From: adamch <adamch>
Date: Sun, 11 Nov 2007 20:34:39 +0000 (+0000)
Subject: Certificate requests
X-Git-Url: https://git.hcoop.net/hcoop/zz_old/portal.git/commitdiff_plain/d6e189f0fcedbb040189379c7cc67d7eeefc0315

Certificate requests
---

diff --git a/cert.mlt b/cert.mlt
new file mode 100644
index 0000000..58933db
--- /dev/null
+++ b/cert.mlt
@@ -0,0 +1,148 @@
+<% @header [("title", ["SSL certificate permission requests"])];
+
+val admin = Group.inGroupName "server";
+
+if $"new" <> "" then
+        if $"kind" = "cert" then
+	   if $"req" <> "" then
+	      %><h3>You filled data in next to a textbox but didn't check the radio button next to it.</h3><%
+	   else
+              val cert = $"cert";
+	      val msg = $"msg";
+
+	      %>Are you sure you want to ask for permissions on an SSL certificate at <% cert %>?<br><br>
+	      <a href="cert?cmd=request&req=Certificate+<% cert %>&msg=<% Web.urlEncode msg %>">Yes, I want to request that.</a><%
+	   end
+	 else
+	   if $"cert" <> "" then
+	      %><h3>You filled data in next to a textbox but didn't check the radio button next to it.</h3><%
+	   else
+              val req = $"req";
+	      val msg = $"msg";
+
+	      %>Are you sure you want to ask for permissions on an SSL certificate to be created from an OpenSSL request at <% req %>?<br><br>
+	      <a href="cert?cmd=request&req=OpenSSL+request+<% req %>&msg=<% Web.urlEncode msg %>">Yes, I want to request that.</a><%
+	   end
+	 end
+
+elseif $"cmd" = "request" then
+	val id = Cert.add (Init.getUserId (), $"req", $"msg");
+	if not (Cert.notifyNew id) then
+		%><h3>Error sending e-mail notification</h3><%
+	end
+	%><h3>Request added</h3><%
+
+elseif $"cmd" = "open" then
+	%><h3>Open requests</h3>
+	<a href="cert?cmd=list">List all requests</a><%
+
+	foreach (name, req) in Cert.listOpen () do %>
+<br><hr><br>
+<table class="blanks">
+<tr> <td>By:</td> <td><a href="user?id=<% #usr req %>"><% name %></a></td> </tr>
+<tr> <td>Time:</td> <td><% #stamp req %></td> </tr>
+<tr> <td>Request:</td> <td><% #data req %></td> </tr>
+<tr> <td>Reason:</td> <td><% Web.html (#msg req) %></td> </tr>
+</table>
+
+<% if admin then %>
+	<br>
+	<a href="cert?mod=<% #id req %>">[Modify]</a>
+	<a href="cert?del=<% #id req %>">[Delete]</a><br>
+	To install, run: <i>tell adamc what text to put here</i>.
+<% end %>
+
+<%	end
+
+elseif $"cmd" = "list" then
+	%><h3>All requests</h3><%
+
+	foreach (name, req) in Cert.list () do %>
+<br><hr><br>
+<table class="blanks">
+<tr> <td>By:</td> <td><a href="user?id=<% #usr req %>"><% name %></a></td> </tr>
+<tr> <td>Time:</td> <td><% #stamp req %></td> </tr>
+<tr> <td>Request:</td> <td><% #data req %></td> </tr>
+<tr> <td>Reason:</td> <td><% Web.html (#msg req) %></td> </tr>
+</table>
+
+<% if admin then %>
+	<br>
+	<a href="cert?mod=<% #id req %>">[Modify]</a>
+	<a href="cert?del=<% #id req %>">[Delete]</a>
+<% end %>
+
+<%	end
+
+elseif $"mod" <> "" then
+	Group.requireGroupName "server";
+	val id = Web.stoi ($"mod");
+	val req = Cert.lookup id;
+	val user = Init.lookupUser (#usr req) %>
+<h3>Handle request</h3>
+
+<form method="post">
+<input type="hidden" name="save" value="<% id %>">
+<table class="blanks">
+<tr> <td>Requestor:</td> <td><a href="user?id=<% #usr req %>"><% #name user %></a></td> </tr>
+<tr> <td>Time:</td> <td><% #stamp req %></td> </tr>
+<tr> <td>Status:</td> <td><select name="status">
+	<option value="0"<% if #status req = Cert.NEW then %> selected<% end %>>New</option>
+	<option value="1"<% if #status req = Cert.INSTALLED then %> selected<% end %>>Installed</option>
+	<option value="2"<% if #status req = Cert.REJECTED then %> selected<% end %>>Rejected</option>
+</select></td> </tr>
+<tr> <td>Request:</td> <td><input name="req" size="60" value="<% Web.html (#data req) %>"></td> </tr>
+<tr> <td>Message:</td> <td><textarea name="msg" rows="10" cols="80" wrap="soft"><% Web.html (#msg req) %></textarea></td> </tr>
+<tr> <td><input type="submit" value="Save"></td> </tr>
+</table>
+</form>
+
+<% elseif $"save" <> "" then
+	Group.requireGroupName "server";
+	val id = Web.stoi ($"save");
+	val req = Cert.lookup id;
+	val oldStatus = #status req;
+	val newStatus = Cert.statusFromInt (Web.stoi ($"status"));
+	Cert.modify {req with data = $"req", msg = $"msg", status = newStatus};
+	if oldStatus <> newStatus then
+		if not (Cert.notifyMod (oldStatus, newStatus, Init.getUserName(), id)) then
+			%><h3>Error sending e-mail notification</h3><%
+		end
+	end
+	%><h3>Request modified</h3>
+	Back to: <a href="cert?cmd=open">open requests</a>, <a href="cert?cmd=list">all requests</a>
+
+<% elseif $"del" <> "" then
+	Group.requireGroupName "server";
+	val id = Web.stoi ($"del");
+	val req = Cert.lookup id;
+	val user = Init.lookupUser (#usr req)
+	%><h3>Are you sure you want to delete request by <% #name user %> for <tt><% #data req %></tt>?</h3>
+	<a href="cert?del2=<% id %>">Yes, I'm sure!</a>
+
+<% elseif $"del2" <> "" then
+	Group.requireGroupName "server";
+	val id = Web.stoi ($"del2");
+	Cert.delete id
+	%><h3>Request deleted</b><h3>
+	Back to: <a href="cert?cmd=open">open requests</a>, <a href="cert?cmd=list">all requests</a>
+
+<% else %>
+
+<h3>Request permissions on an SSL certificate</h3>
+
+<p>Use this form to request use Domtool permissions to use an SSL certificate.  Give the location of your certificate request or certificate within <tt>/afs/hcoop.net</tt>.  If you have your own certificate signed by an outside provider like Verisign, then choose the second option and give the path to that certificate.  If you want your certificate authenticated by chaining through HCoop's root certificate, then choose the first option and give the path to an OpenSSL certificate request.</p>
+
+<form method="post">
+<input type="hidden" name="new" value="1">
+<table class="blanks">
+<tr> <td>OpenSSL request: <input type="radio" name="kind" value="req" checked></td> <td><input name="req" size="60"></td> </tr>
+<tr> <td>OpenSSL certificate: <input type="radio" name="kind" value="cert"></td> <td><input name="cert" size="60"></td> </tr>
+<tr> <td>Additional comments:</td> <td><textarea name="msg" rows="5" cols="80" wrap="soft"></textarea></td> </tr>
+<tr> <td><input type="submit" value="Request"></td> </tr>
+</table>
+</form>
+
+<% end %>
+
+<% @footer[] %>
diff --git a/cert.sml b/cert.sml
new file mode 100644
index 0000000..65ed392
--- /dev/null
+++ b/cert.sml
@@ -0,0 +1,12 @@
+structure Cert = Request(struct
+			 val table = "Cert"
+			 val adminGroup = "server"
+			 fun subject _ = "SSL certificate request"
+			 val template = "cert"
+			 val descr = "SSL certificate"
+				      
+			 fun body (mail, data) =
+			     (Mail.mwrite (mail, " Request: ");
+			      Mail.mwrite (mail, data);
+			      Mail.mwrite (mail, "\n"))
+			 end)
diff --git a/ip.mlt b/ip.mlt
index b34929f..edbad91 100644
--- a/ip.mlt
+++ b/ip.mlt
@@ -14,7 +14,7 @@ if $"new" <> "" then
 	<a href="ip?node=<% nodeNum %>&req=<% port %>&msg=<% Web.urlEncode msg %>">Yes, I want to request that.</a>
 
 <% elseif $"req" <> "" then
-	val id = Ip.add {usr = Init.getUserId(), node = nodeNum, data = $"req", msg = $"msg"};
+	val id = Ip.add {usr = Init.getUserId (), node = nodeNum, data = $"req", msg = $"msg"};
 	if not (Ip.notifyNew id) then
 		%><h3>Error sending e-mail notification</h3><%
 	end
diff --git a/tables.sql b/tables.sql
index 1960b2b..12e879f 100644
--- a/tables.sql
+++ b/tables.sql
@@ -328,3 +328,16 @@ CREATE TABLE Ip(
 	FOREIGN KEY (node) REFERENCES WebNode(id) ON DELETE CASCADE);
 
 CREATE SEQUENCE IpSeq START 1;
+
+CREATE TABLE Cert(
+	id INTEGER PRIMARY KEY,
+	usr INTEGER NOT NULL,
+	data TEXT NOT NULL,
+	msg TEXT NOT NULL,
+	status INTEGER NOT NULL,
+	stamp TIMESTAMP NOT NULL,
+	cstamp TIMESTAMP,
+	FOREIGN KEY (usr) REFERENCES WebUser(id) ON DELETE CASCADE,
+	FOREIGN KEY (node) REFERENCES WebNode(id) ON DELETE CASCADE);
+
+CREATE SEQUENCE CertSeq START 1;