi"> + <input type=hidden name=uid value="$uid"> + <table width="100%"> + <tr> + <td align="right"> + <input type="submit" id="search" name="Enroll" value="Continue"> + </td> + </tr> + </table> + </form> + </div> +</div> + +</body> +</html> diff --git a/base/tps/apache/cgi-bin/sow/search.cgi b/base/tps/apache/cgi-bin/sow/search.cgi new file mode 100755 index 000000000..e681ed100 --- /dev/null +++ b/base/tps/apache/cgi-bin/sow/search.cgi @@ -0,0 +1,70 @@ +#! /usr/bin/perl -w +# +# --- BEGIN COPYRIGHT BLOCK --- +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; +# version 2.1 of the License. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301 USA +# +# Copyright (C) 2007 Red Hat, Inc. +# All rights reserved. +# --- END COPYRIGHT BLOCK --- +# + +use CGI; + +[REQUIRE_CFG_PL] + + +my $ldapHost = get_ldap_host(); +my $ldapPort = get_ldap_port(); +my $basedn = get_base_dn(); + +my $q = new CGI; + +sub authorize +{ + my $client_dn = $ENV{'SSL_CLIENT_S_DN'}; + $client_dn =~ tr/A-Z/a-z/; # all lower cases + $client_dn =~ s/\s+//g; # remove all spacing + + if (&is_agent($client_dn)) { + return 1; + } + return 0; +} + +sub DoPage +{ + if (!&authorize()) { + print $q->redirect("/cgi-bin/sow/noaccess.cgi"); + return; + } + + my $error = $q->param('error'); + $error = "" if !defined $error; + + open(FILE, "< search.html"); + + print $q->header(); + + while ($l = <FILE>) + { + $l =~ s/\$error/$error/g; + print $l; + } + + close(FILE); +} + +&DoPage(); diff --git a/base/tps/apache/cgi-bin/sow/search.html b/base/tps/apache/cgi-bin/sow/search.html new file mode 100755 index 000000000..789a4a015 --- /dev/null +++ b/base/tps/apache/cgi-bin/sow/search.html @@ -0,0 +1,71 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2009 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<html> +<head> +<meta http-equiv="Content-Type" content="text/html; charset=utf-8"> +<link rel=stylesheet href="/esc/sow/style.css" type="text/css"> + +<title>Security Officer</title> +<link rel="stylesheet" href="/esc/sow/css/style.css" media="screen" type="text/css"> +</head> + +<body> + +<div id="header"> + <div id="logo"> + <h3>Security Officer Station</h3> + </div> +</div> + +<div id="content"> + <div id="maintext"> + <div id="topmenu"> + | <a href="/cgi-bin/sow/main.cgi">Main</a> | + </div> + <blockquote><p>Please locate the user who is requesting a new smart card.</p></blockquote> +<form method=post action="read.cgi"> +<div style="font-size:0.8em;"> + <table> + <tr> + <td><h3>Name: </h3></td> + <td> </td> + <td><input type="text" id="name" name="name" value="" autocomplete="off"></td> + <input type="hidden" id="name_hidden" name="name_ID"><!-- THE ID OF the country will be inserted into this hidden input --></td> + <td> </td> + </tr> + + </table> +</div> + + <br/> +<font color="red">$error</font> + <br/> + <table width="100%"> + <tr> + <td align="right"> + <input type="submit" id="search" name="search" value="Continue"> + </td> + </tr> + </table> +</form> + + </div> +</div> + +</body> +</html> diff --git a/base/tps/apache/cgi-bin/sow/search_temp.cgi b/base/tps/apache/cgi-bin/sow/search_temp.cgi new file mode 100755 index 000000000..5d752a49d --- /dev/null +++ b/base/tps/apache/cgi-bin/sow/search_temp.cgi @@ -0,0 +1,70 @@ +#! /usr/bin/perl -w +# +# --- BEGIN COPYRIGHT BLOCK --- +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; +# version 2.1 of the License. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301 USA +# +# Copyright (C) 2007 Red Hat, Inc. +# All rights reserved. +# --- END COPYRIGHT BLOCK --- +# + +use CGI; + +[REQUIRE_CFG_PL] + + +my $ldapHost = get_ldap_host(); +my $ldapPort = get_ldap_port(); +my $basedn = get_base_dn(); + +my $q = new CGI; + +sub authorize +{ + my $client_dn = $ENV{'SSL_CLIENT_S_DN'}; + $client_dn =~ tr/A-Z/a-z/; # all lower cases + $client_dn =~ s/\s+//g; # remove all spacing + + if (&is_agent($client_dn)) { + return 1; + } + return 0; +} + +sub DoPage +{ + if (!&authorize()) { + print $q->redirect("/cgi-bin/sow/noaccess.cgi"); + return; + } + + my $error = $q->param('error'); + $error = "" if !defined $error; + + open(FILE, "< search_temp.html"); + + print $q->header(); + + while ($l = <FILE>) + { + $l =~ s/\$error/$error/g; + print $l; + } + + close(FILE); +} + +&DoPage(); diff --git a/base/tps/apache/cgi-bin/sow/search_temp.html b/base/tps/apache/cgi-bin/sow/search_temp.html new file mode 100755 index 000000000..507f223ef --- /dev/null +++ b/base/tps/apache/cgi-bin/sow/search_temp.html @@ -0,0 +1,71 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2009 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<html> +<head> +<meta http-equiv="Content-Type" content="text/html; charset=utf-8"> +<link rel=stylesheet href="/esc/sow/style.css" type="text/css"> + +<title>Security Officer</title> +<link rel="stylesheet" href="/esc/sow/css/style.css" media="screen" type="text/css"> +</head> + +<body> + +<div id="header"> + <div id="logo"> + <h3>Security Officer Station</h3> + </div> +</div> + +<div id="content"> + <div id="maintext"> + <div id="topmenu"> + | <a href="/cgi-bin/sow/main.cgi">Main</a> | + </div> + <blockquote><p>Please locate the user who is requesting a temporary smart card.</p></blockquote> +<form method=post action="read_temp.cgi"> +<div style="font-size:0.8em;"> + <table> + <tr> + <td><h3>Name: </h3></td> + <td> </td> + <td><input type="text" id="name" name="name" value="" autocomplete="off"></td> + <input type="hidden" id="name_hidden" name="name_ID"><!-- THE ID OF the country will be inserted into this hidden input --></td> + <td> </td> + </tr> + + </table> +</div> + + <br/> +<font color="red">$error</font> + <br/> + <table width="100%"> + <tr> + <td align="right"> + <input type="submit" id="search" name="search" value="Continue"> + </td> + </tr> + </table> +</form> + + </div> +</div> + +</body> +</html> diff --git a/base/tps/apache/cgi-bin/sow/seturl.cgi b/base/tps/apache/cgi-bin/sow/seturl.cgi new file mode 100755 index 000000000..dfac46d8f --- /dev/null +++ b/base/tps/apache/cgi-bin/sow/seturl.cgi @@ -0,0 +1,207 @@ +#! /usr/bin/perl -w +# +# --- BEGIN COPYRIGHT BLOCK --- +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; +# version 2.1 of the License. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301 USA +# +# Copyright (C) 2007 Red Hat, Inc. +# All rights reserved. +# --- END COPYRIGHT BLOCK --- +# +######################################################################## +# +# Script: esc.cgi +# Author: Kin Blas () +# Date: 12/19/2003 +# +# CGI.pm Docs: +# +# http://stein.cshl.org/WWW/software/CGI/ +# +######################################################################## + +[REQUIRE_CFG_PL] + +use CGI; + +my $ldapHost = get_ldap_host(); +my $ldapPort = get_ldap_port(); +my $basedn = get_base_dn(); +my $host = get_host(); +my $port = get_port(); +my $secure_port = get_secure_port(); + +$gQuery = new CGI; + +sub authorize +{ + my $client_dn = $ENV{'SSL_CLIENT_S_DN'}; + $client_dn =~ tr/A-Z/a-z/; # all lower cases + $client_dn =~ s/\s+//g; # remove all spacing + + if (&is_agent($client_dn)) { + return 1; + } + return 0; +} + +sub DoPage +{ + if (!&authorize()) { + print $gQuery->redirect("/cgi-bin/sow/noaccess.cgi"); + return; + } + + $gQueryAction = "default"; + $gQueryOverrideAction = "default"; + + @gCookieNames = ("ascScreenName", + "ascSubscriptionType", + "ascBindings"); + + $gQueryAction = $gQuery->param("action") if + (defined $gQuery->param("action")); + + $gQueryOverrideAction = $gQuery->param("override_action") + if (defined $gQuery->param("override_action")); + + if ($gQueryOverrideAction ne "default") + { + $gQueryAction = $gQueryOverrideAction; + } + +######################################################################## +# +# If no action was provided, we default to showing our +# admin page! +# +# http://www.foo.com/esc.cgi +# +######################################################################## + + if ($gQueryAction eq "default") + { + GeneratePage(); + exit 0; + } +} + +sub ExitError +{ + my($str) = @_; + print $gQuery->header(), $gQuery->start_html(), $str, $gQuery->end_html(); + exit 0; +} + +sub GetScreenName +{ + my $sn = ""; + + if (defined $gQuery->param("screenname")) + { + $sn = $gQuery->param("screenname"); + } else { + $sn = "default"; + } + + return $sn; +} + +sub GetKeyType +{ + my $keyType = 0; + + if (defined $gQuery->param("keytype")) + { + $keyType = $gQuery->param("keytype"); + } + + return $keyType; +} + +sub GetKeyID +{ + my $keyID = ""; + + if (defined $gQuery->param("keyid")) + { + $keyID = $gQuery->param("keyid"); + } + + return $keyID; +} + +sub GetKeyLabelArg +{ + my $keyLabel = ""; + + if (defined $gQuery->param("keylabel")) + { + $keyLabel = $gQuery->param("keylabel"); + } + + return $keyLabel; +} + +sub HaveScreenName +{ + return 1 if (GetScreenName() ne ""); + return 0; +} + +sub IsSubscriber +{ + my $subType = $gUserObj{'SUBSCRIPTION'}; + return 1 if ($subType eq "HouseKey" || $subType eq "NetKey"); + + return 0; +} + +sub GetNextAction +{ + my($nextActn) = "default"; + + if (defined $gQuery->param('nextaction')) + { + $nextActn = $gQuery->param('nextaction'); + } + elsif (defined $gQuery->param('action')) + { + $nextActn = $gQuery->param('action'); + } + + return $nextActn; +} + +sub GeneratePage +{ + my ($l); + + ExitError("Failed to load enrollment page!") if (!open(ENROLL_FILE, "< seturl.html")); + + print $gQuery->header(); + + while ($l = <ENROLL_FILE>) + { + $l =~ s/\$host/$host/g; + $l =~ s/\$port/$port/g; + $l =~ s/\$secure_port/$secure_port/g; + print $l; + } + + close(ENROLL_FILE); +} + +&DoPage(); diff --git a/base/tps/apache/cgi-bin/sow/seturl.html b/base/tps/apache/cgi-bin/sow/seturl.html new file mode 100755 index 000000000..966ab7a1b --- /dev/null +++ b/base/tps/apache/cgi-bin/sow/seturl.html @@ -0,0 +1,174 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2009 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<html> +<head> +<meta http-equiv="Content-Type" content="text/html; charset=utf-8"> +<link rel=stylesheet href="/esc/sow/style.css" type="text/css"> + +<title>Enrollment</title> +<script type="text/javascript" src="/esc/sow/js/prototype.js"></script> +<script type="text/javascript" src="/esc/sow/js/scriptaculous.js?load=effects"></script> +<script type="text/JavaScript" src="/esc/sow/util.js"></script> +<link rel="stylesheet" href="/esc/sow/css/style.css" media="screen" type="text/css"> +<script type="text/javascript"> +<!-- +function UserOnCOOLKeyStateError() +{ + toggleAjaxProgress('ajax-pb', 'off'); + toggleButton('enrollbtn', 'on'); + toggleButton('cancel', 'on'); +} + +function UserOnCOOLKeyFormatComplete() +{ + toggleAjaxProgress('ajax-pb', 'off'); + toggleButton('enrollbtn', 'on'); + toggleButton('cancel', 'on'); +} + +function updateKeyText(text) +{ + var f = document.getElementById('keytext'); + new Effect.Shake(f); + var text = document.createTextNode(text); + var len= f.childNodes.length; + for (i=0;i<len;i++){ + f.removeChild(f.childNodes[0]); + } + f.appendChild(text); +} + +function UserSelectRowByKeyID(keyType, keyID) +{ + DoCoolKeySetConfigValue("Operation-" + keyID, + "https://$host:$secure_port/nk_service"); + DoCoolKeySetConfigValue("TokenType-" + keyID, "userKey"); + SelectRowByKeyID(keyType, keyID); +} + +function UserOnDoneInitializeBindingTable() +{ + // display existing blank smart + var arr = GetAvailableCOOLKeys(); + if (!arr || arr.length < 1) + return; + var i; + for (i=0; i < arr.length; i++) + { + var keyType = arr[i][0]; + var keyID = arr[i][1]; + var keyStatus = GetStatusForKeyID(keyType, keyID); + if (keyStatus == "BLANK") { + updateKeyText('A ' + keyStatus + ' smartcard "' + keyID + '" is detected!'); + UserSelectRowByKeyID(keyType, keyID); + } else if (keyStatus == "UNINITIALIZED") { + updateKeyText('An ' + keyStatus + ' smartcard "' + keyID + '" is detected!'); + UserSelectRowByKeyID(keyType, keyID); + } + } +} + +function UserOnCOOLKeyStatusUpdate(data) +{ + var progress = document.getElementById("progress"); + + if(progress) + progress.innerHTML = data + "%"; +} + +function UserOnCOOLKeyInserted(keyType, keyID) +{ + var keyStatus = GetStatusForKeyID(keyType, keyID); + if (keyStatus == "ENROLLED" || keyStatus == "UNINITIALIZED") { + updateKeyText('An ' + keyStatus + ' smartcard "' + keyID + '" is detected!'); + } else { + updateKeyText('A ' + keyStatus + ' smartcard "' + keyID + '" is detected!'); + } + UserSelectRowByKeyID(keyType, keyID); +} + +function UserOnCOOLKeyRemoved(keyType, keyID) +{ + updateKeyText('Please insert a blank smartcard now!'); +} + +function toggleAjaxProgress(id, i) +{ + var e = document.getElementById(id); + if (i == 'off') { + e.style.display = 'none'; + } else { + e.style.display = 'block'; + } +} + +function toggleButton(id, i) +{ + var e = document.getElementById(id); + if (i == 'off') { + e.disabled = true; + } else { + e.disabled = false; + } +} +// --> +</script> +</head> + +<body onload="InitializeBindingTable();" onunload=cleanup()> + +<progressmeter id="progress-id" hidden="true" align = "center"/> + +<div id="pb" style="display:none;"> + <table id="BindingTable" width="200px" align="center"> + <tr id="HeaderRow"> + </tr> + </table> +</div> +<div id="header"> + <div id="logo"> + <h3>Security Officer Station</h3> + </div> +</div> + +<div id="content"> + <div id="maintext"> + <div id="topmenu"> + | <a href="/cgi-bin/sow/main.cgi">Main</a> | + </div> +<br/> +<blockquote>This will burn a phone home URL on the user token.</blockquote> +<h3><span id="keytext">Please insert new smartcard now!</span></h3> + <br/> + <table width="100%"> + <tr> +<td> +<div id="ajax-pb" style="display:none;"> + <img src="/pki/esc/sow/images/indicator.gif"> + <h2 id="progress" name="progress" value="0%" ></h2> +</div> +</td> + <td align="right"> + <input type="button" id="enrollbtn" name="enrollbtn" value="Format" onClick="toggleButton('enrollbtn','off');toggleButton('cancel', 'off');toggleAjaxProgress('ajax-pb','on');DoSetURLCOOLKey();"> + <input type="submit" id="cancel" name="cancel" value="Cancel" onClick="javascript:location.href='/cgi-bin/sow/search.cgi';"> + </td> + </tr> + </table> + </div> +</div> +</body></html> diff --git a/base/tps/apache/cgi-bin/sow/welcome.cgi b/base/tps/apache/cgi-bin/sow/welcome.cgi new file mode 100755 index 000000000..bc76dd3fa --- /dev/null +++ b/base/tps/apache/cgi-bin/sow/welcome.cgi @@ -0,0 +1,57 @@ +#! /usr/bin/perl -w +# +# --- BEGIN COPYRIGHT BLOCK --- +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; +# version 2.1 of the License. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301 USA +# +# Copyright (C) 2007 Red Hat, Inc. +# All rights reserved. +# --- END COPYRIGHT BLOCK --- +# + +use CGI; + +[REQUIRE_CFG_PL] + + +my $host = get_host(); +my $secure_port = get_secure_port(); +my $port = get_port(); + +my $q = new CGI; + +sub DoPage +{ + + my $error = $q->param('error'); + $error = "" if !defined $error; + + open(FILE, "< welcome.html"); + + print $q->header(); + + while ($l = <FILE>) + { + $l =~ s/\$error/$error/g; + $l =~ s/\$host/$host/g; + $l =~ s/\$secure_port/$secure_port/g; + $l =~ s/\$port/$port/g; + print $l; + } + + close(FILE); +} + +&DoPage(); diff --git a/base/tps/apache/cgi-bin/sow/welcome.html b/base/tps/apache/cgi-bin/sow/welcome.html new file mode 100755 index 000000000..718dce94b --- /dev/null +++ b/base/tps/apache/cgi-bin/sow/welcome.html @@ -0,0 +1,63 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2009 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<html> +<head> +<meta http-equiv="Content-Type" content="text/html; charset=utf-8"> +<link rel=stylesheet href="/esc/sow/style.css" type="text/css"> + +<title>Security Officer</title> +<link rel="stylesheet" href="/esc/sow/css/style.css" media="screen" type="text/css"> +</head> + +<body> + +<div id="header"> + <div id="logo"> + <h3>Security Officer Station</h3> + </div> +</div> + +<div id="content"> + <div id="maintext"> + <div id="topmenu"> + </div> + <blockquote><p>Welcome to the security officer interface, you will be asked to identify yourself with your token. Please click the continue button below.</p></blockquote> +<form method=post action="https://$host:$secure_port/cgi-bin/sow/main.cgi"> + <table> + <tr> + </tr> + + </table> + + <br/> +<font color="red">$error</font> + <br/> + <table width="100%"> + <tr> + <td align="right"> + <input type="submit" id="search" name="search" value="Continue"> + </td> + </tr> + </table> +</form> + + </div> +</div> + +</body> +</html> |