diff --git a/htdocs/index.php b/htdocs/index.php index f1aacd9..7e78c11 100755 --- a/htdocs/index.php +++ b/htdocs/index.php @@ -52,6 +52,10 @@ if (!array_key_exists('auth', $_SESSION) || $_SESSION['auth']!=1) { include_once EVOADMIN_BASE . '../inc/webadmin-servername.php'; +} elseif (preg_match('#^/webadmin/itk/(.*)/?$#', $uri, $params)) { + + include_once EVOADMIN_BASE . '../inc/webadmin-itk.php'; + } elseif (preg_match('#^/webadmin/edit/(.*)/?$#', $uri, $params)) { include_once EVOADMIN_BASE . '../inc/webadmin-edit.php'; diff --git a/inc/webadmin-itk.php b/inc/webadmin-itk.php new file mode 100644 index 0000000..51ea1d0 --- /dev/null +++ b/inc/webadmin-itk.php @@ -0,0 +1,130 @@ + + * @author Thomas Martin + * @author Sebastien Palma + * @version 1.0 + */ + +require_once EVOADMIN_BASE . '../lib/bdd.php'; +require_once EVOADMIN_BASE . '../lib/domain.php'; + +global $conf; + +var_dump($_SESSION); +if (isset($_GET['enable']) ) { + require_once EVOADMIN_BASE . '../evolibs/Form.php'; + + include_once EVOADMIN_BASE . '../tpl/header.tpl.php'; + include_once EVOADMIN_BASE . '../tpl/menu.tpl.php'; + + + # TODO: sanitize $_GET + $servername = array ( + 'domain' => htmlspecialchars(basename($_SERVER['REDIRECT_URL'])), + 'servername' => $_GET['enable'] + ); + + $enable_cmd = 'web-add.sh enable-user-itk ' . $servername['servername'] . ' ' . $servername['domain']; + + sudoexec($enable_cmd, $enable_cmd_output, $enable_cmd_return); + + if ($enable_cmd_return == 0) { + print 'Sécurité ITK activée.'; + printf ('

Retour à la gestion ITK

', $_SERVER['REDIRECT_URL']); + } + + include_once EVOADMIN_BASE . '../tpl/footer.tpl.php'; + + +} +elseif (isset($_GET['disable']) ) { + require_once EVOADMIN_BASE . '../evolibs/Form.php'; + + include_once EVOADMIN_BASE . '../tpl/header.tpl.php'; + include_once EVOADMIN_BASE . '../tpl/menu.tpl.php'; + + + # TODO: sanitize $_GET + $servername = array ( + 'domain' => htmlspecialchars(basename($_SERVER['REDIRECT_URL'])), + 'servername' => $_GET['disable'] + ); + + $disable_cmd = 'web-add.sh disable-user-itk ' . $servername['servername'] . ' ' . $servername['domain']; + + sudoexec($disable_cmd, $disable_cmd_output, $disable_cmd_return); + + if ($disable_cmd_return == 0) { + print 'Sécurité ITK désactivée'; + printf ('

Retour à la gestion ITK

', $_SERVER['REDIRECT_URL']); + } + + include_once EVOADMIN_BASE . '../tpl/footer.tpl.php'; + + +} +else { + + $domain = $params[1]; + $data_list = array(); + + // TODO: adapt for cluster mode + if ($conf['cluster']) { + if (is_mcluster_mode()) { + // If the user has not yet selected a cluster, redirect-it to home page. + if (empty($_SESSION['cluster'])) { + http_redirect('/'); + } + $cache = str_replace('%cluster_name%', $_SESSION['cluster'], $conf['cache']); + } + else { + $cache = $conf['cache']; + } + + $alias_list = array(); + + /* parcours de la table Serveralias */ + $bdd = new bdd(); + $bdd->open($cache); + + $alias_list = $bdd->list_serveralias($domain); + } + else { + + $cmd = 'web-add.sh list-servername ' . $domain; + + if(!is_superadmin()) { + $cmd = sprintf('%s %s', $cmd, $_SESSION['user']); + } + sudoexec($cmd, $data_output, $exec_return); + + # à revérifier (notamment gestion erreurs) + if ($exec_return == 0) { + foreach($data_output as $data_line) { + $cmd_itk = 'web-add.sh list-user-itk ' . $data_line . ' ' . $domain; + + sudoexec($cmd_itk, $data_output_itk, $exec_return_itk); + + # on prend le premier résultat du tableau, ne fonctionne pas s'il y a plusieurs la même ligne ou des commentaires etc. + array_push($data_list, ['servername' => $data_line, 'user' => $data_output_itk[0]]); + unset($data_output_itk); # reset variable pour éviter conflits + } + } + } + + include_once EVOADMIN_BASE . '../tpl/header.tpl.php'; + include_once EVOADMIN_BASE . '../tpl/menu.tpl.php'; + include_once EVOADMIN_BASE . '../tpl/webadmin-itk.tpl.php'; + include_once EVOADMIN_BASE . '../tpl/footer.tpl.php'; + +} + +?> diff --git a/scripts/web-add.sh b/scripts/web-add.sh index b421326..a40ed95 100755 --- a/scripts/web-add.sh +++ b/scripts/web-add.sh @@ -135,6 +135,18 @@ check-occurence NAME List all occurences of NAME in vhosts +list-user-itk DOMAIN LOGIN + + List the assigned ITK user for the DOMAIN specified + +enable-user-itk DOMAIN LOGIN + + Enable the assigned ITK user for the DOMAIN specified + +disable-user-itk DOMAIN LOGIN + + Disable the assigned ITK user for the DOMAIN specified + setphpversion LOGIN VERSION Change PHP version for LOGIN @@ -752,6 +764,15 @@ arg_processing() { check-occurence) op_checkoccurencename "$@" ;; + list-user-itk) + op_listuseritk "$@" + ;; + enable-user-itk) + op_enableuseritk "$@" + ;; + disable-user-itk) + op_disableuseritk "$@" + ;; setphpversion) op_setphpversion "$@" ;; @@ -766,6 +787,7 @@ arg_processing() { } op_listvhost() { + # cas pour afficher usage à faire if [ $# -eq 1 ]; then configlist="$VHOST_PATH/${1}.conf"; else @@ -875,6 +897,39 @@ op_checkoccurencename() { fi } +op_listuseritk() { + if [ $# -eq 2 ]; then + domain=${1} + configfile="$VHOST_PATH"/"${2}".conf + + sed -n "/$domain/,/<\/VirtualHost>/p" $configfile | awk '/AssignUserID/ {print $2}' + else usage + fi +} + +op_enableuseritk() { + if [ $# -eq 2 ]; then + domain=${1} + configfile="$VHOST_PATH"/"${2}".conf + user=$(op_listuseritk "${1}" "${2}") + echo $user + + sed -i "/^ *AssignUserID ${user}/ s/${user}/www-${user}/" $VHOST_PATH/"${2}".conf --follow-symlinks + else usage + fi +} + +op_disableuseritk() { + if [ $# -eq 2 ]; then + domain=${1} + configfile="$VHOST_PATH"/"${2}".conf + user=$(op_listuseritk "${1}" "${2}") + echo $user + sed -i "/^ *AssignUserID ${user}/ s/${user}/${user:4}/" $VHOST_PATH/"${2}".conf --follow-symlinks + else usage + fi +} + op_add() { # diff --git a/tpl/webadmin-itk.tpl.php b/tpl/webadmin-itk.tpl.php new file mode 100644 index 0000000..70d54f8 --- /dev/null +++ b/tpl/webadmin-itk.tpl.php @@ -0,0 +1,61 @@ + + * @version 1.0 + */ + +?> + +

Sécurité ITK

+ + 0) { ?> + + + + + + + Action'; + } ?> + + + + '; + printf('', + $data_list[$i]['servername']); + printf('', + $data_list[$i]['user']); + if (is_superadmin()) { + + if (strpos($data_list[$i]['user'], 'www') !== false) { + $action = ['disable', 'Désactiver']; + } else { + $action = ['enable', 'Activer']; + } + + printf('', + $domain, $action[0], $data_list[$i]['servername']); + } + print ''; + } ?> + +
ServerNameUtilisateur
%s%s'.$action[1].'
+Aucun ServerName existant pour le domaine $domain !

"; + } + + +?>