183 lines
6.7 KiB
PHP
183 lines
6.7 KiB
PHP
<?php
|
|
?>
|
|
<h1>Keys management</h1>
|
|
<p>Welcome to the SSH Key Authority server.</p>
|
|
<?php if(count($this->get('user_keys')) == 0) { ?>
|
|
<h2>Getting started</h2>
|
|
<p>To start using the key management system, you must first generate a "key pair". The instructions for doing this vary based on your computer's Operating System (OS).</p>
|
|
<?php keygen_help('below') ?>
|
|
<form method="post" action="<?php outurl($this->data->relative_request_url)?>">
|
|
<?php out($this->get('active_user')->get_csrf_field(), ESC_NONE) ?>
|
|
<div class="form-group">
|
|
<label for="public_key">Public key</label>
|
|
<textarea class="form-control" rows="4" id="add_public_key" name="add_public_key" required></textarea>
|
|
</div>
|
|
<div class="form-group"><button class="btn btn-primary btn-lg btn-block">Add public key</button></div>
|
|
</form>
|
|
<?php } else { ?>
|
|
<h2>Your public keys</h2>
|
|
<form method="post" action="<?php out($this->data->relative_request_url)?>">
|
|
<?php out($this->get('active_user')->get_csrf_field(), ESC_NONE) ?>
|
|
<table class="table">
|
|
<thead>
|
|
<tr>
|
|
<th>Type</th>
|
|
<th class="fingerprint">Fingerprint</th>
|
|
<th></th>
|
|
<th>Size</th>
|
|
<th>Comment</th>
|
|
<th>Actions</th>
|
|
</tr>
|
|
</thead>
|
|
<tbody>
|
|
<?php foreach($this->get('user_keys') as $key) { ?>
|
|
<tr>
|
|
<td><?php out($key->type) ?></td>
|
|
<td>
|
|
<a href="<?php outurl('/users/'.urlencode($this->get('uid')).'/pubkeys/'.urlencode($key->id).'#info')?>">
|
|
<span class="fingerprint_md5"><?php out($key->fingerprint_md5) ?></span>
|
|
<span class="fingerprint_sha256"><?php out($key->fingerprint_sha256) ?></span>
|
|
</a>
|
|
</td>
|
|
<td>
|
|
<?php if(count($key->list_signatures()) > 0) { ?><a href="<?php outurl('/users/'.urlencode($this->get('uid')).'/pubkeys/'.urlencode($key->id).'#sig')?>"><span class="glyphicon glyphicon-pencil" title="Signed key"></span></a><?php } ?>
|
|
<?php if(count($key->list_destination_rules()) > 0) { ?><a href="<?php outurl('/users/'.urlencode($this->get('uid')).'/pubkeys/'.urlencode($key->id).'#dest')?>"><span class="glyphicon glyphicon-pushpin" title="Destination-restricted"></span></a><?php } ?>
|
|
</td>
|
|
<td><?php out($key->keysize) ?></td>
|
|
<td><?php out($key->comment) ?></td>
|
|
<td>
|
|
<a href="<?php outurl('/users/'.urlencode($this->get('uid')).'/pubkeys/'.urlencode($key->id))?>" class="btn btn-default btn-xs"><span class="glyphicon glyphicon-cog"></span> Manage public key</a>
|
|
<button type="submit" name="delete_public_key" value="<?php out($key->id) ?>" class="btn btn-default btn-xs"><span class="glyphicon glyphicon-trash"></span> Delete public key</button>
|
|
</td>
|
|
</tr>
|
|
<?php } ?>
|
|
</tbody>
|
|
</table>
|
|
</form>
|
|
<p><button id="add_key_button" class="btn btn-default">Add another public key</button></p>
|
|
<form method="post" action="<?php outurl($this->data->relative_request_url)?>" class="hidden" id="add_key_form">
|
|
<?php out($this->get('active_user')->get_csrf_field(), ESC_NONE) ?>
|
|
<div class="form-group">
|
|
<label for="add_public_key">Public key</label>
|
|
<textarea class="form-control" rows="4" id="add_public_key" name="add_public_key" required></textarea>
|
|
</div>
|
|
<div class="form-group row">
|
|
<div class="col-md-8">
|
|
<button type="submit" class="btn btn-primary btn-lg btn-block">Add public key</button>
|
|
</div>
|
|
<div class="col-md-2">
|
|
<button type="button" class="btn btn-info btn-lg btn-block">Help</button>
|
|
</div>
|
|
<div class="col-md-2">
|
|
<button type="button" class="btn btn-default btn-lg btn-block">Cancel</button>
|
|
</div>
|
|
</div>
|
|
<div id="help" class="hidden">
|
|
<?php keygen_help('above') ?>
|
|
</div>
|
|
</form>
|
|
<?php if(count($this->get('admined_servers')) > 0) { ?>
|
|
<h2>Your servers</h2>
|
|
<p>You are listed as an administrator for the following servers:</p>
|
|
<table class="table">
|
|
<thead>
|
|
<tr>
|
|
<th>Hostname</th>
|
|
<th>Config</th>
|
|
<th>Admins</th>
|
|
<th>Status</th>
|
|
</tr>
|
|
</thead>
|
|
<tbody>
|
|
<?php
|
|
foreach($this->get('admined_servers') as $server) {
|
|
if($server->key_management != 'keys') {
|
|
$class = '';
|
|
} else {
|
|
switch($server->sync_status) {
|
|
case 'not synced yet': $class = 'warning'; break;
|
|
case 'sync failure': $class = 'danger'; break;
|
|
case 'sync success': $class = 'success'; break;
|
|
case 'sync warning': $class = 'warning'; break;
|
|
}
|
|
}
|
|
if($last_sync = $server->get_last_sync_event()) {
|
|
$sync_details = json_decode($last_sync->details)->value;
|
|
} else {
|
|
$sync_details = ucfirst($server->sync_status);
|
|
}
|
|
?>
|
|
<tr>
|
|
<td rowspan="2">
|
|
<a href="<?php outurl('/servers/'.urlencode($server->hostname)) ?>" class="server"><?php out($server->hostname) ?></a>
|
|
<?php if($server->pending_requests > 0) { ?>
|
|
<a href="<?php outurl('/servers/'.urlencode($server->hostname).'#requests') ?>"><span class="badge" title="Pending requests"><?php out(number_format($server->pending_requests)) ?></span></a>
|
|
<?php } ?>
|
|
</td>
|
|
<td>
|
|
<?php
|
|
switch($server->key_management) {
|
|
case 'keys':
|
|
switch($server->authorization) {
|
|
case 'manual': out('Manual account management'); break;
|
|
case 'automatic LDAP': out('LDAP accounts - automatic'); break;
|
|
case 'manual LDAP': out('LDAP accounts - manual'); break;
|
|
}
|
|
break;
|
|
case 'other': out('Managed by another system'); break;
|
|
case 'none': out('Unmanaged'); break;
|
|
case 'decommissioned': out('Decommissioned'); break;
|
|
}
|
|
?>
|
|
</td>
|
|
<td>
|
|
<?php
|
|
$admins = explode(',', $server->admins);
|
|
$admin_list = '';
|
|
foreach($admins as $admin) {
|
|
$type = substr($admin, 0, 1);
|
|
$name = substr($admin, 2);
|
|
if($type == 'G') {
|
|
$admin_list .= '<span class="glyphicon glyphicon-list-alt"></span> ';
|
|
}
|
|
$admin_list .= hesc($name).', ';
|
|
}
|
|
$admin_list = substr($admin_list, 0, -2);
|
|
out($admin_list, ESC_NONE);
|
|
?>
|
|
</td>
|
|
<td rowspan="2" class="<?php out($class)?>"><?php out($sync_details) ?></td>
|
|
</tr>
|
|
<tr>
|
|
<td colspan="2" class="indented">
|
|
<dl class="oneline">
|
|
<?php foreach($server->list_accounts() as $server_account) { ?>
|
|
<dt><a href="<?php outurl('/servers/'.urlencode($server->hostname).'/accounts/'.urlencode($server_account->name))?>" class="serveraccount"><?php out($server_account->name) ?></a>:</dt>
|
|
<?php
|
|
$list = array();
|
|
foreach($server_account->list_access() as $access) {
|
|
$entity = $access->source_entity;
|
|
switch(get_class($entity)) {
|
|
case 'User':
|
|
$list[] = hesc($entity->uid);
|
|
break;
|
|
case 'ServerAccount':
|
|
$list[] = hesc($entity->name.'@'.$entity->server->hostname);
|
|
break;
|
|
case 'Group':
|
|
$list[] = '<span class="glyphicon glyphicon-list-alt"></span> '.hesc($entity->name);
|
|
break;
|
|
}
|
|
}
|
|
?>
|
|
<dd><?php out(implode(', ', $list), ESC_NONE)?></dd>
|
|
<?php } ?>
|
|
</dl>
|
|
</td>
|
|
</tr>
|
|
<?php } ?>
|
|
</tbody>
|
|
</table>
|
|
<?php } ?>
|
|
<?php } ?>
|