liam-linux-account-manager/views/server.php
2021-11-16 15:11:32 +01:00

303 lines
11 KiB
PHP

<?php
try {
$server = $server_dir->get_server_by_hostname($router->vars['hostname']);
} catch(ServerNotFoundException $e) {
try {
$server = $server_dir->get_server_by_uuid($router->vars['hostname']);
redirect('/servers/'.urlencode($server->hostname));
} catch(ServerNotFoundException $e) {
require('views/error404.php');
die;
}
}
$all_users = $user_dir->list_users();
$server_admins = $server->list_admins();
$server_accounts = $server->list_accounts();
$admined_accounts = $server->list_accounts(array(), array('admin' => $active_user->entity_id));
$server_admin = $active_user->admin_of($server);
$all_groups = $group_dir->list_groups();
$all_servers = $active_user->list_admined_servers();
$all_accounts = $server->list_accounts();
$ldap_access_options = $server->list_ldap_access_options();
$server_admin_can_reset_host_key = (isset($config['security']) && isset($config['security']['host_key_reset_restriction']) && $config['security']['host_key_reset_restriction'] == 0);
if(isset($_POST['sync']) && ($server_admin || $active_user->admin)) {
$server->sync_access();
redirect();
} elseif(isset($_POST['add_admin']) && ($active_user->admin)) {
try {
$entity = $user_dir->get_user_by_uid($_POST['user_name']);
} catch(UserNotFoundException $e) {
try {
$entity = $group_dir->get_group_by_name($_POST['user_name']);
} catch(GroupNotFoundException $e) {
$content = new PageSection('user_not_found');
}
}
if(isset($entity)) {
$server->add_admin($entity);
redirect('#admins');
}
} elseif(isset($_POST['delete_admin']) && ($active_user->admin)) {
foreach($server_admins as $admin) {
if($admin->id == $_POST['delete_admin']) {
$admin_to_delete = $admin;
}
}
if(isset($admin_to_delete)) {
$server->delete_admin($admin_to_delete);
}
redirect('#admins');
} elseif(isset($_POST['add_account']) && ($server_admin || $active_user->admin)) {
$account = new ServerAccount();
$account->name = trim($_POST['account_name']);
try {
$server->add_account($account);
} catch(AccountNameInvalid $e) {
$alert = new UserAlert;
$alert->content = $e->getMessage();
$alert->class = 'danger';
$active_user->add_alert($alert);
}
redirect('#accounts');
} elseif(isset($_POST['delete_account']) && ($server_admin || $active_user->admin)) {
foreach($server_accounts as $account) {
if($account->id == $_POST['delete_account']) {
$account_to_delete = $account;
}
}
if(isset($account_to_delete)) {
$account_to_delete->active = 0;
$account_to_delete->update();
}
redirect('#accounts');
} elseif(isset($_POST['edit_server']) && $active_user->admin) {
$hostname = trim($_POST['hostname']);
if(!preg_match('|.*\..*\..*|', $hostname)) {
$content = new PageSection('invalid_hostname');
$content->set('hostname', $hostname);
} else {
$options = array();
if(isset($_POST['access_option'])) {
foreach($_POST['access_option'] as $k => $v) {
if($v['enabled']) {
$option = new ServerLDAPAccessOption();
$option->option = $k;
if(isset($v['value'])) {
$option->value = $v['value'];
} else {
$option->value = null;
}
$options[] = $option;
}
}
}
$server->update_ldap_access_options($options);
$server->hostname = $hostname;
$server->port = $_POST['port'];
if($_POST['rsa_key_fingerprint'] == '') $server->rsa_key_fingerprint = null;
$server->key_management = $_POST['key_management'];
$server->authorization = $_POST['authorization'];
try {
$server->update();
$alert = new UserAlert;
$alert->content = "Settings saved.";
$active_user->add_alert($alert);
redirect('/servers/'.urlencode($hostname).'#settings'); // Must specify, since the hostname may have changed
} catch(UniqueKeyViolationException $e) {
$content = new PageSection('unique_key_violation');
$content->set('exception', $e);
}
}
} elseif(isset($_POST['edit_server']) && $server_admin && $server_admin_can_reset_host_key) {
if($_POST['rsa_key_fingerprint'] == '') $server->rsa_key_fingerprint = null;
$server->update();
redirect('#settings');
} elseif(isset($_POST['request_access'])) {
// Where we are requesting access FROM
switch($_POST['request_access']) {
case 'user':
$from = $active_user;
$from_description = '';
break;
case 'server_account':
try {
$server_remote = $server_dir->get_server_by_hostname($_POST['hostname_remote']);
$from = $server_remote->get_account_by_name($_POST['account_remote']);
$from_description = " from {$from->name}@{$server_remote->hostname}";
} catch(ServerNotFoundException $e) {
$content = new PageSection('server_not_found');
} catch(ServerAccountNotFoundException $e) {
$content = new PageSection('server_account_not_found');
}
break;
case 'group':
try {
$from = $group_dir->get_group_by_name($_POST['group_account']);
$from_description = " from group: {$from->name}";
} catch(GroupNotFoundException $e) {
$content = new PageSection('group_not_found');
}
break;
default:
throw new Exception("Unrecognized access request type: {$_POST['request_access']}");
}
// Where we are requesting access TO
$account_name = trim($_POST['account_name']);
try {
$account = $server->get_account_by_name($account_name);
} catch(ServerAccountNotFoundException $e) {
$account = new ServerAccount;
$account->name = trim($account_name);
$account->sync_status = 'proposed';
try {
$server->add_account($account);
} catch(AccountNameInvalid $e) {
$alert = new UserAlert;
$alert->content = $e->getMessage();
$alert->class = 'danger';
$active_user->add_alert($alert);
redirect();
}
}
// Add access request if we found everything
if(isset($from) && isset($account)) {
$account->add_access_request($from);
$alert = new UserAlert;
$alert->content = "Access requested to {$account->name}@{$server->hostname}{$from_description}.";
$active_user->add_alert($alert);
redirect();
}
} elseif(isset($_POST['add_note']) && $active_user->admin) {
$note = new ServerNote();
$note->note = $_POST['note'];
$server->add_note($note);
redirect('#notes');
} elseif(isset($_POST['delete_note']) && $active_user->admin) {
$note = $server->get_note_by_id($_POST['delete_note']);
$server->delete_note($note);
redirect('#notes');
} elseif(isset($_POST['send_mail']) && !empty($_POST['subject']) && !empty($_POST['body']) && !empty($_POST['recipients'])) {
$email = new Email;
$email->subject = $_POST['subject'];
$email->body = $_POST['body'];
if($_POST['anonymous']) {
$email->add_reply_to($config['email']['admin_address'], $config['email']['admin_name']);
} else {
$email->set_from($active_user->email, $active_user->name);
}
$hide_recipients = isset($_POST['hide_recipients']);
if($hide_recipients) {
$email->add_recipient('noreply', 'Undisclosed recipients');
}
$effective_server_admins = $server->list_effective_admins();
switch($_POST['recipients']) {
case 'admins':
foreach($effective_server_admins as $user) {
if($user->active) {
if($hide_recipients) {
$email->add_bcc($user->email, $user->name);
} else {
$email->add_recipient($user->email, $user->name);
}
}
}
break;
case 'root_users':
try {
$account = $server->get_account_by_name('root');
} catch(ServerAccountNotFoundException $e) {
$alert = new UserAlert;
$alert->content = "Could not send mail: root account does not exist on this server.";
$alert->class = 'danger';
$active_user->add_alert($alert);
redirect();
}
foreach($account->list_access() as $access) {
$entity = $access->source_entity;
if(get_class($entity) == 'User' && $entity->active) {
if($hide_recipients) {
$email->add_bcc($entity->email, $entity->name);
} else {
$email->add_recipient($entity->email, $entity->name);
}
}
}
break;
case 'users':
$users = array();
foreach($server_accounts as $account) {
foreach($account->list_access() as $access) {
$entity = $access->source_entity;
if(get_class($entity) == 'User' && $entity->active) {
$users[$entity->id] = $entity;
}
}
}
foreach($users as $user) {
if($hide_recipients) {
$email->add_bcc($user->email, $user->name);
} else {
$email->add_recipient($user->email, $user->name);
}
}
break;
}
$email->send();
$alert = new UserAlert;
$alert->content = "Mail sent!";
$active_user->add_alert($alert);
redirect('#contact');
} else {
if(isset($router->vars['format']) && $router->vars['format'] == 'json') {
$page = new PageSection('server_json');
$page->set('server', $server);
$page->set('last_sync_event', $server->get_last_sync_event());
header('Content-type: application/json; charset=utf-8');
echo $page->generate();
exit;
} else {
$access_accounts = array();
foreach($server_accounts as $account) {
if($active_user->has_access($account)) $access_accounts[] = $account->name;
}
$content = new PageSection('server');
$content->set('server', $server);
$content->set('admin', $active_user->admin);
$content->set('access_accounts', $access_accounts);
$content->set('server_admin', $server_admin);
$content->set('server_admins', $server_admins);
$content->set('server_accounts', $server_accounts);
$content->set('server_log', $server->get_log_including_accounts());
$content->set('server_notes', $server->list_notes());
$content->set('admined_accounts', $admined_accounts);
$content->set('all_users', $all_users);
$content->set('last_sync', $server->get_last_sync_event());
$content->set('sync_requests', $server->list_sync_requests());
$content->set('matching_servers_by_ip', $server_dir->list_servers(array(), array('ip_address' => $server->ip_address, 'port' => $server->port, 'key_management' => array('keys'))));
$content->set('matching_servers_by_host_key', $server_dir->list_servers(array(), array('rsa_key_fingerprint' => $server->rsa_key_fingerprint, 'key_management' => array('keys'))));
$content->set('all_groups', $all_groups);
$content->set('all_servers', $all_servers);
$content->set('all_accounts', $all_accounts);
$content->set('ldap_access_options', $ldap_access_options);
$content->set('output_formatter', $output_formatter);
$content->set('email_config', $config['email']);
$content->set('inventory_config', $config['inventory']);
$content->set('default_accounts', isset($config['defaults']['account_groups']) ? $config['defaults']['account_groups'] : array());
$content->set('server_admin_can_reset_host_key', $server_admin_can_reset_host_key);
switch($server->sync_status) {
case 'sync success': $content->set('sync_class', 'success'); break;
case 'sync warning': $content->set('sync_class', 'warning'); break;
case 'sync failure': $content->set('sync_class', 'danger'); break;
}
}
}
$page = new PageSection('base');
$page->set('title', $server->hostname);
$page->set('content', $content);
$page->set('alerts', $active_user->pop_alerts());
echo $page->generate();