/* ** w3-auth.c - ** ** ** Copyright (c) 1995-96 Hughes Technologies Pty Ltd ** ** Permission to use, copy, and distribute for non-commercial purposes, ** is hereby granted without fee, providing that the above copyright ** notice appear in all copies and that both the copyright notice and this ** permission notice appear in supporting documentation. ** ** This software is provided "as is" without any expressed or implied warranty. ** ** */ #include #include #include #include #include #include #include "y.tab.h" #include "lite.h" #include "version.h" /* ** Globals */ char *username, *passwd, *curNS = NULL, *urlNS, qBuf[2048]; int sock; /* ** Auth levels */ #define AUTH_UM 1 #define AUTH_AM 2 #define AUTH_GM 4 #define AUTH_MM 8 #define AUTH_PM 16 #define AUTH_NM 32 #define AUTH_ANY 255 /**************************************************************************** ** Variable handling routines */ typedef struct _var { char *name, *value; struct _var *next; } var_t; static var_t *varHead = NULL; void setVariable(var,val) char *var, *val; { var_t *cur, *new; cur = varHead; while(cur) { if (strcmp(cur->name,var) == 0) { if (cur->value) free(cur->value); cur->value = (char *)strdup(val); return; } cur = cur->next; } new = (var_t *)malloc(sizeof(var_t)); bzero(new,sizeof(var_t)); new->name = (char *)strdup(var); if (val) new->value = (char *)strdup(val); else new->value = NULL; new->next = varHead; varHead = new; } void appendVariable(var,val) char *var, *val; { var_t *cur, *new; char *newVal; cur = varHead; while(cur) { if (strcmp(cur->name,var) == 0) { if (!cur->value) { cur->value = (char *)strdup(val); return; } newVal = (char *)malloc(strlen(cur->value) + strlen(val) + 2); sprintf(newVal,"%s%c%s",cur->value,'\001',val); free(cur->value); cur->value = newVal; return; } cur = cur->next; } new = (var_t *)malloc(sizeof(var_t)); bzero(new,sizeof(var_t)); new->name = (char *)strdup(var); if (val) new->value = (char *)strdup(val); else new->value = NULL; new->next = varHead; varHead = new; } char *getVariable(var) char *var; { var_t *cur; char *envVal, errBuf[160]; /* ** Look for an internal variable */ cur = varHead; while(cur) { if (strcmp(cur->name,var) == 0) { return(cur->value); } cur = cur->next; } return(NULL); } void parseArgs() { char *query, *method, *contentLength, *cp1, *cp2, var[30], val[160]; int fd, length; cp1 = (char *)getenv("QUERY_STRING"); if (cp1) { query = (char *)strdup(cp1); } method=(char *)getenv("REQUEST_METHOD"); if(!method) return; if (strcmp(method, "POST") == 0) { contentLength = (char *)getenv("CONTENT_LENGTH"); if (!contentLength) return; length = atoi(contentLength); query = (char *) malloc(length + 1); read(fileno(stdin), query, length); query[length]='\0'; } cp1 = query; cp2 = var; bzero(var,sizeof(var)); bzero(val,sizeof(val)); while(*cp1) { if (*cp1 == '\\') { cp1++; *cp2++ = *cp1++; continue; } if (*cp1 == '=') { cp1++; cp2 = val; continue; } if (*cp1 == '&') { HTUnEscape(val); if (getVariable(var)) appendVariable(var,val); else setVariable(var,val); bzero(var,sizeof(var)); bzero(val,sizeof(val)); cp1++; cp2 = var; continue; } *cp2++ = *cp1++; } HTUnEscape(val); if (getVariable(var)) appendVariable(var,val); else setVariable(var,val); } char *msqlEscape(str) char *str; { char *new, *cp1, *cp2; new = (char *)malloc(2 * strlen(str)); cp1 = str; cp2 = new; while(*cp1) { if (*cp1 == '\\') { *cp2++ = *cp1++; } else if (*cp1=='\'' || *cp1=='[' || *cp1==']' || *cp1=='^' || *cp1=='$' ) { *cp2++ = '\\'; } *cp2++ = *cp1++; } *cp2 = 0; return(new); } int checkAuth(level) int level; { m_result *res; m_row row; int curLevel, length; char *authInfo, *authBuf, *cryptpw, *curpw, salt[3], errbuf[160]; #ifdef DEBUGGING_WITHOUT_AUTH username = strdup("bambi"); sock = msqlConnect(NULL); if (sock < 0) { runError(msqlErrMsg); exit(1); } if (msqlSelectDB(sock, "w3-msql") < 0) { runError(msqlErrMsg); exit(1); } return(1); #endif /* ** Get the username & passwd */ authInfo = (char *)getenv("HTTP_AUTHORIZATION"); if (!authInfo) { sendAuthHeader("No Auth Info"); exit(1); } authInfo = (char *)index(authInfo,' '); if (!authInfo) { sendAuthHeader("No Passwd"); exit(1); } authInfo++; authBuf = (char *)malloc(100); bzero(authBuf,100); length = HTUU_decode(authInfo, authBuf, 100); *(authBuf+length) = 0; username = (char *)strtok(authBuf,":"); passwd = (char *)strtok(NULL,"\n"); if (!username || !passwd) { sendAuthHeader("Missing Username or Passwd"); exit(1); } /* ** Connect to the database */ sock = msqlConnect(NULL); if (sock < 0) { runError(msqlErrMsg); exit(1); } if (msqlSelectDB(sock, "w3-msql") < 0) { runError(msqlErrMsg); exit(1); } sprintf(qBuf,"select passwd from users where uname = '%s'", username); if (msqlQuery(sock,qBuf) < 0) { runError(msqlErrMsg); exit(1); } res = msqlStoreResult(); if (msqlNumRows(res) == 0) { sendAuthHeader("Invalid Username"); exit(1); } row = msqlFetchRow(res); curpw = row[0]; salt[0] = *curpw; salt[1] = *(curpw+1); salt[2] = 0; cryptpw = (char *)fcrypt(passwd, salt); if (strcmp(cryptpw,row[0]) != 0) { sendAuthHeader("Bad Passwd"); exit(1); } msqlFreeResult(res); sprintf(qBuf,"select level, namespace from perms where uname = '%s'", username); if (msqlQuery(sock,qBuf) < 0) { runError(msqlErrMsg); exit(1); } res = msqlStoreResult(); if (msqlNumRows(res) == 0) { sendAuthHeader("You have no management permission"); exit(1); } row = msqlFetchRow(res); while(row) { if (strcmp(row[1], curNS) == 0) { if (level == AUTH_ANY) { return; } curLevel = atoi(row[0]); if (!(curLevel & level)) { sendAuthHeader("Bad Access Level"); exit(1); } return; } row = msqlFetchRow(res); } sprintf(errbuf, "No Access To Namespace '%s'", curNS); sendAuthHeader(errbuf); exit(1); } void sendFooter() { printf("





\n"); printf("\n"); printf("\n"); printf("

w3-Auth %s by ",VERSION); printf(""); printf("Hughes Technologies
\n\n"); } void runError(msg) char *msg; { printf("\n"); printf("\n"); printf("

\n"); printf("\n\nW3-Auth Error! - %s\n\n

\n",msg); sendFooter(); fflush(stdout); } sendAuthHeader(msg) char *msg; { printf("Status: 401 Error\n"); printf("WWW-Authenticate: Basic realm=\" 'W3 Auth' \"\n"); printf("Server: w3-mSQL_2\n"); printf("Content-Type: text/html\n\n"); printf("\n"); printf("



\n"); printf("

Access Denied




\n"); if (msg) printf("

%s




\n",msg); sendFooter(); } sendOkHeader() { printf("Status: 200 Output Follows\n"); printf("WWW-Authenticate: Basic\n"); printf("Server: w3-mSQL_2\n"); printf("Content-Type: text/html\n\n"); printf("\n"); printf("


\n"); printf("

\n"); } sendIntro() { m_result *res; m_row row; checkAuth(AUTH_ANY); sendOkHeader(); printf("

Authentication Management

\n"); printf("


\n"); printf("Welcome to the W3-mSQL authentication management "); printf("interface. Through this interface you can create, "); printf("edit, and delete users, groups and secure areas. "); printf("Access is check at every step of the process and you "); printf("will only be able to access the functions that you "); printf("have been granted access to.



"); sprintf(qBuf, "select namespace from perms where uname='%s' order by namespace", username); msqlQuery(sock,qBuf); res = msqlStoreResult(); if (msqlNumRows(res) == 0) { printf("

\n"); printf("No Namespaces Defined!

\n"); printf(""); printf("Please create a namespace\n"); sendFooter(); exit(0); } printf("

Please select a namespace

\n"); printf("
\n"); printf("\n"); printf("

\n"); msqlFreeResult(res); sendFooter(); } sendMainMenu() { checkAuth(AUTH_ANY); sendOkHeader(); if (!curNS) { sendOkHeader(); printf("


Missing Namespace. Exiting


\n"); sendFooter(); exit(1); } printf("

Authentication Management

\n"); printf("


\n"); printf("

\n"); printf("\n"); printf("\n",username); printf(""); printf("\n"); printf("\n", curNS); printf("
Current Username %s
Current Namespace%s


\n"); printf("

\n"); printf(""); printf("Area Management\n", urlNS); printf("
\n"); printf("
\n"); printf(""); printf("Group Management", urlNS); printf("
\n"); printf(""); printf("", urlNS); printf("Group Member Management"); printf("
\n"); printf("
\n"); printf(""); printf("User Management\n", urlNS); printf("
\n"); printf(""); printf("Forced Log Out
"); printf("


\n"); sendFooter(); } sendSuperUserMenu() { checkAuth(AUTH_ANY); sendOkHeader(); if (!curNS) { sendOkHeader(); printf("


Missing Namespace. Exiting


\n"); sendFooter(); exit(1); } printf("

Super User Management

\n"); printf("


\n"); printf("

\n"); printf(""); printf("Namespace Management", urlNS); printf("
\n"); printf("
\n"); printf(""); printf("User Management\n", urlNS); printf("
\n"); printf(""); printf("",urlNS); printf("Privilege Management\n"); printf("


\n"); printf(""); printf("Forced Log Out
"); printf("


\n"); sendFooter(); } logOut(opt) char *opt[]; { if (opt[1] == NULL) { sendOkHeader(); printf("

Forced Log Out

\n"); printf("




\n"); printf("

\n"); printf("Due to browsers such as Netscape \"remembering\""); printf(" your password for a WWW site, the only way you"); printf(" can ensure that you have \"logged out\" of"); printf(" w3-Auth is to follow the link below and enter"); printf(" an invalid username or password. You can then"); printf(" be sure that even if someone else uses your"); printf(" machine, they still can not access w3-Auth as"); printf(" you.

"); printf("To force a logout, just follow the link below. "); printf("If you are prompted to retry authorisation, just"); printf(" hit OK and enter an invalid username or password. "); printf(" When you are informed it is invalid, just hit"); printf(" Cancel.



\n"); printf("

\n"); printf("Log Out\n"); sendFooter(); exit(0); } sendAuthHeader(NULL); } /************************************************************************** *************************************************************************** ** User Management Routines ** */ userManagementAction(opt) char *opt[]; { m_result *res; m_row row; /* ** Add User */ if (strcmp(opt[1],"AU") == 0) { char *uname, *passwd, *cryptpw, *full_name; printf("

Add User

\n"); printf("


\n"); printf("

\n"); printf("\n"); printf("\n",username); printf(""); printf("\n"); printf("\n", curNS); printf("
Current Username %s
Current Namespace%s


\n"); printf("


\n"); printf("

\n"); uname = getVariable("UNAME"); passwd = getVariable("PASSWD"); cryptpw = (char *)fcrypt(passwd, "AA"); full_name = getVariable("FULL_NAME"); if (!uname || !passwd || !full_name) { runError("You must complete all fields!"); exit(1); } if (strlen(uname)==0 || strlen(passwd)==0 || strlen(full_name)==0) { runError("You must complete all fields!"); exit(1); } uname = msqlEscape(uname); full_name = msqlEscape(full_name); sprintf(qBuf,"select full_name from users where uname='%s' and namespace='%s'", uname, curNS); if (msqlQuery(sock,qBuf) < 0) { runError(msqlErrMsg); exit(1); } res = msqlStoreResult(); row = msqlFetchRow(res); if (row) { runError("Username already exists in this namespace!"); exit(1); } msqlFreeResult(res); sprintf(qBuf,"insert into users (namespace,uname,passwd,full_name) values ('%s','%s','%s','%s')",curNS,uname,cryptpw,full_name); if (msqlQuery(sock,qBuf) < 0) { runError(msqlErrMsg); exit(1); } printf("New user '%s' added




\n",uname); printf("Return to Main Menu"); printf("\n"); sendFooter(); exit(0); } /* ** Delete User */ if (strcmp(opt[1],"DU") == 0) { char *uname; printf("

Delete User

\n"); printf("


\n"); printf("

\n"); printf("\n"); printf("\n",username); printf(""); printf("\n"); printf("\n", curNS); printf("
Current Username %s
Current Namespace%s


\n"); printf("


\n"); printf("

\n"); uname = getVariable("UNAME"); if (!uname) { runError("Username Missing!"); exit(1); } sprintf(qBuf,"delete from users where uname='%s' and namespace='%s'", uname, curNS); if (msqlQuery(sock,qBuf) < 0) { runError(msqlErrMsg); exit(1); } sprintf(qBuf,"delete from perms where namespace='%s' and uname='%s'",curNS,uname); if (msqlQuery(sock,qBuf) < 0) { runError(msqlErrMsg); exit(1); } printf("User Delete



\n"); printf("Return to Main Menu"); printf("\n"); sendFooter(); exit(0); } /* ** Edit User */ if (strcmp(opt[1],"EU") == 0) { char *uname, *passwd, *cryptpw, *oldpasswd, *full_name, *oldlevel, *olduname; int level; printf("

Edit User

\n"); printf("


\n"); printf("

\n"); printf("\n"); printf("\n",username); printf(""); printf("\n"); printf("\n", curNS); printf("
Current Username %s
Current Namespace%s


\n"); printf("


\n"); printf("

\n"); uname = getVariable("UNAME"); passwd = getVariable("PASSWD"); cryptpw = (char *)fcrypt(passwd, "AA"); full_name = getVariable("FULL_NAME"); oldpasswd = getVariable("OLD_PASSWD"); olduname = getVariable("OLD_UNAME"); if (!uname || !passwd || !full_name) { runError("You must complete all fields!"); exit(1); } uname = msqlEscape(uname); if (strcmp(passwd,"***") == 0) passwd = msqlEscape(oldpasswd); else passwd = msqlEscape(passwd); full_name = msqlEscape(full_name); /* Check for existing user of that name */ if (strcmp(olduname,uname) != 0) { sprintf(qBuf,"select full_name from users where uname='%s' and namespace='%s'", uname, curNS); if (msqlQuery(sock,qBuf) < 0) { runError(msqlErrMsg); exit(1); } res = msqlStoreResult(); row = msqlFetchRow(res); if (row) { runError("Username already exists!"); exit(1); } } /* Blow away the old info */ sprintf(qBuf,"delete from users where uname='%s' and namespace='%s'", olduname, curNS); if (msqlQuery(sock,qBuf) < 0) { runError(msqlErrMsg); exit(1); } /* Insert the new stuff */ sprintf(qBuf,"insert into users (namespace,uname,passwd,full_name) values ('%s','%s', '%s', '%s')",curNS,uname,cryptpw, full_name); if (msqlQuery(sock,qBuf) < 0) { runError(msqlErrMsg); exit(1); } printf("User Edited



\n"); printf("Return to Main Menu"); printf("\n"); sendFooter(); exit(0); } } userManagement(opt) char *opt[]; { m_result *res; m_row row; char *action; /* ** Check authority etc */ checkAuth(AUTH_UM); sendOkHeader(); if (!curNS) { sendOkHeader(); printf("


Missing Namespace. Exiting


\n"); sendFooter(); exit(1); } /* ** Is this an action from a previous UM screen? */ if (opt[1] != NULL) { userManagementAction(opt); } /* ** OK, it's a config screen. Work out which one and do the ** right thing. */ action = getVariable("ACTION"); /* User Management Menu */ if (action == NULL) { printf("

User Management

\n"); printf("


\n"); printf("

\n"); printf("\n"); printf("\n",username); printf(""); printf("\n"); printf("\n", curNS); printf("
Current Username %s
Current Namespace%s


\n"); printf("

\n"); printf("

\n"); printf("

\n"); printf("\n",urlNS); printf("\n

"); printf("\n"); printf("\n"); printf("
\n"); printf("
\n"); printf("		\n"); printf("
\n"); printf("		\n"); printf("
\n"); printf("		\n"); printf("
\n"); printf("\n"); printf("
\n"); printf("		\n"); printf("\n"); printf("
\n"); printf("		\n"); printf("\n"); printf("
\n"); printf("		\n"); printf("\n"); printf("

\n"); printf("

\n"); printf("
"); printf("Return to Main Menu"); printf("\n"); printf("

\n"); sendFooter(); exit(1); } /* ** View user option */ if (strcmp(action, "VIEW") == 0) { char *uname; int level; printf("

View User

\n"); printf("


\n"); printf("

\n"); printf("\n"); printf("\n",username); printf(""); printf("\n"); printf("\n", curNS); printf("
Current Username %s
Current Namespace%s


\n"); printf("


\n"); uname = getVariable("uname"); if (!uname) { runError("Missing username"); exit(1); } uname = msqlEscape(uname); sprintf(qBuf, "select level from perms where uname='%s' and namespace='%s'", uname, curNS); if (msqlQuery(sock, qBuf) < 0) { runError(msqlErrMsg); exit(1); } res = msqlStoreResult(); row = msqlFetchRow(res); if (!row) level = 0; else level = atoi(row[0]); msqlFreeResult(res); sprintf(qBuf, "select full_name from users where uname='%s' and namespace='%s'", uname, curNS); if (msqlQuery(sock, qBuf) < 0) { runError(msqlErrMsg); exit(1); } res = msqlStoreResult(); row = msqlFetchRow(res); if (!row) { runError("Unknown user!"); exit(1); } printf("\n"); printf("\n",uname); printf("\n",row[0]); printf("\n", (level & AUTH_NM)?"Yes":"No"); printf("\n", (level & AUTH_UM)?"Yes":"No"); printf("\n", (level & AUTH_AM)?"Yes":"No"); printf("\n", (level & AUTH_GM)?"Yes":"No"); printf("\n", (level & AUTH_MM)?"Yes":"No"); printf("\n", (level & AUTH_PM)?"Yes":"No"); printf("
Username%s
Full Name%s
Namespace Management Access%s
User Management Access%s
Area Management Access%s
Group Management Access%s
Group Member Management Access"); printf("%s
Privilege Management Access%s
"); sendFooter(); exit(1); } /* ** Add user option */ if (strcmp(action, "ADD") == 0) { char *uname; int level; printf("
"); printf("\n",urlNS); printf("

Add User

\n"); printf("


\n"); printf("

\n"); printf("\n"); printf("\n",username); printf(""); printf("\n"); printf("\n", curNS); printf("
Current Username %s
Current Namespace%s


\n"); printf("


\n"); printf("\n"); printf("\n"); printf("\n"); printf("\n"); printf("
Username\n"); printf("
Full Name\n"); printf("
Password\n"); printf("
"); printf("

"); sendFooter(); exit(1); } /* ** Delete user option */ if (strcmp(action, "DELETE") == 0) { char *uname; uname = getVariable("uname"); if (!uname) { runError("Missing username"); exit(1); } printf(""); printf("\n",urlNS); printf("

Delete User

\n"); printf("


\n"); printf("

\n"); printf("\n"); printf("\n",username); printf(""); printf("\n"); printf("\n", curNS); printf("
Current Username %s
Current Namespace%s


\n"); printf("


\n"); printf("Are you sure you want to delete '%s'?\n",uname); uname = msqlEscape(uname); printf("\n", uname); printf("

\n"); printf("

\n"); sendFooter(); } /* ** Edit user option */ if (strcmp(action, "EDIT") == 0) { char *uname, *oldUname; uname = getVariable("uname"); if (!uname) { runError("Missing username"); exit(1); } oldUname = (char *)strdup(uname); uname = msqlEscape(uname); sprintf(qBuf, "select full_name,passwd from users where uname='%s'", uname); if (msqlQuery(sock, qBuf) < 0) { runError(msqlErrMsg); exit(1); } res = msqlStoreResult(); row = msqlFetchRow(res); if (!row) { runError("Unknown user!"); exit(1); } printf("

"); printf("\n",urlNS); printf("

Edit User

\n"); printf("


\n"); printf("

\n"); printf("\n"); printf("\n",username); printf(""); printf("\n"); printf("\n", curNS); printf("
Current Username %s
Current Namespace%s


\n"); printf("

\n"); printf("\n"); printf("\n", oldUname); printf("\n", row[0]); printf("\n"); printf("
Username\n"); printf("
Full Name\n"); printf("
Password\n"); printf("
"); printf("", row[1]); printf("", oldUname); printf("

"); printf("

\n"); sendFooter(); exit(1); } } /************************************************************************** *************************************************************************** ** Namespace Management Routines ** */ namespaceManagementAction(opt) char *opt[]; { m_result *res; m_row row; /* ** Add Namespace */ if (strcmp(opt[1],"AN") == 0) { char *ns, *descr, *admins, *curAdmin, nameBuf[20]; int index, indexVal; printf("

Add Namespace

\n"); printf("


\n"); printf("

\n"); printf("

\n"); ns = getVariable("NAME"); descr = getVariable("DESCR"); admins = getVariable("ADMINS"); if (!ns || !descr || !admins) { runError("You must complete all fields!"); exit(1); } if (strlen(ns)==0 || strlen(descr)==0 || strlen(admins)==0) { runError("You must complete all fields!"); exit(1); } sprintf(qBuf, "select descr from namespaces where namespace='%s'", ns); if (msqlQuery(sock,qBuf) < 0) { runError(msqlErrMsg); exit(1); } res = msqlStoreResult(); row = msqlFetchRow(res); if (row) { runError("Namespace already exists!"); exit(1); } msqlFreeResult(res); sprintf(qBuf,"insert into namespaces (namespace,descr)values('%s','%s')", ns,descr); if (msqlQuery(sock,qBuf) < 0) { runError(msqlErrMsg); exit(1); } curAdmin = (char *)strtok(admins,"\001"); while(curAdmin) { sprintf(qBuf,"insert into perms (namespace,uname,level)values('%s','%s',0)",ns,curAdmin); if (msqlQuery(sock,qBuf) < 0) { runError(msqlErrMsg); exit(1); } curAdmin = (char *)strtok(NULL,"\001"); } printf("New namespace added




\n"); printf("Return to Main Menu"); printf("\n"); sendFooter(); exit(0); } /* ** Delete Namespace */ if (strcmp(opt[1],"DN") == 0) { char *ns; printf("

Delete Namespace

\n"); printf("


\n"); printf("

\n"); printf("

\n"); ns = getVariable("NAMESPACE"); if (!ns) { runError("Namepsace name Missing!"); exit(1); } sprintf(qBuf,"delete from namespaces where namespace='%s'",ns); if (msqlQuery(sock,qBuf) < 0) { runError(msqlErrMsg); exit(1); } sprintf(qBuf,"delete from perms where namespace='%s'",ns); if (msqlQuery(sock,qBuf) < 0) { runError(msqlErrMsg); exit(1); } sprintf(qBuf,"delete from users where namespace='%s'",ns); if (msqlQuery(sock,qBuf) < 0) { runError(msqlErrMsg); exit(1); } printf("Namespace Delete



\n"); printf("Return to Main Menu"); printf("\n"); sendFooter(); exit(0); } /* ** Edit Namespace */ if (strcmp(opt[1],"EN") == 0) { char *oldName, *name, *oldDescr, *descr, *addAdmins, *delAdmins, *curAdmin, nameBuf[20]; int index, indexVal; printf("

Edit Namespace

\n"); printf("


\n"); printf("

\n"); printf("

\n"); name = getVariable("NAMESPACE"); oldName = getVariable("OLDNS"); descr = getVariable("DESCR"); oldDescr = getVariable("OLDDESCR"); addAdmins = getVariable("ADD"); delAdmins = getVariable("REMOVE"); if (!name || !descr) { runError("You must specify a name and a description!"); exit(1); } if (strlen(name)==0 || strlen(descr)==0) { runError("You must specify a name and a description!"); exit(1); } if (strcmp(oldName,name) != 0) { sprintf(qBuf, "select descr from namespaces where namespace='%s'", name); if (msqlQuery(sock,qBuf) < 0) { runError(msqlErrMsg); exit(1); } res = msqlStoreResult(); row = msqlFetchRow(res); if (row) { runError("Namespace already exists!"); exit(1); } msqlFreeResult(res); } /* ** Blow away the old stuff */ sprintf(qBuf,"delete from namespaces where namespace='%s'", oldName); if (msqlQuery(sock,qBuf) < 0) { runError(msqlErrMsg); exit(1); } /* ** update the users etc */ sprintf(qBuf, "update users set namespace='%s' where namespace='%s'", name,oldName); if (msqlQuery(sock,qBuf) < 0) { runError(msqlErrMsg); exit(1); } sprintf(qBuf, "update perms set namespace='%s' where namespace='%s'", name,oldName); if (msqlQuery(sock,qBuf) < 0) { runError(msqlErrMsg); exit(1); } sprintf(qBuf, "update areas set namespace='%s' where namespace='%s'", name,oldName); if (msqlQuery(sock,qBuf) < 0) { runError(msqlErrMsg); exit(1); } sprintf(qBuf, "update group_members set namespace='%s' where namespace='%s'", name,oldName); if (msqlQuery(sock,qBuf) < 0) { runError(msqlErrMsg); exit(1); } sprintf(qBuf, "update groups set namespace='%s' where namespace='%s'", name,oldName); if (msqlQuery(sock,qBuf) < 0) { runError(msqlErrMsg); exit(1); } sprintf(qBuf, "update group_admin set namespace='%s' where namespace='%s'", name,oldName); if (msqlQuery(sock,qBuf) < 0) { runError(msqlErrMsg); exit(1); } /* ** Delete and removed admins */ curAdmin = (char *)strtok(delAdmins,"\001"); while(curAdmin) { sprintf(qBuf,"delete from perms where namespace='%s' and uname='%s'", name,curAdmin); if (msqlQuery(sock,qBuf) < 0) { runError(msqlErrMsg); exit(1); } curAdmin = (char *)strtok(NULL,"\001"); } /* ** Insert the new stuff */ sprintf(qBuf,"insert into namespaces (namespace,descr)values('%s','%s')", name,descr); if (msqlQuery(sock,qBuf) < 0) { runError(msqlErrMsg); exit(1); } curAdmin = (char *)strtok(addAdmins,"\001"); while(curAdmin) { sprintf(qBuf,"insert into perms (namespace,uname,level) values ('%s','%s',0)", name,curAdmin); if (msqlQuery(sock,qBuf) < 0) { runError(msqlErrMsg); exit(1); } curAdmin = (char *)strtok(NULL,"\001"); } printf("Namespace edited




\n"); printf("Return to Main Menu"); printf("\n"); sendFooter(); exit(0); } } namespaceManagement(opt) char *opt[]; { m_result *res, *res2; m_row row, row2; char *action; /* ** Check authority etc */ checkAuth(AUTH_NM); sendOkHeader(); /* ** Is this an action from a previous NM screen? */ if (opt[1] != NULL) { namespaceManagementAction(opt); } /* ** OK, it's a config screen. Work out which one and do the ** right thing. */ action = getVariable("ACTION"); /* Namespace Management Menu */ if (action == NULL) { printf("

Namespace Management

\n"); printf("


\n"); printf("

\n"); printf("

\n"); printf("

"); printf("\n",urlNS); printf("\n

"); printf("\n"); printf("\n"); printf("
\n"); printf("
\n"); printf("		\n"); printf("
\n"); printf("		\n"); printf("
\n"); printf("		\n"); printf("
\n"); printf("\n"); printf("
\n"); printf("		\n"); printf("\n"); printf("
\n"); printf("		\n"); printf("\n"); printf("
\n"); printf("		\n"); printf("\n"); printf("

\n"); printf("

\n"); printf("
"); printf("Return to Main Menu"); printf("\n"); printf("

\n"); sendFooter(); exit(1); } /* ** View namespace option */ if (strcmp(action, "VIEW") == 0) { char *namespace; printf("

View Namespace

\n"); printf("




\n"); printf("

\n"); namespace = getVariable("NAMESPACE"); if (!namespace) { runError("Missing namespace name"); exit(1); } namespace = msqlEscape(namespace); sprintf(qBuf, "select descr from namespaces where namespace='%s'", namespace); if (msqlQuery(sock, qBuf) < 0) { runError(msqlErrMsg); exit(1); } res = msqlStoreResult(); row = msqlFetchRow(res); if (!row) { runError("Unknown namespace!"); exit(1); } printf("\n"); printf("\n", namespace); printf("\n", row[0]); printf("
Namespace Name%s
Namespace Description%s
Namespace Administrators"); printf("\n"); msqlFreeResult(res); sprintf(qBuf,"select uname from perms where namespace='%s'", namespace); if (msqlQuery(sock,qBuf) < 0) { runError(msqlErrMsg); exit(1); } res = msqlStoreResult(); row = msqlFetchRow(res); while(row) { printf("%s\n",row[0]); row = msqlFetchRow(res); if (row) printf("
"); } printf("

\n"); sendFooter(); exit(1); } /* ** Add namespace option */ if (strcmp(action, "ADD") == 0) { char *uname; int index; printf("

"); printf("\n",urlNS); printf("

Add Namespace

\n"); printf("


\n"); printf("

\n"); printf(""); printf(""); printf("
Namespace Name\n"); printf("\n
Namespace Description\n"); printf("\n
Namespace Administrators\n"); printf("\n"); printf("
\n"); printf("

"); sendFooter(); exit(1); } /* ** Delete user option */ if (strcmp(action, "DELETE") == 0) { char *ns; ns = getVariable("NAMESPACE"); if (!ns) { runError("Missing Namespace"); exit(1); } printf(""); printf("\n",urlNS); printf("

Delete Namespace

\n"); printf("


\n"); printf("Are you sure you want to delete '%s' and all its users?\n",ns); ns = msqlEscape(ns); printf("\n", ns); printf("

\n"); printf("

\n"); sendFooter(); } /* ** Edit user option */ if (strcmp(action, "EDIT") == 0) { char *ns, *oldNS, *url, *aclIndex, *aclGroup, *aclAcl; char *cp0,*cp1,*cp2,*cp3,*cp4,*cp5; int index; ns = getVariable("NAMESPACE"); if (!ns) { runError("Missing Namespace"); exit(1); } oldNS = (char *)strdup(ns); oldNS = msqlEscape(ns); sprintf(qBuf, "select descr from namespaces where namespace='%s'",ns); if (msqlQuery(sock, qBuf) < 0) { runError(msqlErrMsg); exit(1); } res = msqlStoreResult(); row = msqlFetchRow(res); if (!row) { runError("Unknown namespace!"); exit(1); } printf("

"); printf("

Edit Namespace

\n"); printf("
\n"); printf("",ns); printf("", row[0]); printf("\n"); printf("
Namespace Name\n"); printf("\n
Namespace Description\n"); printf("\n
Remove Administrators\n"); printf("\n",ns); printf("\n", row[0]); printf("
Add Administrators\n"); printf("\n"); printf("
\n"); msqlFreeResult(res); printf("", oldNS); printf("

"); printf("

\n"); sendFooter(); exit(1); } } /************************************************************************** *************************************************************************** ** Area Management Routines ** */ areaManagementAction(opt) char *opt[]; { m_result *res; m_row row; /* ** Add Area */ if (strcmp(opt[1],"AA") == 0) { char *url, *name, *aclIndex, *aclGroup, *aclAcl, *msqlNS, nameBuf[20]; int index, indexVal; printf("

Add Area

\n"); printf("


\n"); printf("

\n"); printf("

\n"); url = getVariable("URL"); name = getVariable("NAME"); if (!url || !name) { runError("You must specify a name and a URL!"); exit(1); } if (strlen(url)==0 || strlen(name)==0) { runError("You must specify a name and a URL!"); exit(1); } url = msqlEscape(url); name = msqlEscape(name); msqlNS = msqlEscape(curNS); sprintf(qBuf,"select url from areas where name='%s'",name); if (msqlQuery(sock,qBuf) < 0) { runError(msqlErrMsg); exit(1); } res = msqlStoreResult(); row = msqlFetchRow(res); if (row) { runError("Area already exists!"); exit(1); } msqlFreeResult(res); sprintf(qBuf, "insert into areas (name,url,namespace)values('%s','%s','%s')", name,url,curNS); if (msqlQuery(sock,qBuf) < 0) { runError(msqlErrMsg); exit(1); } for (index=1; index<=5; index++) { sprintf(nameBuf,"INDEX_%d",index); aclIndex = getVariable(nameBuf); indexVal = atoi(aclIndex); if (indexVal == 0) continue; sprintf(nameBuf,"GROUP_%d",index); aclGroup = getVariable(nameBuf); sprintf(nameBuf,"ACL_%d",index); aclAcl = getVariable(nameBuf); sprintf(qBuf,"insert into area_acl (name,offset,group,acl,namespace)values('%s',%d,'%s','%s','%s')",name,indexVal,aclGroup,aclAcl,curNS); if (msqlQuery(sock,qBuf) < 0) { runError(msqlErrMsg); exit(1); } } printf("New area added




\n"); printf("Return to Main Menu"); printf("\n"); sendFooter(); exit(0); } /* ** Delete Area */ if (strcmp(opt[1],"DA") == 0) { char *area; printf("

Delete Area

\n"); printf("


\n"); printf("

\n"); printf("

\n"); area = getVariable("AREA"); if (!area) { runError("Area name Missing!"); exit(1); } sprintf(qBuf,"delete from areas where name='%s' and namespace='%'",area, curNS); if (msqlQuery(sock,qBuf) < 0) { runError(msqlErrMsg); exit(1); } sprintf(qBuf,"delete from area_acl where name='%s' and namespace='%s'",area, curNS); if (msqlQuery(sock,qBuf) < 0) { runError(msqlErrMsg); exit(1); } printf("Area Delete



\n"); printf("Return to Main Menu"); printf("\n"); sendFooter(); exit(0); } /* ** Edit Area */ if (strcmp(opt[1],"EA") == 0) { char *url, *oldName, *name, *aclIndex, *aclGroup, *aclAcl, nameBuf[20]; int index, indexVal; printf("

Edit Area

\n"); printf("


\n"); printf("

\n"); printf("

\n"); url = getVariable("URL"); name = getVariable("NAME"); oldName = getVariable("OLD_NAME"); if (!url || !name) { runError("You must specify a name and a URL!"); exit(1); } if (strlen(url)==0 || strlen(name)==0) { runError("You must specify a name and a URL!"); exit(1); } if (strcmp(oldName,name) != 0) { sprintf(qBuf,"select url from areas where name='%s'", name); if (msqlQuery(sock,qBuf) < 0) { runError(msqlErrMsg); exit(1); } res = msqlStoreResult(); row = msqlFetchRow(res); if (row) { runError("Area already exists!"); exit(1); } msqlFreeResult(res); } /* ** Blow away the old stuff */ sprintf(qBuf,"delete from areas where name='%s'",oldName); if (msqlQuery(sock,qBuf) < 0) { runError(msqlErrMsg); exit(1); } sprintf(qBuf,"delete from area_acl where name='%s'",oldName); if (msqlQuery(sock,qBuf) < 0) { runError(msqlErrMsg); exit(1); } /* ** Insert the new stuff */ sprintf(qBuf,"insert into areas (name,url,namespace)values('%s','%s','%s')", name,url, curNS); if (msqlQuery(sock,qBuf) < 0) { runError(msqlErrMsg); exit(1); } for (index=1; index<=5; index++) { sprintf(nameBuf,"INDEX_%d",index); aclIndex = getVariable(nameBuf); indexVal = atoi(aclIndex); if (indexVal == 0) continue; sprintf(nameBuf,"GROUP_%d",index); aclGroup = getVariable(nameBuf); sprintf(nameBuf,"ACL_%d",index); aclAcl = getVariable(nameBuf); sprintf(qBuf,"insert into area_acl (name,offset,group,acl,namespace)values('%s',%d,'%s','%s','%s')",name,indexVal,aclGroup,aclAcl,curNS); if (msqlQuery(sock,qBuf) < 0) { runError(msqlErrMsg); exit(1); } } printf("Area edited




\n"); printf("Return to Main Menu"); printf("\n"); sendFooter(); exit(0); } } areaManagement(opt) char *opt[]; { m_result *res, *res2; m_row row, row2; char *action; /* ** Check authority etc */ if (!curNS) { sendOkHeader(); printf("


Missing Namespace. Exiting


\n"); sendFooter(); exit(1); } checkAuth(AUTH_AM); sendOkHeader(); /* ** Is this an action from a previous AM screen? */ if (opt[1] != NULL) { areaManagementAction(opt); } /* ** OK, it's a config screen. Work out which one and do the ** right thing. */ action = getVariable("ACTION"); /* Area Management Menu */ if (action == NULL) { printf("

Area Management

\n"); printf("


\n"); printf("

\n"); printf("

\n"); printf("

"); printf("\n",urlNS); printf("\n

"); printf("\n"); printf("\n"); printf("
\n"); printf("
\n"); printf("		\n"); printf("
\n"); printf("		\n"); printf("
\n"); printf("		\n"); printf("
\n"); printf("\n"); printf("
\n"); printf("		\n"); printf("\n"); printf("
\n"); printf("		\n"); printf("\n"); printf("
\n"); printf("		\n"); printf("\n"); printf("

\n"); printf("

\n"); printf("
"); printf("Return to Main Menu"); printf("\n"); printf("

\n"); sendFooter(); exit(1); } /* ** View area option */ if (strcmp(action, "VIEW") == 0) { char *area; printf("

View Area

\n"); printf("




\n"); printf("

\n"); area = getVariable("AREA"); if (!area) { runError("Missing area name"); exit(1); } area = msqlEscape(area); sprintf(qBuf, "select url from areas where name='%s'", area); if (msqlQuery(sock, qBuf) < 0) { runError(msqlErrMsg); exit(1); } res = msqlStoreResult(); row = msqlFetchRow(res); if (!row) { runError("Unknown area!"); exit(1); } printf("\n"); printf("\n",area); printf("\n",row[0]); printf("
Area Name%s
Area URL%s

\n"); sprintf(qBuf, "select offset,group,acl from area_acl where name='%s' order by offset", area); if (msqlQuery(sock, qBuf) < 0) { runError(msqlErrMsg); exit(1); } res = msqlStoreResult(); row = msqlFetchRow(res); if (!row) { runError("Unknown area!"); exit(1); } printf("\n"); printf("\n"); while(row) { printf("\n",row[0],row[1],row[2]); row = msqlFetchRow(res); } printf("
IndexAccess GroupAccess Control
%s%s%s
"); sendFooter(); exit(1); } /* ** Add area option */ if (strcmp(action, "ADD") == 0) { char *uname; int index; printf("

"); printf("\n",urlNS); printf("

Add Area

\n"); printf("


\n"); printf("

\n"); printf(""); printf(""); printf("
Area Name\n"); printf("\n
Area URL\n"); printf("\n
\n"); printf("
\n"); printf("\n"); sprintf(qBuf,"select group from groups order by group"); if (msqlQuery(sock, qBuf) < 0) { runError(msqlErrMsg); exit(1); } res = msqlStoreResult(); for (index=1; index<=5; index++) { printf("\n"); } printf("
IndexAccess GroupAccess Control
\n"); msqlDataSeek(res,0); row = msqlFetchRow(res); printf("\n"); printf("\n",index); printf("
\n"); printf("

"); sendFooter(); exit(1); } /* ** Delete user option */ if (strcmp(action, "DELETE") == 0) { char *area; area = getVariable("AREA"); if (!area) { runError("Missing area name"); exit(1); } printf(""); printf("\n",urlNS); printf("

Delete Area

\n"); printf("


\n"); printf("Are you sure you want to delete '%s'?\n",area); area = msqlEscape(area); printf("\n", area); printf("

\n"); printf("

\n"); sendFooter(); } /* ** Edit user option */ if (strcmp(action, "EDIT") == 0) { char *area, *oldArea, *url, *aclIndex, *aclGroup, *aclAcl; char *cp0,*cp1,*cp2,*cp3,*cp4,*cp5; int index; area = getVariable("AREA"); if (!area) { runError("Missing area name"); exit(1); } oldArea = (char *)strdup(area); area = msqlEscape(area); sprintf(qBuf, "select url from areas where name='%s'",area); if (msqlQuery(sock, qBuf) < 0) { runError(msqlErrMsg); exit(1); } res = msqlStoreResult(); row = msqlFetchRow(res); if (!row) { runError("Unknown area!"); exit(1); } printf("

"); printf("\n",urlNS); printf("

Edit Area

\n"); printf("
\n"); printf("",area); printf("", row[0]); printf("
Area Name\n"); printf("\n
Area URL\n"); printf("\n
\n"); msqlFreeResult(res); printf("
\n"); printf("\n"); sprintf(qBuf,"select group from groups order by group"); if (msqlQuery(sock, qBuf) < 0) { runError(msqlErrMsg); exit(1); } res = msqlStoreResult(); sprintf(qBuf,"select offset,group,acl from area_acl where name='%s' order by offset",area); if (msqlQuery(sock, qBuf) < 0) { runError(msqlErrMsg); exit(1); } res2 = msqlStoreResult(); row2 = msqlFetchRow(res2); for (index=1; index<=5; index++) { printf("\n"); if (row2) row2 = msqlFetchRow(res2); } printf("
IndexAccess GroupAccess Control
\n"); msqlDataSeek(res,0); row = msqlFetchRow(res); printf("\n"); if (row2) printf( "\n", index, row2[2]); else printf( "\n", index); printf("
\n"); printf("", oldArea); printf("

"); printf("

\n"); sendFooter(); exit(1); } } /************************************************************************** *************************************************************************** ** Group Management Routines ** */ groupManagementAction(opt) char *opt[]; { m_result *res; m_row row; /* ** Add Group */ if (strcmp(opt[1],"AG") == 0) { char *group, *descr, *admins, *admin; printf("

Add Group

\n"); printf("


\n"); printf("

\n"); printf("

\n"); group = getVariable("GROUP"); descr = getVariable("DESCR"); admins = getVariable("ADMINS"); if (!group || !descr || !admins) { runError("You must complete all fields!"); exit(1); } if (strlen(group)==0 || strlen(descr)==0 || strlen(admins)==0) { runError("You must complete all fields!"); exit(1); } group = msqlEscape(group); descr = msqlEscape(descr); sprintf(qBuf,"select group from groups where group='%s' and namespace='%s'", group, curNS); if (msqlQuery(sock,qBuf) < 0) { runError(msqlErrMsg); exit(1); } res = msqlStoreResult(); row = msqlFetchRow(res); if (row) { runError("Group already exists!"); exit(1); } msqlFreeResult(res); sprintf(qBuf,"insert into groups(group,descr,namespace)values('%s','%s','%s')", group,descr, curNS); if (msqlQuery(sock,qBuf) < 0) { runError(msqlErrMsg); exit(1); } admin = (char *)strtok(admins,"\001"); while(admin) { sprintf(qBuf, "insert into group_admin(group,uname,namespace)values('%s','%s','%s')", group,admin,curNS); if (msqlQuery(sock,qBuf) < 0) { runError(msqlErrMsg); exit(1); } admin = (char *)strtok(NULL,"\001"); } printf("New group '%s' added




\n",group); printf("Return to Main Menu"); printf("\n"); sendFooter(); exit(0); } /* ** Delete Group */ if (strcmp(opt[1],"DG") == 0) { char *group; printf("

Delete Group

\n"); printf("


\n"); printf("

\n"); printf("

\n"); group = getVariable("GROUP"); if (!group) { runError("Group name Missing!"); exit(1); } group = msqlEscape(group); sprintf(qBuf,"delete from groups where group='%s' and namespace='%s'", group, curNS); if (msqlQuery(sock,qBuf) < 0) { runError(msqlErrMsg); exit(1); } sprintf(qBuf,"delete from group_admin where group='%s' and namespace='%s'",group, curNS); if (msqlQuery(sock,qBuf) < 0) { runError(msqlErrMsg); exit(1); } printf("Group Deleted



\n"); printf("Return to Main Menu"); printf("\n"); sendFooter(); exit(0); } /* ** Edit Group */ if (strcmp(opt[1],"EG") == 0) { char *group, *oldGroup, *descr, *delete, *add, *admin; printf("

Edit Group

\n"); printf("


\n"); printf("

\n"); printf("

\n"); group = getVariable("GROUP"); oldGroup = getVariable("OLD_GROUP"); descr = getVariable("DESCR"); delete = getVariable("DELETE"); add = getVariable("ADD"); if (!group || !descr) { runError("You must supply a name and description"); exit(1); } group = msqlEscape(group); descr = msqlEscape(descr); oldGroup = msqlEscape(oldGroup); /* Check for existing group of that name */ if (strcmp(oldGroup,group) != 0) { sprintf(qBuf,"select descr from groups where group='%s' and namespace='%s'", group, curNS); if (msqlQuery(sock,qBuf) < 0) { runError(msqlErrMsg); exit(1); } res = msqlStoreResult(); row = msqlFetchRow(res); if (row) { runError("Group name already exists!"); exit(1); } } /* Blow away the old info */ sprintf(qBuf,"delete from groups where group='%s' and namespace='%s'", oldGroup, curNS); if (msqlQuery(sock,qBuf) < 0) { runError(msqlErrMsg); exit(1); } /* Insert the new stuff */ sprintf(qBuf,"insert into groups (group,descr,namespace) values ('%s','%s','%s')",group,descr,curNS); if (msqlQuery(sock,qBuf) < 0) { runError(msqlErrMsg); exit(1); } /* Update the admin info */ if (strcmp(group, oldGroup) != 0) { sprintf(qBuf,"update group_admin set group='%s' where group='%s' and namespace='%s'", group, oldGroup, curNS); if (msqlQuery(sock,qBuf) < 0) { runError(msqlErrMsg); exit(1); } } admin = (char *)strtok(delete,"\001"); while(admin) { sprintf(qBuf,"delete from group_admin where uname='%s' and group = '%s' and namespace='%s'", admin, group, curNS); if (msqlQuery(sock,qBuf) < 0) { runError(msqlErrMsg); exit(1); } admin = (char *)strtok(NULL,"\001"); } admin = (char *)strtok(add,"\001"); while(admin) { sprintf(qBuf, "insert into group_admin(group,uname,namespace)values('%s','%s','%s')", group, admin, curNS); if (msqlQuery(sock,qBuf) < 0) { runError(msqlErrMsg); exit(1); } admin = (char *)strtok(NULL,"\001"); } printf("Group Edited



\n"); printf("Return to Main Menu"); printf("\n"); sendFooter(); exit(0); } } groupManagement(opt) char *opt[]; { m_result *res, *res2; m_row row, row2; char *action; /* ** Check authority etc */ if (!curNS) { sendOkHeader(); printf("


Missing Namespace. Exiting


\n"); sendFooter(); exit(1); } checkAuth(AUTH_GM); sendOkHeader(); /* ** Is this an action from a previous GM screen? */ if (opt[1] != NULL) { groupManagementAction(opt); } /* ** OK, it's a config screen. Work out which one and do the ** right thing. */ action = getVariable("ACTION"); /* Group Management Menu */ if (action == NULL) { printf("

Group Management

\n"); printf("


\n"); printf("

\n"); printf("

\n"); printf("

"); printf("\n",urlNS); printf("\n

"); printf("\n"); printf("\n"); printf("
\n"); printf("
\n"); printf("		\n"); printf("
\n"); printf("		\n"); printf("
\n"); printf("		\n"); printf("
\n"); printf("\n"); printf("
\n"); printf("		\n"); printf("\n"); printf("
\n"); printf("		\n"); printf("\n"); printf("
\n"); printf("		\n"); printf("\n"); printf("

\n"); printf("

\n"); printf("
"); printf("Return to Main Menu"); printf("\n"); printf("

\n"); sendFooter(); exit(1); } /* ** View group option */ if (strcmp(action, "VIEW") == 0) { char *group, *origGroup, *descr; printf("

View Group

\n"); printf("




\n"); printf("

\n"); group = getVariable("group_name"); if (!group) { runError("Missing group name"); exit(1); } origGroup = (char *)strdup(group); group = msqlEscape(group); sprintf(qBuf, "select groups.descr,group_admin.uname from groups, group_admin where groups.group = '%s' and group_admin.group = '%s' and groups.namespace='%s' and group_admin.namespace='%s' order by group_admin.uname", group, group, curNS, curNS); if (msqlQuery(sock, qBuf) < 0) { runError(msqlErrMsg); exit(1); } res = msqlStoreResult(); row = msqlFetchRow(res); if (!row) { runError("Unknown group!"); exit(1); } printf("\n"); printf("\n",origGroup); printf("\n",row[0]); printf("
Group Name%s
Group Description%s
Group Administrators\n"); while(row) { printf("%s
\n",row[1]); row = msqlFetchRow(res); } printf("
"); sendFooter(); exit(1); } /* ** Add group option */ if (strcmp(action, "ADD") == 0) { char *uname; int level; sprintf(qBuf, "select uname,level from perms where level>0 and namespace='%s' order by uname", curNS); if (msqlQuery(sock, qBuf) < 0) { runError(msqlErrMsg); exit(1); } res = msqlStoreResult(); row = msqlFetchRow(res); printf("
"); printf("\n",urlNS); printf("

Add Group

\n"); printf("


\n"); printf("

\n"); printf("\n"); printf("\n"); printf("\n"); printf("
Group Name\n"); printf("
Group Description\n"); printf("
Group Administrators\n"); printf("
"); printf("

"); sendFooter(); exit(1); } /* ** Delete group option */ if (strcmp(action, "DELETE") == 0) { char *group; group = getVariable("group_name"); if (!group) { runError("Missing group name"); exit(1); } printf(""); printf("\n",urlNS); printf("

Delete Group

\n"); printf("


\n"); printf("Are you sure you want to delete '%s'?\n",group); group = msqlEscape(group); printf("\n", group); printf("

\n"); printf("

\n"); sendFooter(); } /* ** Edit group option */ if (strcmp(action, "EDIT") == 0) { char *group, *oldGroup; group = getVariable("group_name"); if (!group) { runError("Missing group name"); exit(1); } oldGroup = (char *)strdup(group); group = msqlEscape(group); sprintf(qBuf, "select descr from groups where group ='%s' and namespace='%s'", group, curNS); if (msqlQuery(sock, qBuf) < 0) { runError(msqlErrMsg); exit(1); } res = msqlStoreResult(); row = msqlFetchRow(res); if (!row) { runError("Unknown group!"); exit(1); } printf("

"); printf("\n",urlNS); printf("

Edit Group

\n"); printf("
\n"); printf("\n"); printf("\n", oldGroup); printf("\n", row[0]); printf("", oldGroup); /* Current admins */ sprintf(qBuf,"select uname from group_admin where group='%s' and namespace='%s'", group,curNS); if (msqlQuery(sock, qBuf) < 0) { runError(msqlErrMsg); exit(1); } res = msqlStoreResult(); row = msqlFetchRow(res); printf("\n"); /* New admins */ sprintf(qBuf,"select uname,level from perms where level > 0 and namespace='%s'", curNS); if (msqlQuery(sock, qBuf) < 0) { runError(msqlErrMsg); exit(1); } res2 = msqlStoreResult(); row2 = msqlFetchRow(res2); printf("\n"); printf("
Group name\n"); printf("
Description\n"); printf("
Delete Admins\n"); printf("
Add Admins\n"); printf("
\n"); printf("

"); printf("

\n"); sendFooter(); exit(1); } } /************************************************************************** *************************************************************************** ** Group Member Management Routines ** */ memberManagementAction(opt) char *opt[]; { m_result *res; m_row row; /* ** Add Group */ if (strcmp(opt[1],"AM") == 0) { char *group, *users, *user; printf("

Add Group Members

\n"); printf("


\n"); printf("

\n"); printf("

\n"); group = getVariable("GROUP"); users = getVariable("USERS"); if (!group) { runError("Missing group name!"); exit(1); } if (!users) { runError("You have not selected any users"); exit(1); } if (strlen(group)==0) { runError("Missing group name!"); exit(1); } if (strlen(users)==0) { runError("You have not selected any users"); exit(1); } group = msqlEscape(group); user = (char *)strtok(users,"\001"); while(user) { sprintf(qBuf, "insert into group_members(namespace,group,uname)values('%s','%s','%s')", curNS,group,user); if (msqlQuery(sock,qBuf) < 0) { runError(msqlErrMsg); exit(1); } user = (char *)strtok(NULL,"\001"); } printf("New group members added




\n"); printf("Return to Main Menu"); printf("\n"); sendFooter(); exit(0); } /* ** Delete Group Members */ if (strcmp(opt[1],"DM") == 0) { char *group, *users, *user; printf("

Delete Group Members

\n"); printf("


\n"); printf("

\n"); printf("

\n"); group = getVariable("GROUP"); users = getVariable("USERS"); if (!group) { runError("Missing group name!"); exit(1); } if (!users) { runError("You have not selected any users"); exit(1); } if (strlen(group)==0) { runError("Missing group name!"); exit(1); } if (strlen(users)==0) { runError("You have not selected any users"); exit(1); } group = msqlEscape(group); user = (char *)strtok(users,"\001"); while(user) { sprintf(qBuf, "delete from group_members where group='%s' and uname='%s' and namespace='%s'", group,user,curNS); if (msqlQuery(sock,qBuf) < 0) { runError(msqlErrMsg); exit(1); } user = (char *)strtok(NULL,"\001"); } printf("Group members delete




\n"); printf("Return to Main Menu"); printf("\n"); sendFooter(); exit(0); } /* ** Edit Group */ if (strcmp(opt[1],"EG") == 0) { char *group, *oldGroup, *descr, *delete, *add, *admin; printf("

Edit Group

\n"); printf("


\n"); printf("

\n"); printf("

\n"); group = getVariable("GROUP"); oldGroup = getVariable("OLD_GROUP"); descr = getVariable("DESCR"); delete = getVariable("DELETE"); add = getVariable("ADD"); if (!group || !descr) { runError("You must supply a name and description"); exit(1); } group = msqlEscape(group); descr = msqlEscape(descr); oldGroup = msqlEscape(oldGroup); /* Check for existing group of that name */ if (strcmp(oldGroup,group) != 0) { sprintf(qBuf,"select descr from groups where group='%s' and namespace='%s'", group, curNS); if (msqlQuery(sock,qBuf) < 0) { runError(msqlErrMsg); exit(1); } res = msqlStoreResult(); row = msqlFetchRow(res); if (row) { runError("Group name already exists!"); exit(1); } } /* Blow away the old info */ sprintf(qBuf, "delete from groups where group='%s' and namespace='%s'", oldGroup, curNS); if (msqlQuery(sock,qBuf) < 0) { runError(msqlErrMsg); exit(1); } /* Insert the new stuff */ sprintf(qBuf,"insert into groups (group,descr,namespace) values ('%s','%s','%s')",group,descr,curNS); if (msqlQuery(sock,qBuf) < 0) { runError(msqlErrMsg); exit(1); } /* Update the admin info */ if (strcmp(group, oldGroup) != 0) { sprintf(qBuf,"update group_admin set group='%s' where group='%s' and namespace='%s'", group, oldGroup, curNS); if (msqlQuery(sock,qBuf) < 0) { runError(msqlErrMsg); exit(1); } } admin = (char *)strtok(delete,"\001"); while(admin) { sprintf(qBuf,"delete from group_admin where uname='%s' and group = '%s' and namespace='%s'", admin, group, curNS); if (msqlQuery(sock,qBuf) < 0) { runError(msqlErrMsg); exit(1); } admin = (char *)strtok(NULL,"\001"); } admin = (char *)strtok(add,"\001"); while(admin) { sprintf(qBuf, "insert into group_admin(group,uname,namespace)values('%s','%s','%s')", group, admin, curNS); if (msqlQuery(sock,qBuf) < 0) { runError(msqlErrMsg); exit(1); } admin = (char *)strtok(NULL,"\001"); } printf("Group Edited



\n"); printf("Return to Main Menu"); printf("\n"); sendFooter(); exit(0); } } memberManagement(opt) char *opt[]; { m_result *res, *res2; m_row row, row2; char *action; /* ** Check authority etc */ if (!curNS) { sendOkHeader(); printf("


Missing Namespace. Exiting


\n"); sendFooter(); exit(1); } checkAuth(AUTH_MM); sendOkHeader(); /* ** Is this an action from a previous MM screen? */ if (opt[1] != NULL) { memberManagementAction(opt); } /* ** OK, it's a config screen. Work out which one and do the ** right thing. */ action = getVariable("ACTION"); /* Member Management Menu */ if (action == NULL) { printf("

Group Member Management

\n"); printf("


\n"); printf("

\n"); printf("

\n"); printf("

"); printf("\n",urlNS); sprintf(qBuf,"select group from group_admin where uname='%s' and namespace='%s' order by group", username, curNS); if (msqlQuery(sock, qBuf) < 0) { runError(msqlErrMsg); exit(1); } res = msqlStoreResult(); row = msqlFetchRow(res); while(row) { printf("
\n"); printf("
"); printf("Return to Main Menu"); printf("\n"); printf("

\n"); sendFooter(); exit(1); } /* ** View members option */ if (strcmp(action, "VIEW") == 0) { char *group, *origGroup, *descr; printf("

View Group Members

\n"); printf("




\n"); printf("

\n"); group = getVariable("group_name"); if (!group) { runError("Missing group name"); exit(1); } origGroup = (char *)strdup(group); group = msqlEscape(group); sprintf(qBuf, "select users.uname, users.full_name from users, group_members where users.uname = group_members.uname and group_members.group = '%s' and group_members.namespace='%s'",group, curNS); if (msqlQuery(sock, qBuf) < 0) { runError(msqlErrMsg); exit(1); } res = msqlStoreResult(); row = msqlFetchRow(res); if (!row) { runError("Unknown group or no members!"); exit(1); } printf("Members of group '%s'

\n",origGroup); printf("\n"); printf("\n"); while(row) { printf("\n",row[0],row[1]); row = msqlFetchRow(res); } printf("
Username"); printf("
\n"); printf("		Full Name
%s%s
"); sendFooter(); exit(1); } /* ** Add members option */ if (strcmp(action, "ADD") == 0) { char *uname, *group; group = getVariable("group_name"); if (!group) { runError("Missing group name"); exit(1); } /* Get all the known users in this namespace */ sprintf(qBuf, "select uname from users where namespace='%s' order by uname", curNS); if (msqlQuery(sock, qBuf) < 0) { runError(msqlErrMsg); exit(1); } res = msqlStoreResult(); /* Get all the current group members */ sprintf(qBuf, "select uname from group_members where group='%s' and namespace='%s'", group, curNS); if (msqlQuery(sock, qBuf) < 0) { runError(msqlErrMsg); exit(1); } res2 = msqlStoreResult(); row = msqlFetchRow(res); printf("

"); printf("

Add Group Members

\n"); printf("


\n"); printf("

\n"); printf("\n",urlNS); printf("", group); printf(""); printf("

"); sendFooter(); exit(1); } /* ** Delete group option */ if (strcmp(action, "DELETE") == 0) { char *group; group = getVariable("group_name"); if (!group) { runError("Missing group name"); exit(1); } /* Get all the current group members */ sprintf(qBuf, "select uname from group_members where group='%s' and namespace='%s'", group, curNS); if (msqlQuery(sock, qBuf) < 0) { runError(msqlErrMsg); exit(1); } res = msqlStoreResult(); printf(""); printf("

Delete Group Members

\n"); printf("


\n"); printf("\n",urlNS); printf("", group); printf(""); printf("

"); printf("

\n"); sendFooter(); } /* ** Edit group option */ if (strcmp(action, "EDIT") == 0) { char *group, *oldGroup; group = getVariable("group_name"); if (!group) { runError("Missing group name"); exit(1); } oldGroup = (char *)strdup(group); group = msqlEscape(group); sprintf(qBuf, "select descr from groups where group ='%s' and namespace='%s'", group, curNS); if (msqlQuery(sock, qBuf) < 0) { runError(msqlErrMsg); exit(1); } res = msqlStoreResult(); row = msqlFetchRow(res); if (!row) { runError("Unknown group!"); exit(1); } printf("

"); printf("\n",urlNS); printf("

Edit Group

\n"); printf("
\n"); printf("\n"); printf("\n", oldGroup); printf("\n", row[0]); printf("", oldGroup); /* Current admins */ sprintf(qBuf,"select uname from group_admin where group='%s' and namespace='%s'", group, curNS); if (msqlQuery(sock, qBuf) < 0) { runError(msqlErrMsg); exit(1); } res = msqlStoreResult(); row = msqlFetchRow(res); printf("\n"); /* New admins */ sprintf(qBuf,"select uname from users where level > 0"); if (msqlQuery(sock, qBuf) < 0) { runError(msqlErrMsg); exit(1); } res2 = msqlStoreResult(); row2 = msqlFetchRow(res2); printf("\n"); printf("
Group name\n"); printf("
Description\n"); printf("
Delete Admins\n"); printf("
Add Admins\n"); printf("
\n"); printf("

"); printf("

\n"); sendFooter(); exit(1); } } /************************************************************************** *************************************************************************** ** Privilege Management Routines ** */ privilegeManagementAction(opt) char *opt[]; { m_result *res; m_row row; /* ** Edit Priv */ if (strcmp(opt[1],"EP") == 0) { char *uname, *space; int level; printf("

Edit Privilege

\n"); printf("


\n"); printf("

\n"); printf("

\n"); uname = getVariable("UNAME"); space = getVariable("SPACE"); if (!uname || !space) { runError("Missing data!"); exit(1); } sprintf(qBuf, "select level from perms where namespace='%s' and uname='%s'", space, uname); if (msqlQuery(sock,qBuf) < 0) { runError(msqlErrMsg); exit(1); } res = msqlStoreResult(); row = msqlFetchRow(res); level = atoi(row[0]); printf("


Edit privileges for user '%s' in '%s'


\n", uname, space); printf("

"); printf("\n",urlNS); printf("\n",uname); printf("\n",space); printf("\n"); printf("\n"); printf("\n", (level & AUTH_UM)?"CHECKED":""); printf("\n"); printf("\n", (level & AUTH_AM)?"CHECKED":""); printf("\n"); printf("\n", (level & AUTH_GM)?"CHECKED":""); printf("\n"); printf("\n", (level & AUTH_MM)?"CHECKED":""); printf("\n"); printf("\n", (level & AUTH_PM)?"CHECKED":""); printf("\n"); printf("\n", (level & AUTH_NM)?"CHECKED":""); printf("
User Management
Area Management
Group Management
Group Member Management
Privilege Management
Namespace Management
\n"); printf("

\n"); sendFooter(); exit(0); } /* ** Update Priv */ if (strcmp(opt[1],"UP") == 0) { char *uname, *space, *up, *ap, *gp, *gmp, *pp, *np; int level; printf("

Edit Privilege

\n"); printf("


\n"); printf("

\n"); printf("

\n"); uname = getVariable("UNAME"); space = getVariable("SPACE"); up = getVariable("USER_P"); ap = getVariable("AREA_P"); gp = getVariable("GROUP_P"); gmp = getVariable("MEM_P"); pp = getVariable("PRIV_P"); np = getVariable("NAME_P"); if (!uname || !space ) { runError("Missing data!"); exit(1); } level = 0; if (up) level |= AUTH_UM; if (ap) level |= AUTH_AM; if (gp) level |= AUTH_GM; if (gmp) level |= AUTH_MM; if (pp) level |= AUTH_PM; if (np) level |= AUTH_NM; sprintf(qBuf, "update perms set level=%d where namespace='%s' and uname='%s'", level, space, uname); if (msqlQuery(sock,qBuf) < 0) { runError(msqlErrMsg); exit(1); } printf("

User updated


\n"); printf("Return to menu"); exit(0); } } privilegeManagement(opt) char *opt[]; { m_result *res; m_row row; char *action; /* ** Check authority etc */ if (!curNS) { sendOkHeader(); printf("


Missing Namespace. Exiting


\n"); sendFooter(); exit(1); } checkAuth(AUTH_PM); sendOkHeader(); /* ** Is this an action from a previous PM screen? */ if (opt[1] != NULL) { privilegeManagementAction(opt); } /* ** OK, it's a config screen. Work out which one and do the ** right thing. */ action = getVariable("ACTION"); /* Privilege Management Menu */ if (action == NULL) { printf("

Privilege Management

\n"); printf("


\n"); printf("

\n"); printf("

\n"); printf("

"); printf("\n",urlNS); printf("\n

"); printf("\n"); printf("\n"); printf("
\n"); printf("
\n"); printf("		\n"); printf("
\n"); printf("\n"); printf("
\n"); printf("		\n"); printf("\n"); printf("

\n"); printf("

\n"); printf("
"); printf("Return to Main Menu"); printf("\n"); printf("

\n"); sendFooter(); exit(1); } /* ** View privileged user option */ if (strcmp(action, "VIEW") == 0) { char *uname; int level; printf("

View Privileged User

\n"); printf("




\n"); printf("

\n"); uname = getVariable("uname"); if (!uname) { runError("Missing username"); exit(1); } uname = msqlEscape(uname); sprintf(qBuf, "select full_name from users where uname='%s'", uname); if (msqlQuery(sock, qBuf) < 0) { runError(msqlErrMsg); exit(1); } res = msqlStoreResult(); row = msqlFetchRow(res); if (!row) { runError("Unknown user!"); exit(1); } printf("\n"); printf("\n",uname); printf("\n",row[0]); printf("
Username%s
Full Name%s

\n"); msqlFreeResult(res); sprintf(qBuf, "select namespace, level from perms where uname='%s'", uname); if (msqlQuery(sock,qBuf) < 0) { runError(msqlErrMsg); exit(1); } printf("\n"); printf(""); printf("\n"); res = msqlStoreResult(); row = msqlFetchRow(res); while(row) { level = atoi(row[1]); printf("\n", row[0], (level & AUTH_UM)?"Yes":"No"); printf("\n", (level & AUTH_AM)?"Yes":"No"); printf("\n", (level & AUTH_GM)?"Yes":"No"); printf(""); printf("\n", (level & AUTH_MM)?"Yes":"No"); printf(""); printf("\n", (level & AUTH_PM)?"Yes":"No"); printf(""); printf("\n", (level & AUTH_NM)?"Yes":"No"); printf("\n"); row = msqlFetchRow(res); } msqlFreeResult(res); printf("
NamespacePrivilegeAccess
%sUser%s
Area%s
Group%s
Group Member%s
Privilege%s
Namespace%s
\n"); sendFooter(); exit(1); } /* ** Edit privileged user option */ if (strcmp(action, "EDIT") == 0) { char *uname; int level; uname = getVariable("uname"); if (!uname) { runError("Missing username"); exit(1); } sprintf(qBuf,"select full_name from users where uname='%s'", uname); if (msqlQuery(sock, qBuf) < 0) { runError(msqlErrMsg); exit(1); } res = msqlStoreResult(); row = msqlFetchRow(res); if (!row) { runError("Unknown user!"); exit(1); } msqlFreeResult(res); /* ** List the namespaces that this person is AUTH for */ sprintf(qBuf,"select namespace from perms where uname='%s'", uname); if (msqlQuery(sock, qBuf) < 0) { runError(msqlErrMsg); exit(1); } res = msqlStoreResult(); row = msqlFetchRow(res); if (!row) { printf("


\n"); printf("This user is not an admin for any namespace!"); printf("

\n"); sendFooter(); exit(0); } printf("
"); printf("

Edit Privileges

\n"); printf("

Select a namespace

\n"); printf("


\n"); printf("", urlNS); printf("", uname); printf("\n"); printf("

"); printf("

\n"); sendFooter(); exit(1); } } main(argc,argv) int argc; char *argv[]; { int index; char *auth, *options, *opt[5], *tok; chdir("/tmp"); /* ** Make sure we have an authenticated user */ auth = (char *)getenv("HTTP_AUTHORIZATION"); if (auth) { if (*auth == 0) auth = NULL; } if (!auth) { sendAuthHeader("No Auth Info"); exit(0); } /* ** Work out what we are here for */ parseArgs(); tok = (char *)getVariable("NS"); if (tok) curNS = (char *)strdup(tok); else curNS = (char *)strdup("SuperUser"); urlNS = (char *)strdup(HTEscape(curNS)); options = (char *)getenv("PATH_INFO"); if (options) { if (*options == 0 || (*options == '/' && *(options+1)==0)) options = NULL; } if (!options) { sendIntro(); exit(0); } tok = (char *)strtok(options,"/"); index = 0; opt[0] = opt[1] = opt[2] = opt[3] = opt[4] = NULL; while(tok) { opt[index] = tok; tok = (char *)strtok(NULL,"/"); index++; if (index > 5) { sendOkHeader(); runError("Bad option specification"); sendFooter(); exit(1); } } /* ** Split off to the specified option */ if (!opt[0]) { sendIntro(); exit(0); } if (strcmp(opt[0],"MENU") == 0) { if (strcmp(curNS,"SuperUser") == 0) sendSuperUserMenu(); else sendMainMenu(); exit(0); } if (strcmp(opt[0],"LO") == 0) { logOut(opt); exit(0); } if (strcmp(opt[0],"NM") == 0) { namespaceManagement(opt); exit(0); } if (strcmp(opt[0],"UM") == 0) { userManagement(opt); exit(0); } if (strcmp(opt[0],"AM") == 0) { areaManagement(opt); exit(0); } if (strcmp(opt[0],"GM") == 0) { groupManagement(opt); exit(0); } if (strcmp(opt[0],"MM") == 0) { memberManagement(opt); exit(0); } if (strcmp(opt[0],"PM") == 0) { privilegeManagement(opt); exit(0); } sendOkHeader(); printf("

\nDATA = '%s'\n
",options); sendMainMenu(); }