summaryrefslogtreecommitdiffstats
path: root/pki/base/ra/lib/perl/PKI/RA/AdminPanel.pm
diff options
context:
space:
mode:
Diffstat (limited to 'pki/base/ra/lib/perl/PKI/RA/AdminPanel.pm')
-rwxr-xr-xpki/base/ra/lib/perl/PKI/RA/AdminPanel.pm227
1 files changed, 227 insertions, 0 deletions
diff --git a/pki/base/ra/lib/perl/PKI/RA/AdminPanel.pm b/pki/base/ra/lib/perl/PKI/RA/AdminPanel.pm
new file mode 100755
index 000000000..a5538ef54
--- /dev/null
+++ b/pki/base/ra/lib/perl/PKI/RA/AdminPanel.pm
@@ -0,0 +1,227 @@
+#!/usr/bin/perl
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; version 2 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+#
+#
+#
+
+use strict;
+use warnings;
+use PKI::RA::GlobalVar;
+use PKI::RA::Common;
+use URI::URL;
+use URI::Escape;
+use DBI;
+
+package PKI::RA::AdminPanel;
+$PKI::RA::AdminPanel::VERSION = '1.00';
+
+use PKI::RA::BasePanel;
+our @ISA = qw(PKI::RA::BasePanel);
+
+sub new {
+ my $class = shift;
+ my $self = {};
+
+ $self->{"isSubPanel"} = \&is_sub_panel;
+ $self->{"hasSubPanel"} = \&has_sub_panel;
+ $self->{"isPanelDone"} = \&PKI::RA::Common::no;
+ $self->{"getPanelNo"} = &PKI::RA::Common::r(14);
+ $self->{"getName"} = &PKI::RA::Common::r("Administrator");
+ $self->{"vmfile"} = "adminpanel.vm";
+ $self->{"update"} = \&update;
+ $self->{"panelvars"} = \&display;
+ bless $self,$class;
+ return $self;
+}
+
+sub is_sub_panel
+{
+ my ($q) = @_;
+ return 0;
+}
+
+sub has_sub_panel
+{
+ my ($q) = @_;
+ return 0;
+}
+
+sub validate
+{
+ my ($q) = @_;
+ &PKI::RA::Wizard::debug_log("AdminPanel: validate");
+ return 1;
+}
+
+
+sub update
+{
+ my ($q) = @_;
+ &PKI::RA::Wizard::debug_log("AdminPanel: update");
+
+ my $uid = $q->param("uid");
+ my $name = $q->param("name");
+ my $email = $q->param("email");
+ my $password = $q->param("__pwd");
+ my $password_again = $q->param("__admin_password_again");
+
+ my $cert_request = $q->param("cert_request");
+ my $subject = $q->param("subject");
+ my $profile_id = $q->param("profileId");
+ my $cert_request_type = $q->param("cert_request_type");
+
+ $cert_request =~ s/%0D%0A//g; # remove carraige return
+
+ # submit request to CA
+
+ # Admin Certificate should be obtained from the ca selected in the
+ # name panel. If name panel use External CA, the admin certificate
+ # will be issued by the security domain CA.
+ my $cainfo = $::config->get("preop.ca.url");
+ &PKI::RA::Wizard::debug_log("AdminPanel: preop.ca.url=$cainfo");
+ if ($cainfo eq "" || $cainfo =~ /:$/) {
+ $cainfo = $::config->get("config.sdomainEEURL");
+ &PKI::RA::Wizard::debug_log("AdminPanel: config.sdomainEEURL=$cainfo");
+ }
+ &PKI::RA::Wizard::debug_log("AdminPanel: Connecting to CA: $cainfo");
+ my $cainfo_url = new URI::URL($cainfo);
+ my $sdom = $::config->get("config.sdomainEEURL");
+ my $sdom_url = new URI::URL($sdom);
+
+ my $machineName = $::config->get("service.machineName");
+ my $securePort = $::config->get("service.securePort");
+ my $session_id = $::config->get("preop.sessionID");
+
+ my $tokenname = $::config->get("preop.module.token");
+ my $token_pwd = $::pwdconf->get($tokenname);
+ my $nickname = $::config->get("preop.cert.sslserver.nickname");
+ my $instanceID = $::config->get("service.instanceID");
+ my $instanceDir = $::config->get("service.instanceDir");
+ my $db_password = `grep \"internal:\" \"$instanceDir/conf/password.conf\" | cut -c10-`;
+ $db_password =~ s/\n$//g;
+
+ my $requestor_name = "RA-" . $machineName . "-" . $securePort;
+
+ my $params = "profileId=" . $profile_id . "&" .
+ "requestor_name=" . $requestor_name . "&" .
+ "cert_request_type=" . $cert_request_type . "&" .
+ "subject=" . $subject . "&" .
+ "cert_request=" .
+ URI::Escape::uri_escape("$cert_request") . "&" .
+ "xmlOutput=true" . "&" .
+ "sessionID=" . $session_id . "&" .
+ "auth_hostname=" . $sdom_url->host . "&" .
+ "auth_port=" . $sdom_url->port;
+
+ my $ca_host = $cainfo_url->host;
+ my $https_ee_port = $cainfo_url->port;
+ my $content = "";
+ my $tmpfile = "/tmp/admin-$$";
+ if (($tokenname eq "") || ($tokenname eq "NSS Certificate DB")) {
+ system("/usr/bin/sslget -e \"$params\" -d \"$instanceDir/alias\" -p \"$db_password\" -v -n \"$nickname\" -r \"/ca/ee/ca/profileSubmit\" $ca_host:$https_ee_port > $tmpfile");
+ $content = `cat $tmpfile`;
+ } else {
+ system("/usr/bin/sslget -e \"$params\" -d \"$instanceDir/alias\" -p \"$token_pwd\" -v -n \"$nickname\" -r \"/ca/ee/ca/profileSubmit\" $ca_host:$https_ee_port > $tmpfile");
+ $content = `cat $tmpfile`;
+ }
+ system("rm $tmpfile");
+ &PKI::RA::Wizard::debug_log("req = " . $content);
+
+ $content =~ /(\<XMLResponse\>.*\<\/XMLResponse\>)/;
+ $content = $1;
+
+ # create user in internal database
+ &PKI::RA::Wizard::debug_log("AdminPanel: Creating user in internal database");
+ # use scripts/addAgents.ldif
+
+ my $parser = XML::Simple->new();
+ my $response = $parser->XMLin($content);
+ my $admincert = $response->{Requests}->{Request}->{b64};
+ &PKI::RA::Wizard::debug_log("AdminPanel: admincert " . $admincert);
+
+ # create local database
+ my $dbh = DBI->connect(
+ "dbi:SQLite:dbname=$instanceDir/conf/dbfile","","");
+ my $insert = "insert into users (" .
+ "uid" . "," .
+ "name" . "," .
+ "password" . "," .
+ "email" . "," .
+ "certificate" .
+ ") values (" .
+ $dbh->quote($uid) . "," .
+ $dbh->quote($name) . "," .
+ $dbh->quote($password) . "," .
+ $dbh->quote($email) . "," .
+ $dbh->quote($admincert) .
+ ")";
+ $dbh->do($insert);
+ $insert = "insert into roles (" .
+ "uid" . "," .
+ "gid" .
+ ") values (" .
+ $dbh->quote($uid) . "," .
+ $dbh->quote("administrators") .
+ ")";
+ $dbh->do($insert);
+ $insert = "insert into roles (" .
+ "uid" . "," .
+ "gid" .
+ ") values (" .
+ $dbh->quote($uid) . "," .
+ $dbh->quote("agents") .
+ ")";
+ $dbh->do($insert);
+ $dbh->disconnect();
+
+ my $reqid = $response->{Requests}->{Request}->{Id};
+ $::config->put("preop.admincert.requestId.0", $reqid);
+ my $sn = $response->{Requests}->{Request}->{serialno};
+ $::config->put("preop.admincert.serialno.0", $sn);
+
+ # update email address
+ $::config->put("request.agent.create_request.1.mailTo", $email);
+ $::config->put("request.scep.create_request.1.mailTo", $email);
+ $::config->put("request.server.create_request.1.mailTo", $email);
+ $::config->put("request.user.create_request.1.mailTo", $email);
+
+ $::config->commit();
+
+ return 1;
+}
+
+sub display
+{
+ my ($q) = @_;
+ &PKI::RA::Wizard::debug_log("AdminPanel: display");
+ $::symbol{admin_uid} = "admin";
+ $::symbol{admin_name} = "RA Administrator";
+ $::symbol{admin_email} = "";
+ $::symbol{admin_pwd} = "";
+ $::symbol{admin_pwd_again} = "";
+ $::symbol{import} = "true";
+ my $domain_name = $::config->get("preop.securitydomain.name");
+ $::symbol{securityDomain} = $domain_name;
+
+ return 1;
+}
+
+1;
generated by cgit (git 2.34.1) at 2024-05-05 20:40:39 +0000