IRIX 6.5 Applications 2002 November

home *** CD-ROM | disk | FTP | other *** search

/ IRIX 6.5 Applications 2002 November / SGI IRIX 6.5 Applications 2002 November.iso / dist / gateway.idb / usr / WebFace / Source / 10-InfoSystems / netscape_info / security-i.frm.z / security-i.frm

Wrap

Text File | 2002-06-12 | 16.0 KB | 538 lines

#!/usr/bin/perl5 # # security-i.cgi # # Copyright 1988-1996 Silicon Graphics, Inc. # All rights reserved. # # This is UNPUBLISHED PROPRIETARY SOURCE CODE of Silicon Graphics, Inc.; # the contents of this file may not be disclosed to third parties, copied or # duplicated in any form, in whole or in part, without the prior written # permission of Silicon Graphics, Inc. # # RESTRICTED RIGHTS LEGEND: # Use, duplication or disclosure by the Government is subject to restrictions # as set forth in subdivision (c)(1)(ii) of the Rights in Technical Data # and Computer Software clause at DFARS 252.227-7013, and/or in similar or # successor clauses in the FAR, DOD or NASA FAR Supplement. Unpublished - # rights reserved under the Copyright Laws of the United States. # # $Id: security-i.frm,v 1.10 1998/06/16 20:21:06 shotes Exp $ require "/usr/OnRamp/lib/OnRamp.pm"; require "/usr/OnRamp/lib/java.pm"; if (-e "/var/netscape/fasttrack/bin/admin/ns-admin") { $nss = 2; } elsif (-e "/var/netscape/suitespot/bin/admin/ns-admin") { $nss = 1; } else { $nss = 0; } if ($nss == 2) { $serv_root = "/var/netscape/fasttrack"; $pid_file = $serv_root . "/admin-serv/logs/pid"; $conf_file = $serv_root . "/admin-serv/config/ns-admin.conf"; $pw_file = $serv_root . "/admin-serv/config/admpw"; $def_acl = $serv_root . "/adminacl/admin-defaults.acl"; } elsif ($nss == 1) { $serv_root = "/var/netscape/suitespot"; $pid_file = $serv_root . "/admin-serv/logs/pid"; $conf_file = $serv_root . "/admin-serv/config/ns-admin.conf"; $pw_file = $serv_root . "/admin-serv/config/admpw"; $def_acl = $serv_root . "/adminacl/admin-defaults.acl"; } else { $serv_root = "/usr/ns-home"; $pid_file = $serv_root . "/admserv/pid"; $conf_file = $serv_root . "/admserv/ns-admin.conf"; $pw_file = $serv_root . "/admserv/admpw"; } $start_ns_admin = $serv_root . "/start-admin > /dev/null 2>&1"; $stop_ns_admin = $serv_root . "/stop-admin > /dev/null 2>&1"; $dummy = $conf_file . ".tmp"; $title = "Netscape Admin Server Access Control"; $myname = "security.cgi"; $help_page = "security-help.html"; $js_generic = "which = \"none\"; function runSubmit() { if(which == \"add\") return runAdd(); if(which == \"edit\") return runEdit(); if(which == \"delete\") return runDelete(); return runDo(); } function markAdd() { which = \"add\"; } function markEdit() { which = \"edit\"; } function markDelete() { which = \"delete\"; } function markOther() { which = \"none\"; } $js_error_box $js_help $js_meta $js_ip $js_hostname function runEdit() { Ctrl = document.AccountForm.chosen none = true; for(j = 0; j < Ctrl.length; j++) { if (Ctrl.options[j].selected) { none = false; break; } } if (none) { errorBox (Ctrl, \"To edit an existing account, \" + \"first select an account\\nfrom the list, \" + \"then click the edit button.\"); return (false); } return (true); } function runDelete() { Ctrl = document.AccountForm.chosen; none = true; for(j = 0; j < Ctrl.length; j++) { if (Ctrl.options[j].selected) { none = false; break; } } if (none) { errorBox (Ctrl, \"To delete an existing account, first \" + \"select an account\\nfrom the list, then click \" + \"the delete button.\"); return (false); } return (true); } function runDo() { if (!testStarList(document.AccountForm.clients)) return (false); return (true); } function is_ip(word) { ipChars = \"0123456789\.*\"; for (ii=0; ii<word.length; ii++) { c = word.charAt(ii); if (ipChars.indexOf(c, 0) == -1) { return (false); } } return (true); } function remove_star(word) { if (word.indexOf(\"*\", 0) == -1) return (word); new_word = \"\"; for (jj = 0; jj < word.length; jj++) { if (word.charAt(jj) == \"*\") new_word = new_word + \"233\"; else new_word = new_word + word.charAt(jj); } return (new_word); } function testStarList(Ctrl) { my_count = 0; ipChars = \"0123456789\.*\"; whitespace = \" \\n\\r\\t\\f\"; space = true; for(start=0, cur=0; cur < Ctrl.value.length; cur++) { for(i = 0; i < whitespace.length; i++) { c = whitespace.charAt(i); if (Ctrl.value.charAt(cur) == c) { // found whitespace if (space == false) { space = true; if(cur != start) { host = Ctrl.value.substring(start,cur); my_count++; if (is_ip(host)) { new_host = remove_star(host); if (!testIPaddress(new_host,false)) { errorBox (Ctrl, \"Invalid server IP address: \" + host + \"\\nin server address list.\"); return (false); } } else { if (!testHostname(Ctrl, host, \"hostname\", false)) return (false); } } } break; } else { // found character if (space == true) { space = false; start = cur; } } } } if(cur != start && space == false) { host = Ctrl.value.substring(start,cur); my_count++; if (is_ip(host)) { new_host = remove_star(host); if (!testIPaddress(new_host,false)) { errorBox (Ctrl, \"Invalid server IP address: \" + host + \"\\nin server address list.\"); return (false); } } else { if (!testHostname(Ctrl, host, \"hostname\", false)) return (false); } } return (true); } function runAdd() { Ctrl = document.AccountForm.new_account; if (Ctrl.value.length == 0) { errorBox(Ctrl, \"To add a new account, first enter \\n\" +\"the new account name.\"); return (false); } if (!testMeta(Ctrl, \"account name\")) return (false); return (true); }"; $js_edit = "$js_standard $js_error_box $js_help $js_meta function checkForm(form) { if (form.uname.value.length == 0) { errorBox(form.uname, \"Account name cannot be empty.\"); return (false); } if (!testMeta(form.uname, \"account name\")) return (false); return (true); }"; print "Content-type: text/html\n\n"; &get_fields; &get_accounts; if (%fld) { $fld{'chosen'} =~ /([\w.-]+)/; $chosen = $1; $help = $document_root . $ENV{"SCRIPT_NAME"}; $help =~ s/cgi$/hlp/; exec $help if ($fld{'help'} eq "Help"); if ($fld{'edit'}) { &get_edit($chosen); } elsif ($fld{'do_edit'}) { &generic; } elsif ($fld{'add'}) { &get_add; } elsif ($fld{'delete'}) { &generic($chosen); } elsif ($fld{'doit'}) { $fld{'adm_pwd'} =~ s/\s//g; if (($nss != 0) && ($fld{'adm_pwd'} ne $fld{'adm_pwd2'})) { $js_badpw = " function bad_password() { Ctrl = document.AccountForm.adm_pwd; errorBox(Ctrl, \"The two passwords are not identical.\"); return(true); }"; $js_generic .= $js_badpw; } else { &do_it; &get_accounts; } &generic; } elsif ($fld{'doedit'}) { $fld{'password'} =~ s/\s//g; if (! $fld{'password'}) { $js_badpw = " function bad_password() { Ctrl = document.StandardForm.password; errorBox(Ctrl, \"A password is required.\"); return(true); }"; $js_edit .= $js_badpw; $fld{'edit'} = "Resetting this." if ($fld{'old_account'}); &get_edit($fld{'uname'}); } elsif ($fld{'password'} ne $fld{'password2'}) { $js_badpw = " function bad_password() { Ctrl = document.StandardForm.password; errorBox(Ctrl, \"The two passwords are not identical.\"); return(true); }"; $js_edit .= $js_badpw; $fld{'edit'} = "Resetting this." if ($fld{'old_account'}); &get_edit($fld{'uname'}); } else { &do_edit; &get_accounts; &generic; } } } else { &generic; } sub do_it { if ($nss > 0 && $fld{'adm_pwd'}) { &new_super; } else { &do_delete($fld{'deleted'}) if $fld{'deleted'}; } &process_clients; &bounce_server; } sub process_clients { @clients = split(/\s+/, $fld{'clients'}); foreach (@clients) { if ($_ =~ /[^0-9\.\*]/) { push(@hosts, $_); } else { push(@adds, $_); } } if ($#hosts > 0) { $hosts = "(" . join('|', @hosts) . ")"; } elsif ($#hosts == 0) { $hosts = $hosts[0]; } else { $hosts = ""; } if ($#adds > 0) { $adds = "(" . join('|', @adds) . ")"; } elsif ($#adds == 0) { $adds = $adds[0]; } else { $adds = ""; } $hosts_added = 0; $adds_added = 0; open(IN, "< $conf_file"); open(OUT, "> $dummy"); while(<IN>) { if ($_ =~ /^Hosts\s/) { $hosts_added = 1; if ($hosts ne "") { print OUT "Hosts $hosts\n"; } } elsif ($_ =~ /^Addresses\s/) { $adds_added = 1; if ($adds ne "") { print OUT "Addresses $adds\n"; } } else { print OUT $_; } } if ($hosts ne "" && $hosts_added == 0) { print OUT "Hosts $hosts\n"; } if ($adds ne "" && $adds_added == 0) { print OUT "Addresses $adds\n"; } close(IN); close(OUT); rename($dummy, $conf_file); $message .= " Client list updated."; } sub bounce_server { open(IN, "< $pid_file"); $pid = <IN>; close(IN); if ($pid) { system($stop_ns_admin); if ($nss > 0) { sleep(5); } system($start_ns_admin); } } sub new_super { if ($fld{'adm_pwd'}) { $salt = &mksalt; $pswd = crypt($fld{'adm_pwd'}, $salt); $line = $fld{'adm_name'} . ":" . $pswd; open(OUT, "> $pw_file"); print OUT $line; close(OUT); open(IN, "< $def_acl"); open(OUT, "> $dummy"); while(<IN>) { if ($_ =~ /^allow absolute/) { $_ =~ s/\".*\"/\"$fld{'adm_name'}\"/; } print OUT $_; } close(IN); close(OUT); rename($dummy, $def_acl); $message .= "Super-user updated.<br>"; } } sub do_delete { open(IN, "< $pw_file"); open(OUT, "> $dummy"); while(<IN>) { print OUT $_ unless $_[0] eq (split(/:/, $_))[0]; } close(IN); close(OUT); rename($dummy, $pw_file); &bounce_server; $message .= "Account deleted."; } sub do_edit { $salt = &mksalt; $pswd = crypt($fld{'password'}, $salt); $line = $fld{'uname'} . ":" . $pswd; if ($fld{'old_account'} ne "") { open(IN, "< $pw_file"); open(OUT, "> $dummy"); while(<IN>) { if ($fld{'old_account'} eq (split(/:/, $_))[0]) { print OUT "$line\n"; } else { print OUT $_; } } close(IN); close(OUT); rename($dummy, $pw_file); $message .= "Account edited."; } else { open(OUT, ">> $pw_file"); print OUT "$line\n"; close(OUT); $message .= "Account added."; } &bounce_server; } sub get_add { &get_edit($fld{'new_account'}); } sub get_edit { if (! $js_badpw) { $js_badpw = $js_empty_passwd_check; $js_edit .= $js_badpw; } &js_title_block($title, $js_edit); if ($fld{'add'}) { &header_block("Add Account"); } else { &header_block("Edit Account"); } print "<body onLoad='bad_password()'>\n"; print "<form name=StandardForm action=$myname method=post " . "onSubmit=\"return runSubmit()\">\n" . "<i>$message</i>\n" . "<center><br><table width=400>\n"; if ($fld{'edit'}) { print "<input type=hidden name='old_account' value=$_[0]>\n"; } print "<tr><th align=left>Account name:<td>" . &text("uname", $_[0], 20) . "</td></tr>\n"; print "<tr><th align=left>Account password:<td>" . "<input type=password name=\"password\" size=20>" . "</td></tr>\n"; print "<tr><th align=left>Retype password:<td>" . "<input type=password name=\"password2\" size=20>" . "</td></tr>\n"; print "</table></center><br>\n"; print &js_buttons('doedit','Ok','onClick="markOK()"', 'onClick="markOther()"', "onClick=\"do_help('$help_page'); return (false)\""); print "</body>\n"; } sub get_accounts { if ($nss > 0) { open(IN, "< $pw_file"); $val{'adm_name'} = (split(/:/, <IN>))[0]; close(IN); } else { undef @accounts; open(IN, "< $pw_file"); while(<IN>) { push(@accounts, (split(/:/, $_))[0]); } close(IN); } undef @clients; open(IN, "< $conf_file"); while(<IN>) { if ($_ =~ /^Hosts\s+(.*)/) { $list = $1; if ($list =~ /$(.*)$/) { push(@clients, split(/\|/, $1)); } else { push(@clients, $list); } } elsif ($_ =~ /^Addresses\s+(.*)/) { $list = $1; if ($list =~ /$(.*)$/) { push(@clients, split(/\|/, $1)); } else { push(@clients, $list); } } } close(IN); $val{'clients'} = join("\n", @clients); } sub generic { if (! $js_badpw) { $js_badpw = $js_empty_passwd_check; $js_generic .= $js_badpw; } &js_title_block($title, $js_generic); &header_block($title); print "<body onLoad='bad_password()'>\n"; if ($_[0]) { $message .= qq|Click "Ok" to save changes.|; } print "<form name=AccountForm action=$myname method=post " . "onSubmit=\"return runSubmit()\">\n"; print "<input type=hidden name=nss value=$nss>\n"; print "<i>$message</i>\n"; if ($nss > 0) { print "<br>\n" . "<h3>Super user:</h3><center><table width=400>\n" . "<tr><th align=left>Name:<td><input name=\"adm_name\" value=\"$val{'adm_name'}\" size=19></td></tr>\n" . "<tr><th align=left>Password:<td><input type=password name=\"adm_pwd\" size=19></td></tr>\n" . "<tr><th align=left>Retype password:<td><input type=password name=\"adm_pwd2\" size=19></td></tr>\n"; print "</table></center><br>"; } else { print "<br>\n" . "<h3>Allowed users:</h3><center><table width=400>\n" . "<tr><td><input type=submit name=\"add\" onClick=\"markAdd()\" \n" . "value=\"Add New Account\"\n" . "</td><td><input name=\"new_account\" value=\"$val{'new_account'}\"\n" . "size=19 onClick=\"markAdd()\"></td></tr>\n"; if ($#accounts >= 0) { if ($_[0]) { undef @show_accts; foreach $arg (@accounts) { push(@show_accts, $arg) if $arg ne $_[0]; } print "<input type=hidden name=deleted value=$_[0]>\n"; } else { @show_accts = @accounts; } print "<tr><td>\n" . "<input type=submit name=\"edit\" onClick=\"markEdit()\" \n" . "value=\"Edit Selected Account\"></td><td rowspan=2>"; print &choice_list(*show_accts, "chosen", 20); print "</td/tr>\n" . "<tr><td><input type=submit name=\"delete\" onClick=\"markDelete()\" \n" . "value=\"Delete Selected Account\"></td></tr>\n"; } print "</table></center><br>"; } print "<h3>Allowed clients:</h3>\n" . "<center>\n" . "<textarea name='clients' cols=20 rows=4>" . $val{'clients'} . "</textarea><br><br>\n"; print &js_buttons('doit','Ok','onClick="markOther()"', 'onClick="markOther()"', "onClick=\"do_help('$help_page'); return (false)\""); print "</body>\n"; }