deletepubkey.php3 4.62 KB
Newer Older
1
<?php
Leigh B. Stoller's avatar
Leigh B. Stoller committed
2
#
3
# Copyright (c) 2000-2012 University of Utah and the Flux Group.
4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22
# 
# {{{EMULAB-LICENSE
# 
# This file is part of the Emulab network testbed software.
# 
# This file is free software: you can redistribute it and/or modify it
# under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or (at
# your option) any later version.
# 
# This file is distributed in the hope that it will be useful, but WITHOUT
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Affero General Public
# License for more details.
# 
# You should have received a copy of the GNU Affero General Public License
# along with this file.  If not, see <http://www.gnu.org/licenses/>.
# 
# }}}
Leigh B. Stoller's avatar
Leigh B. Stoller committed
23
#
24 25 26 27 28 29 30 31 32
include("defs.php3");

#
# No PAGEHEADER since we spit out a redirect later.
# 

#
# Only known and logged in users can do this.
#
33 34 35
$this_user = CheckLoginOrDie(CHECKLOGIN_USERSTATUS|CHECKLOGIN_WEBONLY);
$uid       = $this_user->uid();
$isadmin   = ISADMIN();
36 37

#
38
# Verify page arguments.
39
#
40 41 42 43 44 45
$reqargs = RequiredPageArguments("target_user", PAGEARG_USER,
				 "key",         PAGEARG_INTEGER);
$optargs = OptionalPageArguments("canceled",    PAGEARG_BOOLEAN,
				 "confirmed",   PAGEARG_BOOLEAN);

# Need these below.
46 47
$target_dbid = $target_user->dbid();
$target_uid  = $target_user->uid();
48 49 50

#
# Verify that this uid is a member of one of the projects that the
51
# user is in. Must have proper permission in that group too. 
52
#
53 54 55
if (!$isadmin && 
    !$target_user->AccessCheck($this_user, $TB_USERINFO_MODIFYINFO)) {
    USERERROR("You do not have permission!", 1);
56 57 58 59 60
}

#
# Get the actual key.
#
61
$query_result =& $target_user->TableLookUp("user_pubkeys", "*", "idx='$key'");
62 63

if (! mysql_num_rows($query_result)) {
64
    USERERROR("Public Key for user '$target_uid' does not exist!", 1);
65 66
}

67 68 69 70 71 72 73 74 75 76 77 78
$row      = mysql_fetch_array($query_result);
$pubkey   = $row['pubkey'];
$chunky   = chunk_split($pubkey, 70, "<br>\n");
$internal = $row['internal'];
$nodelete = $row['nodelete'];

#
# Internal keys cannot be deleted without admin.
#
if (($internal || $nodelete) && !$isadmin) {
    USERERROR("You are not allowed to delete your system keys!", 1);
}
79 80 81 82 83 84 85

#
# We run this twice. The first time we are checking for a confirmation
# by putting up a form. The next time through the confirmation will be
# set. Or, the user can hit the cancel button, in which case we should
# probably redirect the browser back up a level.
#
86
if (isset($canceled) && $canceled) {
87 88 89 90 91 92
    PAGEHEADER("SSH Public Key Maintenance");
    
    echo "<center><h2><br>
          SSH Public Key deletion canceled!
          </h2></center>\n";

93 94
    $url = CreateURL("showpubkeys", $target_user);

95
    echo "<br>
96
          Back to <a href='$url'>ssh public keys</a> for user '$uid'.\n";
97 98 99 100 101
    
    PAGEFOOTER();
    return;
}

102
if (!isset($confirmed)) {
103 104
    PAGEHEADER("SSH Public Key Maintenance");

105
    echo "<center><h3><br>
106
          Are you <b>REALLY</b>
107 108
          sure you want to delete this SSH Public Key for user '$target_uid'?
          </h3>\n";
109 110

    $url = CreateURL("deletepubkey", $target_user, "key", $key);
111
    
112
    echo "<form action='$url' method=post>";
113 114 115 116 117 118 119 120 121 122
    echo "<b><input type=submit name=confirmed value=Confirm></b>\n";
    echo "<b><input type=submit name=canceled value=Cancel></b>\n";
    echo "</form>\n";
    echo "</center>\n";

    echo "<table align=center border=1 cellpadding=2 cellspacing=2>
           <tr>
              <td>$chunky</td>
           </tr>
          </table>\n";
123 124 125 126 127

    if ($internal || $nodelete) {
	echo "<center><font color=red size=+1>";
	echo "This is an internal key!</font><center>";
    }
128 129 130 131 132 133 134 135
    
    PAGEFOOTER();
    return;
}

#
# Audit
#
136 137 138 139 140
$uid_name  = $this_user->name();
$uid_email = $this_user->email();

$targuid_name  = $target_user->name();
$targuid_email = $target_user->email();
141 142 143 144 145 146 147 148 149

TBMAIL("$targuid_name <$targuid_email>",
     "SSH Public Key for '$target_uid' Deleted",
     "\n".
     "SSH Public Key for '$target_uid' deleted by '$uid'.\n".
     "\n".
     "$chunky\n".
     "\n".
     "Thanks,\n".
150
     "Testbed Operations\n",
151
     "From: $uid_name <$uid_email>\n".
152
     "Bcc: $TBMAIL_AUDIT\n".
153 154 155
     "Errors-To: $TBMAIL_WWW");

DBQueryFatal("delete from user_pubkeys ".
156
	     "where uid_idx='$target_dbid' and idx='$key'");
157 158

#
159 160 161 162
# update authkeys files and nodes, but only if user has a real account.
# The -w option can only be used on real users, and deleting a key does
# not require anything by the outside script if not a real user; it
# will complain and die!
163
#
164
if (HASREALACCOUNT($target_uid)) {
165
    ADDPUBKEY("-w $target_uid");
166
}
167

168
header("Location: " . CreateURL("showpubkeys", $target_user));
169 170

?>