first draft itk mgmt

htdocs/index.php

@@ -52,6 +52,10 @@ if (!array_key_exists('auth', $_SESSION) || $_SESSION['auth']!=1) {
 
     include_once EVOADMIN_BASE . '../inc/webadmin-servername.php';
 
+} elseif (preg_match('#^/webadmin/itk/(.*)/?$#', $uri, $params)) {
+
+    include_once EVOADMIN_BASE . '../inc/webadmin-itk.php';
+
 } elseif (preg_match('#^/webadmin/edit/(.*)/?$#', $uri, $params)) {
 
     include_once EVOADMIN_BASE . '../inc/webadmin-edit.php';

inc/webadmin-itk.php

@@ -0,0 +1,130 @@
+<?php
+
+/**
+ * Apache VirtualHost Management Page
+ *
+ * Copyright (c) 2009 Evolix - Tous droits reserves
+ *
+ * vim: expandtab softtabstop=4 tabstop=4 shiftwidth=4 showtabline=2
+ *
+ * @author Gregory Colpart <reg@evolix.fr>
+ * @author Thomas Martin <tmartin@evolix.fr>
+ * @author Sebastien Palma <spalma@evolix.fr>
+ * @version 1.0
+ */
+
+require_once EVOADMIN_BASE . '../lib/bdd.php';
+require_once EVOADMIN_BASE . '../lib/domain.php';
+
+global $conf;
+
+var_dump($_SESSION);
+if (isset($_GET['enable']) ) {
+    require_once EVOADMIN_BASE . '../evolibs/Form.php';
+
+    include_once EVOADMIN_BASE . '../tpl/header.tpl.php';
+    include_once EVOADMIN_BASE . '../tpl/menu.tpl.php';
+
+
+    # TODO: sanitize $_GET
+    $servername = array (
+        'domain' => htmlspecialchars(basename($_SERVER['REDIRECT_URL'])),
+        'servername'  => $_GET['enable']
+    );
+
+    $enable_cmd = 'web-add.sh enable-user-itk ' . $servername['servername'] . ' ' . $servername['domain'];
+
+    sudoexec($enable_cmd, $enable_cmd_output, $enable_cmd_return);
+
+    if ($enable_cmd_return == 0) {
+      print 'Sécurité ITK activée.';
+      printf ('<p><a href="%s">Retour à la gestion ITK</a></p>', $_SERVER['REDIRECT_URL']);
+    }
+
+    include_once EVOADMIN_BASE . '../tpl/footer.tpl.php';
+
+
+}
+elseif (isset($_GET['disable']) ) {
+    require_once EVOADMIN_BASE . '../evolibs/Form.php';
+
+    include_once EVOADMIN_BASE . '../tpl/header.tpl.php';
+    include_once EVOADMIN_BASE . '../tpl/menu.tpl.php';
+
+
+    # TODO: sanitize $_GET
+    $servername = array (
+        'domain' => htmlspecialchars(basename($_SERVER['REDIRECT_URL'])),
+        'servername'  => $_GET['disable']
+    );
+
+    $disable_cmd = 'web-add.sh disable-user-itk ' . $servername['servername'] . ' ' . $servername['domain'];
+
+    sudoexec($disable_cmd, $disable_cmd_output, $disable_cmd_return);
+
+    if ($disable_cmd_return == 0) {
+      print 'Sécurité ITK désactivée';
+      printf ('<p><a href="%s">Retour à la gestion ITK</a></p>', $_SERVER['REDIRECT_URL']);
+    }
+
+    include_once EVOADMIN_BASE . '../tpl/footer.tpl.php';
+
+
+}
+else {
+
+    $domain = $params[1];
+    $data_list = array();
+
+    // TODO: adapt for cluster mode
+    if ($conf['cluster']) {
+        if (is_mcluster_mode()) {
+            // If the user has not yet selected a cluster, redirect-it to home page.
+            if (empty($_SESSION['cluster'])) {
+                http_redirect('/');
+            }
+            $cache = str_replace('%cluster_name%', $_SESSION['cluster'], $conf['cache']);
+        }
+        else {
+            $cache = $conf['cache'];
+        }
+
+        $alias_list = array();
+
+        /* parcours de la table Serveralias */
+        $bdd = new bdd();
+        $bdd->open($cache);
+
+        $alias_list = $bdd->list_serveralias($domain);
+    }
+    else {
+
+      $cmd = 'web-add.sh list-servername ' . $domain;
+
+	    if(!is_superadmin()) {
+	    	$cmd = sprintf('%s %s', $cmd, $_SESSION['user']);
+	    }
+	    sudoexec($cmd, $data_output, $exec_return);
+
+      # à revérifier (notamment gestion erreurs)
+      if ($exec_return == 0) {
+        foreach($data_output as $data_line) {
+          $cmd_itk = 'web-add.sh list-user-itk ' . $data_line . ' ' . $domain;
+
+          sudoexec($cmd_itk, $data_output_itk, $exec_return_itk);
+
+          # on prend le premier résultat du tableau, ne fonctionne pas s'il y a plusieurs la même ligne ou des commentaires etc.
+          array_push($data_list, ['servername' => $data_line, 'user' => $data_output_itk[0]]);
+          unset($data_output_itk);  # reset variable pour éviter conflits
+  	    }
+      }
+    }
+
+    include_once EVOADMIN_BASE . '../tpl/header.tpl.php';
+    include_once EVOADMIN_BASE . '../tpl/menu.tpl.php';
+    include_once EVOADMIN_BASE . '../tpl/webadmin-itk.tpl.php';
+    include_once EVOADMIN_BASE . '../tpl/footer.tpl.php';
+
+}
+
+?>

scripts/web-add.sh

@@ -135,6 +135,18 @@ check-occurence NAME
 
     List all occurences of NAME in vhosts
 
+list-user-itk DOMAIN LOGIN
+
+    List the assigned ITK user for the DOMAIN specified
+
+enable-user-itk DOMAIN LOGIN
+
+    Enable the assigned ITK user for the DOMAIN specified
+
+disable-user-itk DOMAIN LOGIN
+
+    Disable the assigned ITK user for the DOMAIN specified
+
 setphpversion LOGIN VERSION
 
     Change PHP version for LOGIN
@@ -752,6 +764,15 @@ arg_processing() {
         check-occurence)
             op_checkoccurencename "$@"
             ;;
+        list-user-itk)
+            op_listuseritk "$@"
+            ;;
+        enable-user-itk)
+            op_enableuseritk "$@"
+            ;;
+        disable-user-itk)
+            op_disableuseritk "$@"
+            ;;
         setphpversion)
             op_setphpversion "$@"
             ;;
@@ -766,6 +787,7 @@ arg_processing() {
 }
 
 op_listvhost() {
+    # cas pour afficher usage à faire
     if [ $# -eq 1 ]; then
         configlist="$VHOST_PATH/${1}.conf";
     else
@@ -875,6 +897,39 @@ op_checkoccurencename() {
   fi
 }
 
+op_listuseritk() {
+  if [ $# -eq 2 ]; then
+    domain=${1}
+    configfile="$VHOST_PATH"/"${2}".conf
+
+    sed -n "/$domain/,/<\/VirtualHost>/p" $configfile | awk '/AssignUserID/ {print $2}'
+  else usage
+  fi
+}
+
+op_enableuseritk() {
+  if [ $# -eq 2 ]; then
+    domain=${1}
+    configfile="$VHOST_PATH"/"${2}".conf
+    user=$(op_listuseritk "${1}" "${2}")
+    echo $user
+
+    sed -i "/^ *AssignUserID ${user}/ s/${user}/www-${user}/" $VHOST_PATH/"${2}".conf --follow-symlinks
+  else usage
+  fi
+}
+
+op_disableuseritk() {
+  if [ $# -eq 2 ]; then
+    domain=${1}
+    configfile="$VHOST_PATH"/"${2}".conf
+    user=$(op_listuseritk "${1}" "${2}")
+    echo $user
+    sed -i "/^ *AssignUserID ${user}/ s/${user}/${user:4}/" $VHOST_PATH/"${2}".conf --follow-symlinks
+  else usage
+  fi
+}
+
 op_add() {
 
     #

tpl/webadmin-itk.tpl.php

@@ -0,0 +1,61 @@
+<?php
+
+/**
+ * Edition d'un domaine
+ *
+ * Copyright (c) 2009 Evolix - Tous droits reserves
+ *
+ * vim: expandtab softtabstop=4 tabstop=4 shiftwidth=4 showtabline=2
+ *
+ * @author Thomas Martin <tmartin@evolix.fr>
+ * @version 1.0
+ */
+
+?>
+
+<h2>Sécurité ITK</h2>
+
+<?php
+
+    if(count($data_list) > 0) { ?>
+
+    <table id="tab-list">
+        <thead>
+        <tr>
+           <th>ServerName</th>
+           <th>Utilisateur</th>
+           <?php if (is_superadmin()) {
+               print '<th>Action</th>';
+           } ?>
+        </tr>
+        </thead>
+        <tbody>
+        <?php
+            for ( $i=0; $i < count($data_list); ++$i ) {
+                print '<tr>';
+                printf('<td>%s</td>',
+                    $data_list[$i]['servername']);
+                printf('<td>%s</td>',
+                    $data_list[$i]['user']);
+                if (is_superadmin()) {
+
+                  if (strpos($data_list[$i]['user'], 'www') !== false) {
+                    $action = ['disable', 'Désactiver'];
+                  } else {
+                    $action = ['enable', 'Activer'];
+                  }
+
+                  printf('<td><a href="/webadmin/itk/%s?%s=%s">'.$action[1].'</a></td>',
+                          $domain, $action[0], $data_list[$i]['servername']);
+                }
+                print '</tr>';
+        } ?>
+        </tbody>
+    </table>
+<?php
+   } else {
+       print "<p>Aucun ServerName existant pour le domaine $domain !</p>";
+   }
+
+
+?>