Commit 117b7bca authored by Leigh Stoller's avatar Leigh Stoller

Tweaks and bug fixes to new ssh editing page. Banish the old pages.

parent b88204e6
...@@ -9,12 +9,14 @@ function (_, sup, sshkeysString, oopsString, waitwaitString) ...@@ -9,12 +9,14 @@ function (_, sup, sshkeysString, oopsString, waitwaitString)
{ {
'use strict'; 'use strict';
var embedded = 0; var embedded = 0;
var target_uid = "";
var sshkeysTemplate = _.template(sshkeysString); var sshkeysTemplate = _.template(sshkeysString);
function initialize() function initialize()
{ {
window.APT_OPTIONS.initialize(sup); window.APT_OPTIONS.initialize(sup);
embedded = window.EMBEDDED; embedded = window.EMBEDDED;
target_uid = window.TARGET_UID;
var pubkeys = JSON.parse(_.unescape($('#sshkey-list')[0].textContent)); var pubkeys = JSON.parse(_.unescape($('#sshkey-list')[0].textContent));
var html = sshkeysTemplate({ var html = sshkeysTemplate({
...@@ -53,6 +55,12 @@ function (_, sup, sshkeysString, oopsString, waitwaitString) ...@@ -53,6 +55,12 @@ function (_, sup, sshkeysString, oopsString, waitwaitString)
HandleDeleteKey(index); HandleDeleteKey(index);
}); });
// Form reset button.
$('#ssh_clear_button').click(function (event) {
console.log("foo");
event.preventDefault();
$('#sshkey_data').val("");
});
// Add key button. // Add key button.
$('#ssh_addkey_button').click(function (event) { $('#ssh_addkey_button').click(function (event) {
event.preventDefault(); event.preventDefault();
...@@ -79,16 +87,18 @@ function (_, sup, sshkeysString, oopsString, waitwaitString) ...@@ -79,16 +87,18 @@ function (_, sup, sshkeysString, oopsString, waitwaitString)
return; return;
} }
if (embedded) { if (embedded) {
window.parent.location.replace("../ssh-keys.php"); window.parent.location.replace("../ssh-keys.php?user=" +
target_uid);
} }
else { else {
window.location.replace("ssh-keys.php"); window.location.replace("ssh-keys.php?user=" + target_uid);
} }
} }
sup.ShowModal("#waitwait-modal"); sup.ShowModal("#waitwait-modal");
var xmlthing = sup.CallServerMethod(null, "ssh-keys", "addkey", var xmlthing = sup.CallServerMethod(null, "ssh-keys", "addkey",
{"keydata" : keydata}); {"keydata" : keydata,
"target_uid" : target_uid});
xmlthing.done(callback); xmlthing.done(callback);
} }
...@@ -107,7 +117,8 @@ function (_, sup, sshkeysString, oopsString, waitwaitString) ...@@ -107,7 +117,8 @@ function (_, sup, sshkeysString, oopsString, waitwaitString)
sup.ShowModal("#waitwait-modal"); sup.ShowModal("#waitwait-modal");
var xmlthing = sup.CallServerMethod(null, "ssh-keys", "deletekey", var xmlthing = sup.CallServerMethod(null, "ssh-keys", "deletekey",
{"index" : index}); {"index" : index,
"target_uid" : target_uid});
xmlthing.done(callback); xmlthing.done(callback);
} }
......
...@@ -27,8 +27,9 @@ chdir("apt"); ...@@ -27,8 +27,9 @@ chdir("apt");
# #
# When there's a PubKeys class, this will be a Class function to edit them... # When there's a PubKeys class, this will be a Class function to edit them...
# #
function AddKeyAux($uid, $keydata, &$error) function AddKeyAux($target_uid, $keydata, &$error)
{ {
global $this_user;
global $suexec_output, $suexec_output_array; global $suexec_output, $suexec_output_array;
# #
...@@ -50,8 +51,10 @@ function AddKeyAux($uid, $keydata, &$error) ...@@ -50,8 +51,10 @@ function AddKeyAux($uid, $keydata, &$error)
chmod($filename, 0666); chmod($filename, 0666);
# Invoke the back-end script as the user if an admin for permissions. # Invoke the back-end script as the user if an admin for permissions.
$retval = SUEXEC($uid, "nobody", "webaddpubkey -f -u $uid $filename", $suexec_uid = (ISADMIN() ? $this_user->uid() : "nobody");
SUEXEC_ACTION_IGNORE); $retval = SUEXEC($suexec_uid, "nobody",
"webaddpubkey -f -u $target_uid $filename",
SUEXEC_ACTION_IGNORE);
unlink($filename); unlink($filename);
if ($retval) { if ($retval) {
...@@ -76,15 +79,26 @@ function Do_AddKey() ...@@ -76,15 +79,26 @@ function Do_AddKey()
global $ajax_args; global $ajax_args;
$error = ""; $error = "";
$this_idx = $this_user->uid_idx(); $target_user = $this_user;
$this_uid = $this_user->uid(); $embedded = isset($ajax_args["embedded"]) && $ajax_args["embedded"];
$embedded = isset($ajax_args["embedded"]) && $ajax_args["embedded"];
if (!isset($ajax_args["keydata"])) { if (!isset($ajax_args["keydata"])) {
SPITAJAX_ERROR(1, "Missing key data"); SPITAJAX_ERROR(1, "Missing key data");
return; return;
} }
if (!AddKeyAux($this_uid, $ajax_args["keydata"], $error)) { if (isset($ajax_args["target_uid"])) {
$target_uid = $ajax_args["target_uid"];
$target_user = User::Lookup($target_uid);
if (!$target_user) {
SPITAJAX_ERROR(1, "No such user: $target_uid");
return;
}
if (! ($target_user->SameUser($this_user) || ISADMIN())) {
SPITAJAX_ERROR(1, "No permission to add key for $target_uid");
return;
}
}
if (!AddKeyAux($target_user->uid(), $ajax_args["keydata"], $error)) {
SPITAJAX_ERROR(1, $error); SPITAJAX_ERROR(1, $error);
return; return;
} }
...@@ -97,9 +111,8 @@ function Do_DeleteKey() ...@@ -97,9 +111,8 @@ function Do_DeleteKey()
global $this_user; global $this_user;
global $ajax_args; global $ajax_args;
$this_idx = $this_user->uid_idx(); $target_user = $this_user;
$this_uid = $this_user->uid(); $embedded = isset($ajax_args["embedded"]) && $ajax_args["embedded"];
$embedded = isset($ajax_args["embedded"]) && $ajax_args["embedded"];
if (!isset($ajax_args["index"])) { if (!isset($ajax_args["index"])) {
SPITAJAX_ERROR(1, "Missing key index"); SPITAJAX_ERROR(1, "Missing key index");
...@@ -110,13 +123,35 @@ function Do_DeleteKey() ...@@ -110,13 +123,35 @@ function Do_DeleteKey()
SPITAJAX_ERROR(1, "Invalid key index"); SPITAJAX_ERROR(1, "Invalid key index");
return; return;
} }
if (isset($ajax_args["target_uid"])) {
$target_uid = $ajax_args["target_uid"];
$target_user = User::Lookup($target_uid);
if (!$target_user) {
SPITAJAX_ERROR(1, "No such user: $target_uid");
return;
}
if (! ($target_user->SameUser($this_user) || ISADMIN())) {
SPITAJAX_ERROR(1, "No permission to delete key for $target_uid");
return;
}
}
$target_idx = $target_user->uid_idx();
$target_uid = $target_user->uid();
DBQueryFatal("delete from user_pubkeys ". DBQueryFatal("delete from user_pubkeys ".
"where uid_idx='$this_idx' and idx='$index' and internal=0"); "where uid_idx='$target_idx' and idx='$index' and internal=0");
if (SUEXEC($this_uid, "nobody", #
"webaddpubkey -w $this_uid", SUEXEC_ACTION_CONTINUE)) { # update authkeys files and nodes, but only if user has a real account.
SPITAJAX_ERROR(-1, "Internal error regenerating keys file"); # The -w option can only be used on real users, and deleting a key does
return; # not require anything by the outside script if not a real user; it
# will complain and die.
#
if (HASREALACCOUNT($target_uid) &&
SUEXEC("nobody", "nobody",
"webaddpubkey -w $target_uid", SUEXEC_ACTION_CONTINUE)) {
SPITAJAX_ERROR(-1, "Internal error regenerating auth keys file");
return;
} }
SPITAJAX_RESPONSE(0); SPITAJAX_RESPONSE(0);
return; return;
......
...@@ -33,11 +33,26 @@ $page_title = "My SSH Keys"; ...@@ -33,11 +33,26 @@ $page_title = "My SSH Keys";
RedirectSecure(); RedirectSecure();
$this_user = CheckLoginOrRedirect(); $this_user = CheckLoginOrRedirect();
$this_idx = $this_user->idx(); $this_idx = $this_user->idx();
$optargs = OptionalPageArguments("target_user", PAGEARG_USER);
SPITHEADER(1); SPITHEADER(1);
# Default to current user.
if (!isset($target_user)) {
$target_user = $this_user;
}
$target_uid = $target_user->uid();
$target_idx = $target_user->idx();
if (! ($target_user->SameUser($this_user) ||
$target_user->AccessCheck($this_user, $TB_USERINFO_READINFO))) {
USERERROR("You do not have permission to view ${target_uid}' keys!", 1);
}
$query_result = $query_result =
DBQueryFatal("select idx,comment,pubkey from user_pubkeys ". DBQueryFatal("select idx,comment,pubkey from user_pubkeys ".
"where uid_idx='$this_idx' and internal=0"); "where uid_idx='$target_idx' and internal=0");
$pubkeys = array(); $pubkeys = array();
while ($row = mysql_fetch_array($query_result)) { while ($row = mysql_fetch_array($query_result)) {
...@@ -53,7 +68,8 @@ echo "</script>\n"; ...@@ -53,7 +68,8 @@ echo "</script>\n";
echo "<div id='page-body'></div>\n"; echo "<div id='page-body'></div>\n";
echo "<script type='text/javascript'>\n"; echo "<script type='text/javascript'>\n";
echo " window.AJAXURL = 'server-ajax.php';\n"; echo " window.AJAXURL = 'server-ajax.php';\n";
echo " window.TARGET_UID = '$target_uid';\n";
echo "</script>\n"; echo "</script>\n";
echo "<script src='js/lib/jquery-2.0.3.min.js'></script>\n"; echo "<script src='js/lib/jquery-2.0.3.min.js'></script>\n";
echo "<script src='js/lib/bootstrap.js'></script>\n"; echo "<script src='js/lib/bootstrap.js'></script>\n";
......
...@@ -26,8 +26,8 @@ ...@@ -26,8 +26,8 @@
<a data-toggle="collapse" <a data-toggle="collapse"
href='#<%- key_href %>'> href='#<%- key_href %>'>
<span class="glyphicon glyphicon-chevron-right pull-left" <span class="glyphicon glyphicon-chevron-right pull-left"
style='padding-right: 10px;'></span></a> style='padding-right: 10px;'></span>
<h4 class='panel-title'><%- key_title %></h4> <h4 class='panel-title'><%- key_title %></h5></a>
</div> </div>
</div> </div>
<div id='<%- key_href %>' class="panel-collapse collapse"> <div id='<%- key_href %>' class="panel-collapse collapse">
...@@ -80,6 +80,9 @@ ...@@ -80,6 +80,9 @@
data-classButton='btn btn-primary btn-sm' data-classButton='btn btn-primary btn-sm'
data-input='false' data-input='false'
data-buttonText='Load from file'> data-buttonText='Load from file'>
<button type="button" id='ssh_clear_button'
style='margin-left: 10px;'
class="btn btn-default btn-sm">Clear Form</button>
</div> </div>
</div> </div>
<div class="form-group"> <div class="form-group">
......
<?php
#
# Copyright (c) 2000-2012 University of Utah and the Flux Group.
#
# {{{EMULAB-LICENSE
#
# This file is part of the Emulab network testbed software.
#
# This file is free software: you can redistribute it and/or modify it
# under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or (at
# your option) any later version.
#
# This file is distributed in the hope that it will be useful, but WITHOUT
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
# FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public
# License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this file. If not, see <http://www.gnu.org/licenses/>.
#
# }}}
#
include("defs.php3");
#
# No PAGEHEADER since we spit out a redirect later.
#
#
# Only known and logged in users can do this.
#
$this_user = CheckLoginOrDie(CHECKLOGIN_USERSTATUS|CHECKLOGIN_WEBONLY);
$uid = $this_user->uid();
$isadmin = ISADMIN();
#
# Verify page arguments.
#
$reqargs = RequiredPageArguments("target_user", PAGEARG_USER,
"key", PAGEARG_INTEGER);
$optargs = OptionalPageArguments("canceled", PAGEARG_BOOLEAN,
"confirmed", PAGEARG_BOOLEAN);
# Need these below.
$target_dbid = $target_user->dbid();
$target_uid = $target_user->uid();
#
# Verify that this uid is a member of one of the projects that the
# user is in. Must have proper permission in that group too.
#
if (!$isadmin &&
!$target_user->AccessCheck($this_user, $TB_USERINFO_MODIFYINFO)) {
USERERROR("You do not have permission!", 1);
}
#
# Get the actual key.
#
$query_result =& $target_user->TableLookUp("user_pubkeys", "*", "idx='$key'");
if (! mysql_num_rows($query_result)) {
USERERROR("Public Key for user '$target_uid' does not exist!", 1);
}
$row = mysql_fetch_array($query_result);
$pubkey = $row['pubkey'];
$chunky = chunk_split($pubkey, 70, "<br>\n");
$internal = $row['internal'];
$nodelete = $row['nodelete'];
#
# Internal keys cannot be deleted without admin.
#
if (($internal || $nodelete) && !$isadmin) {
USERERROR("You are not allowed to delete your system keys!", 1);
}
#
# We run this twice. The first time we are checking for a confirmation
# by putting up a form. The next time through the confirmation will be
# set. Or, the user can hit the cancel button, in which case we should
# probably redirect the browser back up a level.
#
if (isset($canceled) && $canceled) {
PAGEHEADER("SSH Public Key Maintenance");
echo "<center><h2><br>
SSH Public Key deletion canceled!
</h2></center>\n";
$url = CreateURL("showpubkeys", $target_user);
echo "<br>
Back to <a href='$url'>ssh public keys</a> for user '$uid'.\n";
PAGEFOOTER();
return;
}
if (!isset($confirmed)) {
PAGEHEADER("SSH Public Key Maintenance");
echo "<center><h3><br>
Are you <b>REALLY</b>
sure you want to delete this SSH Public Key for user '$target_uid'?
</h3>\n";
$url = CreateURL("deletepubkey", $target_user, "key", $key);
echo "<form action='$url' method=post>";
echo "<b><input type=submit name=confirmed value=Confirm></b>\n";
echo "<b><input type=submit name=canceled value=Cancel></b>\n";
echo "</form>\n";
echo "</center>\n";
echo "<table align=center border=1 cellpadding=2 cellspacing=2>
<tr>
<td>$chunky</td>
</tr>
</table>\n";
if ($internal || $nodelete) {
echo "<center><font color=red size=+1>";
echo "This is an internal key!</font><center>";
}
PAGEFOOTER();
return;
}
#
# Audit
#
$uid_name = $this_user->name();
$uid_email = $this_user->email();
$targuid_name = $target_user->name();
$targuid_email = $target_user->email();
TBMAIL("$targuid_name <$targuid_email>",
"SSH Public Key for '$target_uid' Deleted",
"\n".
"SSH Public Key for '$target_uid' deleted by '$uid'.\n".
"\n".
"$chunky\n".
"\n".
"Thanks,\n".
"Testbed Operations\n",
"From: $uid_name <$uid_email>\n".
"Bcc: $TBMAIL_AUDIT\n".
"Errors-To: $TBMAIL_WWW");
DBQueryFatal("delete from user_pubkeys ".
"where uid_idx='$target_dbid' and idx='$key'");
#
# update authkeys files and nodes, but only if user has a real account.
# The -w option can only be used on real users, and deleting a key does
# not require anything by the outside script if not a real user; it
# will complain and die!
#
if (HASREALACCOUNT($target_uid)) {
ADDPUBKEY("-w $target_uid");
}
header("Location: " . CreateURL("showpubkeys", $target_user));
?>
<?php <?php
# #
# Copyright (c) 2000-2012 University of Utah and the Flux Group. # Copyright (c) 2000-2015 University of Utah and the Flux Group.
# #
# {{{EMULAB-LICENSE # {{{EMULAB-LICENSE
# #
...@@ -375,7 +375,7 @@ function SPITFORM($formfields, $errors) ...@@ -375,7 +375,7 @@ function SPITFORM($formfields, $errors)
security policies</a> for information security policies</a> for information
regarding passwords and email addresses.\n"; regarding passwords and email addresses.\n";
if (!$wikionly) { if (!$wikionly) {
$pubkey_url = CreateURL("showpubkeys", $target_user); $pubkey_url = CreateURL("ssh-keys", $target_user);
echo "<li> You can also echo "<li> You can also
<a href='$pubkey_url'>edit your ssh public keys</a>. <a href='$pubkey_url'>edit your ssh public keys</a>.
......
<?php <?php
# #
# Copyright (c) 2000-2012 University of Utah and the Flux Group. # Copyright (c) 2000-2015 University of Utah and the Flux Group.
# #
# {{{EMULAB-LICENSE # {{{EMULAB-LICENSE
# #
...@@ -84,7 +84,7 @@ WRITESUBMENUBUTTON("Edit Profile", ...@@ -84,7 +84,7 @@ WRITESUBMENUBUTTON("Edit Profile",
if (!$wikionly && ($isadmin || $target_user->SameUser($this_user))) { if (!$wikionly && ($isadmin || $target_user->SameUser($this_user))) {
WRITESUBMENUBUTTON("Edit SSH Keys", WRITESUBMENUBUTTON("Edit SSH Keys",
CreateURL("showpubkeys", $target_user)); CreateURL("ssh-keys", $target_user));
WRITESUBMENUBUTTON("Generate SSL Cert", WRITESUBMENUBUTTON("Generate SSL Cert",
CreateURL("gensslcert", $target_user)); CreateURL("gensslcert", $target_user));
......
This diff is collapsed.
...@@ -127,7 +127,7 @@ if (!$archived) { ...@@ -127,7 +127,7 @@ if (!$archived) {
if (!$archived && !$target_user->wikionly() && if (!$archived && !$target_user->wikionly() &&
($isadmin || $target_user->SameUser($this_user))) { ($isadmin || $target_user->SameUser($this_user))) {
WRITESUBMENUBUTTON("Edit SSH Keys", WRITESUBMENUBUTTON("Edit SSH Keys",
CreateURL("showpubkeys", $target_user)); CreateURL("ssh-keys", $target_user));
WRITESUBMENUBUTTON("Generate SSL Cert", WRITESUBMENUBUTTON("Generate SSL Cert",
CreateURL("gensslcert", $target_user)); CreateURL("gensslcert", $target_user));
......
...@@ -29,15 +29,22 @@ include("defs.php3"); ...@@ -29,15 +29,22 @@ include("defs.php3");
$this_user = CheckLoginOrDie(); $this_user = CheckLoginOrDie();
$uid = $this_user->uid(); $uid = $this_user->uid();
$uid_idx = $this_user->uid_idx(); $uid_idx = $this_user->uid_idx();
$isadmin = ISADMIN();
# #
# Standard Testbed Header # Standard Testbed Header
# #
PAGEHEADER("SSH Keys"); PAGEHEADER("SSH Keys");
$optargs = OptionalPageArguments("target_user", PAGEARG_USER);
# Default to current user.
$target_opt = "";
if (isset($target_user)) {
$target_opt = "&user=" . $target_user->uid();
}
echo "<br>\n"; echo "<br>\n";
echo "<iframe src='apt/ssh-keys.php?embedded=1' echo "<iframe src='apt/ssh-keys.php?embedded=1${target_opt}'
id='embedded' class='embedded'></iframe>"; id='embedded' class='embedded'></iframe>";
$bodyclosestring = $bodyclosestring =
......
<?php <?php
# #
# Copyright (c) 2006-2014 University of Utah and the Flux Group. # Copyright (c) 2006-2015 University of Utah and the Flux Group.
# #
# {{{EMULAB-LICENSE # {{{EMULAB-LICENSE
# #
...@@ -135,6 +135,7 @@ $url_mapping["showslice"] = "showslice.php"; ...@@ -135,6 +135,7 @@ $url_mapping["showslice"] = "showslice.php";
$url_mapping["genihistory"] = "genihistory.php"; $url_mapping["genihistory"] = "genihistory.php";
$url_mapping["showmanifest"] = "showmanifest.php"; $url_mapping["showmanifest"] = "showmanifest.php";
$url_mapping["showslicelogs"] = "showslicelogs.php"; $url_mapping["showslicelogs"] = "showslicelogs.php";
$url_mapping["ssh-keys"] = "ssh-keys.php";
# #
# The caller will pass in a page id, and a list of things. If the thing # The caller will pass in a page id, and a list of things. If the thing
...@@ -553,7 +554,12 @@ function VerifyPageArguments($argspec, $required) ...@@ -553,7 +554,12 @@ function VerifyPageArguments($argspec, $required)
$yep = 1; $yep = 1;
if (ValidateArgument($name, PAGEARG_USER, $idx)) { if (ValidateArgument($name, PAGEARG_USER, $idx)) {
$object = User::Lookup($idx); if (preg_match("/^\d+$/", $idx)) {
$object = User::Lookup($idx);
}
else {
$object = User::LookupByUid($idx);
}
} }
} }
elseif (isset($_REQUEST[URL_UID])) { elseif (isset($_REQUEST[URL_UID])) {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment