You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
303 lines
11 KiB
PHP
303 lines
11 KiB
PHP
<?php
|
|
|
|
try {
|
|
$server = $server_dir->get_server_by_hostname($router->vars['hostname']);
|
|
} catch(ServerNotFoundException $e) {
|
|
try {
|
|
$server = $server_dir->get_server_by_uuid($router->vars['hostname']);
|
|
redirect('/servers/'.urlencode($server->hostname));
|
|
} catch(ServerNotFoundException $e) {
|
|
require('views/error404.php');
|
|
die;
|
|
}
|
|
}
|
|
$all_users = $user_dir->list_users();
|
|
$server_admins = $server->list_admins();
|
|
$server_accounts = $server->list_accounts();
|
|
$admined_accounts = $server->list_accounts(array(), array('admin' => $active_user->entity_id));
|
|
$server_admin = $active_user->admin_of($server);
|
|
$all_groups = $group_dir->list_groups();
|
|
$all_servers = $active_user->list_admined_servers();
|
|
$all_accounts = $server->list_accounts();
|
|
$ldap_access_options = $server->list_ldap_access_options();
|
|
$server_admin_can_reset_host_key = (isset($config['security']) && isset($config['security']['host_key_reset_restriction']) && $config['security']['host_key_reset_restriction'] == 0);
|
|
|
|
if(isset($_POST['sync']) && ($server_admin || $active_user->admin)) {
|
|
$server->sync_access();
|
|
redirect();
|
|
} elseif(isset($_POST['add_admin']) && ($active_user->admin)) {
|
|
try {
|
|
$entity = $user_dir->get_user_by_uid($_POST['user_name']);
|
|
} catch(UserNotFoundException $e) {
|
|
try {
|
|
$entity = $group_dir->get_group_by_name($_POST['user_name']);
|
|
} catch(GroupNotFoundException $e) {
|
|
$content = new PageSection('user_not_found');
|
|
}
|
|
}
|
|
if(isset($entity)) {
|
|
$server->add_admin($entity);
|
|
redirect('#admins');
|
|
}
|
|
} elseif(isset($_POST['delete_admin']) && ($active_user->admin)) {
|
|
foreach($server_admins as $admin) {
|
|
if($admin->id == $_POST['delete_admin']) {
|
|
$admin_to_delete = $admin;
|
|
}
|
|
}
|
|
if(isset($admin_to_delete)) {
|
|
$server->delete_admin($admin_to_delete);
|
|
}
|
|
redirect('#admins');
|
|
} elseif(isset($_POST['add_account']) && ($server_admin || $active_user->admin)) {
|
|
$account = new ServerAccount();
|
|
$account->name = trim($_POST['account_name']);
|
|
try {
|
|
$server->add_account($account);
|
|
} catch(AccountNameInvalid $e) {
|
|
$alert = new UserAlert;
|
|
$alert->content = $e->getMessage();
|
|
$alert->class = 'danger';
|
|
$active_user->add_alert($alert);
|
|
}
|
|
redirect('#accounts');
|
|
} elseif(isset($_POST['delete_account']) && ($server_admin || $active_user->admin)) {
|
|
foreach($server_accounts as $account) {
|
|
if($account->id == $_POST['delete_account']) {
|
|
$account_to_delete = $account;
|
|
}
|
|
}
|
|
if(isset($account_to_delete)) {
|
|
$account_to_delete->active = 0;
|
|
$account_to_delete->update();
|
|
}
|
|
redirect('#accounts');
|
|
} elseif(isset($_POST['edit_server']) && $active_user->admin) {
|
|
$hostname = trim($_POST['hostname']);
|
|
if(!preg_match('|.*\..*\..*|', $hostname)) {
|
|
$content = new PageSection('invalid_hostname');
|
|
$content->set('hostname', $hostname);
|
|
} else {
|
|
$options = array();
|
|
if(isset($_POST['access_option'])) {
|
|
foreach($_POST['access_option'] as $k => $v) {
|
|
if($v['enabled']) {
|
|
$option = new ServerLDAPAccessOption();
|
|
$option->option = $k;
|
|
if(isset($v['value'])) {
|
|
$option->value = $v['value'];
|
|
} else {
|
|
$option->value = null;
|
|
}
|
|
$options[] = $option;
|
|
}
|
|
}
|
|
}
|
|
$server->update_ldap_access_options($options);
|
|
$server->hostname = $hostname;
|
|
$server->port = $_POST['port'];
|
|
if($_POST['rsa_key_fingerprint'] == '') $server->rsa_key_fingerprint = null;
|
|
$server->key_management = $_POST['key_management'];
|
|
$server->authorization = $_POST['authorization'];
|
|
try {
|
|
$server->update();
|
|
$alert = new UserAlert;
|
|
$alert->content = "Settings saved.";
|
|
$active_user->add_alert($alert);
|
|
redirect('/servers/'.urlencode($hostname).'#settings'); // Must specify, since the hostname may have changed
|
|
} catch(UniqueKeyViolationException $e) {
|
|
$content = new PageSection('unique_key_violation');
|
|
$content->set('exception', $e);
|
|
}
|
|
}
|
|
} elseif(isset($_POST['edit_server']) && $server_admin && $server_admin_can_reset_host_key) {
|
|
if($_POST['rsa_key_fingerprint'] == '') $server->rsa_key_fingerprint = null;
|
|
$server->update();
|
|
redirect('#settings');
|
|
} elseif(isset($_POST['request_access'])) {
|
|
// Where we are requesting access FROM
|
|
switch($_POST['request_access']) {
|
|
case 'user':
|
|
$from = $active_user;
|
|
$from_description = '';
|
|
break;
|
|
case 'server_account':
|
|
try {
|
|
$server_remote = $server_dir->get_server_by_hostname($_POST['hostname_remote']);
|
|
$from = $server_remote->get_account_by_name($_POST['account_remote']);
|
|
$from_description = " from {$from->name}@{$server_remote->hostname}";
|
|
} catch(ServerNotFoundException $e) {
|
|
$content = new PageSection('server_not_found');
|
|
} catch(ServerAccountNotFoundException $e) {
|
|
$content = new PageSection('server_account_not_found');
|
|
}
|
|
break;
|
|
case 'group':
|
|
try {
|
|
$from = $group_dir->get_group_by_name($_POST['group_account']);
|
|
$from_description = " from group: {$from->name}";
|
|
} catch(GroupNotFoundException $e) {
|
|
$content = new PageSection('group_not_found');
|
|
}
|
|
break;
|
|
default:
|
|
throw new Exception("Unrecognized access request type: {$_POST['request_access']}");
|
|
}
|
|
// Where we are requesting access TO
|
|
$account_name = trim($_POST['account_name']);
|
|
try {
|
|
$account = $server->get_account_by_name($account_name);
|
|
} catch(ServerAccountNotFoundException $e) {
|
|
$account = new ServerAccount;
|
|
$account->name = trim($account_name);
|
|
$account->sync_status = 'proposed';
|
|
try {
|
|
$server->add_account($account);
|
|
} catch(AccountNameInvalid $e) {
|
|
$alert = new UserAlert;
|
|
$alert->content = $e->getMessage();
|
|
$alert->class = 'danger';
|
|
$active_user->add_alert($alert);
|
|
redirect();
|
|
}
|
|
}
|
|
// Add access request if we found everything
|
|
if(isset($from) && isset($account)) {
|
|
$account->add_access_request($from);
|
|
|
|
$alert = new UserAlert;
|
|
$alert->content = "Access requested to {$account->name}@{$server->hostname}{$from_description}.";
|
|
$active_user->add_alert($alert);
|
|
redirect();
|
|
}
|
|
} elseif(isset($_POST['add_note']) && $active_user->admin) {
|
|
$note = new ServerNote();
|
|
$note->note = $_POST['note'];
|
|
$server->add_note($note);
|
|
redirect('#notes');
|
|
} elseif(isset($_POST['delete_note']) && $active_user->admin) {
|
|
$note = $server->get_note_by_id($_POST['delete_note']);
|
|
$server->delete_note($note);
|
|
redirect('#notes');
|
|
} elseif(isset($_POST['send_mail']) && !empty($_POST['subject']) && !empty($_POST['body']) && !empty($_POST['recipients'])) {
|
|
$email = new Email;
|
|
$email->subject = $_POST['subject'];
|
|
$email->body = $_POST['body'];
|
|
if($_POST['anonymous']) {
|
|
$email->add_reply_to($config['email']['admin_address'], $config['email']['admin_name']);
|
|
} else {
|
|
$email->set_from($active_user->email, $active_user->name);
|
|
}
|
|
$hide_recipients = isset($_POST['hide_recipients']);
|
|
if($hide_recipients) {
|
|
$email->add_recipient('noreply', 'Undisclosed recipients');
|
|
}
|
|
$effective_server_admins = $server->list_effective_admins();
|
|
switch($_POST['recipients']) {
|
|
case 'admins':
|
|
foreach($effective_server_admins as $user) {
|
|
if($user->active) {
|
|
if($hide_recipients) {
|
|
$email->add_bcc($user->email, $user->name);
|
|
} else {
|
|
$email->add_recipient($user->email, $user->name);
|
|
}
|
|
}
|
|
}
|
|
break;
|
|
case 'root_users':
|
|
try {
|
|
$account = $server->get_account_by_name('root');
|
|
} catch(ServerAccountNotFoundException $e) {
|
|
$alert = new UserAlert;
|
|
$alert->content = "Could not send mail: root account does not exist on this server.";
|
|
$alert->class = 'danger';
|
|
$active_user->add_alert($alert);
|
|
redirect();
|
|
}
|
|
foreach($account->list_access() as $access) {
|
|
$entity = $access->source_entity;
|
|
if(get_class($entity) == 'User' && $entity->active) {
|
|
if($hide_recipients) {
|
|
$email->add_bcc($entity->email, $entity->name);
|
|
} else {
|
|
$email->add_recipient($entity->email, $entity->name);
|
|
}
|
|
}
|
|
}
|
|
break;
|
|
case 'users':
|
|
$users = array();
|
|
foreach($server_accounts as $account) {
|
|
foreach($account->list_access() as $access) {
|
|
$entity = $access->source_entity;
|
|
if(get_class($entity) == 'User' && $entity->active) {
|
|
$users[$entity->id] = $entity;
|
|
}
|
|
}
|
|
}
|
|
foreach($users as $user) {
|
|
if($hide_recipients) {
|
|
$email->add_bcc($user->email, $user->name);
|
|
} else {
|
|
$email->add_recipient($user->email, $user->name);
|
|
}
|
|
}
|
|
break;
|
|
}
|
|
$email->send();
|
|
$alert = new UserAlert;
|
|
$alert->content = "Mail sent!";
|
|
$active_user->add_alert($alert);
|
|
redirect('#contact');
|
|
} else {
|
|
if(isset($router->vars['format']) && $router->vars['format'] == 'json') {
|
|
$page = new PageSection('server_json');
|
|
$page->set('server', $server);
|
|
$page->set('last_sync_event', $server->get_last_sync_event());
|
|
header('Content-type: application/json; charset=utf-8');
|
|
echo $page->generate();
|
|
exit;
|
|
} else {
|
|
$access_accounts = array();
|
|
foreach($server_accounts as $account) {
|
|
if($active_user->has_access($account)) $access_accounts[] = $account->name;
|
|
}
|
|
$content = new PageSection('server');
|
|
$content->set('server', $server);
|
|
$content->set('admin', $active_user->admin);
|
|
$content->set('access_accounts', $access_accounts);
|
|
$content->set('server_admin', $server_admin);
|
|
$content->set('server_admins', $server_admins);
|
|
$content->set('server_accounts', $server_accounts);
|
|
$content->set('server_log', $server->get_log_including_accounts());
|
|
$content->set('server_notes', $server->list_notes());
|
|
$content->set('admined_accounts', $admined_accounts);
|
|
$content->set('all_users', $all_users);
|
|
$content->set('last_sync', $server->get_last_sync_event());
|
|
$content->set('sync_requests', $server->list_sync_requests());
|
|
$content->set('matching_servers_by_ip', $server_dir->list_servers(array(), array('ip_address' => $server->ip_address, 'port' => $server->port, 'key_management' => array('keys'))));
|
|
$content->set('matching_servers_by_host_key', $server_dir->list_servers(array(), array('rsa_key_fingerprint' => $server->rsa_key_fingerprint, 'key_management' => array('keys'))));
|
|
$content->set('all_groups', $all_groups);
|
|
$content->set('all_servers', $all_servers);
|
|
$content->set('all_accounts', $all_accounts);
|
|
$content->set('ldap_access_options', $ldap_access_options);
|
|
$content->set('output_formatter', $output_formatter);
|
|
$content->set('email_config', $config['email']);
|
|
$content->set('inventory_config', $config['inventory']);
|
|
$content->set('default_accounts', isset($config['defaults']['account_groups']) ? $config['defaults']['account_groups'] : array());
|
|
$content->set('server_admin_can_reset_host_key', $server_admin_can_reset_host_key);
|
|
switch($server->sync_status) {
|
|
case 'sync success': $content->set('sync_class', 'success'); break;
|
|
case 'sync warning': $content->set('sync_class', 'warning'); break;
|
|
case 'sync failure': $content->set('sync_class', 'danger'); break;
|
|
}
|
|
}
|
|
}
|
|
|
|
$page = new PageSection('base');
|
|
$page->set('title', $server->hostname);
|
|
$page->set('content', $content);
|
|
$page->set('alerts', $active_user->pop_alerts());
|
|
echo $page->generate();
|