summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorroot <root@cacert1.it-sls.de>2012-05-23 07:00:43 +0200
committerroot <root@cacert1.it-sls.de>2012-05-23 07:00:43 +0200
commitf616c86913355198dbda02e94f8015359b557d8e (patch)
treed890f4ab2179e9db4c6b23b90b687d9fb33dafa8
parent425628a5ce78df099f203851a274adbf026f62ab (diff)
parent52041cf90d4306d45767ffc5e5a39fce0b475cf0 (diff)
downloadcacert-devel-f616c86913355198dbda02e94f8015359b557d8e.tar.gz
cacert-devel-f616c86913355198dbda02e94f8015359b557d8e.tar.xz
cacert-devel-f616c86913355198dbda02e94f8015359b557d8e.zip
Merge branch 'bug-1003' of ssh://dirk@git-cacert.it-sls.de/var/cache/git/cacert-devel into bug-1023
-rwxr-xr-xscripts/cron/permissionreview.php171
-rwxr-xr-xscripts/resetpermissions.php57
2 files changed, 200 insertions, 28 deletions
diff --git a/scripts/cron/permissionreview.php b/scripts/cron/permissionreview.php
index 572c1fd..0f2fc2e 100755
--- a/scripts/cron/permissionreview.php
+++ b/scripts/cron/permissionreview.php
@@ -21,19 +21,71 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
require_once(dirname(__FILE__).'/../../includes/mysql.php');
$BOARD_PRIVATE = 'cacert-board-private@lists.cacert.org';
+$ASSURANCE_OFFICER = 'ao@cacert.org';
+$ORGANISATION_ASSURANCE_OFFICER = 'oao@cacert.org';
+
+//defines to whom to send the lists
$flags = array(
- 'admin' => 'Support Engineer',
- 'orgadmin' => 'Organisation Assurer',
- 'board' => 'Board Member',
- 'ttpadmin' => 'Trusted Third Party Admin',
- 'tverify' => 'Tverify Admin',
- 'locadmin' => 'Location Admin'
+ 'admin' => array(
+ 'name' => 'Support Engineer',
+ 'own' => false, //Don't send twice
+ 'board' => true,
+ 'support' => true,
+ 'ao' => false,
+ 'oao' => false
+ ),
+
+ 'orgadmin' => array(
+ 'name' => 'Organisation Assurer',
+ 'own' => true,
+ 'board' => true,
+ 'support' => true,
+ 'ao' => true,
+ 'oao' => true
+ ),
+
+ 'board' => array(
+ 'name' => 'Board Member',
+ 'own' => false,
+ 'board' => true,
+ 'support' => true,
+ 'ao' => true,
+ 'oao' => false
+ ),
+
+ 'ttpadmin' => array(
+ 'name' => 'Trusted Third Party Admin',
+ 'own' => true,
+ 'board' => true,
+ 'support' => true,
+ 'ao' => true,
+ 'oao' => true
+ ),
+
+ 'tverify' => array(
+ 'name' => 'Tverify Admin',
+ 'own' => false,
+ 'board' => true,
+ 'support' => true,
+ 'ao' => true,
+ 'oao' => false
+ ),
+
+ 'locadmin' => array(
+ 'name' => 'Location Admin',
+ 'own' => false,
+ 'board' => true,
+ 'support' => true,
+ 'ao' => false,
+ 'oao' => false
+ ),
);
-$adminlist = array();
-foreach ($flags as $flag => $description) {
+// Build up list of various admins
+$adminlist = array();
+foreach ($flags as $flag => $flag_properties) {
$query = "select `fname`, `lname`, `email` from `users` where `$flag` = 1";
if(! $res = mysql_query($query) ) {
fwrite(STDERR,
@@ -45,52 +97,64 @@ foreach ($flags as $flag => $description) {
continue;
}
- $admins = array();
- $adminlist[$flag] = "";
+ $adminlist[$flag] = array();
while ($row = mysql_fetch_assoc($res)) {
- $admins[] = $row;
- $adminlist[$flag] .= "$row[fname] $row[lname] $row[email]\n";
+ $adminlist[$flag][] = $row;
}
- foreach ($admins as $admin) {
- $message = <<<EOF
+
+ // Send mail to admins of this group if 'own' is set
+ if ($flag_properties['own']) {
+ foreach ($adminlist[$flag] as $admin) {
+ $message = <<<EOF
Hello $admin[fname],
-you get this message, because you are listed as $description on
+you get this message, because you are listed as $flag_properties[name] on
CAcert.org. Please review the following list of persons with the same privilege
and report to the responsible team leader or board
($BOARD_PRIVATE) if you spot any errors.
-$adminlist[$flag]
+
+EOF;
+
+ foreach ($adminlist[$flag] as $colleague) {
+ $message .= "$colleague[fname] $colleague[lname] $colleague[email]\n";
+ }
+
+ $message .= <<<EOF
Best Regards,
CAcert Support
EOF;
- sendmail($admin['email'], "Permissions Review", $message, 'support@cacert.org');
+
+ sendmail($admin['email'], "Permissions Review", $message, 'support@cacert.org');
+ }
}
}
+// Send to support engineers
$message = <<<EOF
-Dear Board Members,
+Dear Support Engineers,
it's time for the permission review again. Here is the list of privileged users
-in the CAcert web application. Please review them and also ask the persons
-responsible for an up-to-date copy of access lists not directly recorded in the
-web application (critical admins, software assessors etc.)
+in the CAcert web application. Please review them.
EOF;
-foreach ($flags as $flag => $description) {
- $message .= <<<EOF
-List of ${description}s:
-$adminlist[$flag]
-
-EOF;
+foreach ($flags as $flag => $flag_properties) {
+ if ($flag_properties['support']) {
+ $message .= "List of $flag_properties[name]s:\n\n";
+ foreach ($adminlist[$flag] as $colleague) {
+ $message .= "$colleague[fname] $colleague[lname] $colleague[email]\n";
+ }
+
+ $message .= "\n\n";
+ }
}
$message .= <<<EOF
@@ -99,4 +163,55 @@ Best Regards,
CAcert Support
EOF;
-sendmail($BOARD_PRIVATE, "Permissions Review", $message, 'support@cacert.org');
+foreach ($adminlist['admin'] as $support_engineer) {
+ sendmail(
+ $support_engineer['email'],
+ "Permissions Review",
+ $message,
+ 'support@cacert.org');
+}
+
+
+// Send to one-email addresses
+foreach (array(
+ 'ao' => array(
+ 'description' => 'Assurance Officer',
+ 'email' => $ASSURANCE_OFFICER),
+ 'oao' => array(
+ 'description' => 'Organisation Assurance Officer',
+ 'email' => $ORGANISATION_ASSURANCE_OFFICER),
+ 'board' => array(
+ 'description' => 'Board Members',
+ 'email' => $BOARD_PRIVATE)
+ ) as $key => $values) {
+ $message = <<<EOF
+Dear $values[description],
+
+it's time for the permission review again. Here is the list of privileged users
+in the CAcert web application. Please review them and also ask the persons
+responsible for an up-to-date copy of access lists not directly recorded in the
+web application (critical admins, software assessors etc.)
+
+
+
+EOF;
+
+ foreach ($flags as $flag => $flag_properties) {
+ if ($flag_properties[$key]) {
+ $message .= "List of $flag_properties[name]s:\n\n";
+ foreach ($adminlist[$flag] as $colleague) {
+ $message .= "$colleague[fname] $colleague[lname] $colleague[email]\n";
+ }
+ $message .= "\n\n";
+ }
+ }
+
+ $message .= <<<EOF
+
+
+Best Regards,
+CAcert Support
+EOF;
+
+ sendmail($values['email'], "Permissions Review", $message, 'support@cacert.org');
+}
diff --git a/scripts/resetpermissions.php b/scripts/resetpermissions.php
new file mode 100755
index 0000000..055e36a
--- /dev/null
+++ b/scripts/resetpermissions.php
@@ -0,0 +1,57 @@
+#!/usr/bin/php -q
+<?php
+/*
+LibreSSL - CAcert web application
+Copyright (C) 2004-2012 CAcert Inc.
+
+This program is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; version 2 of the License.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program; if not, write to the Free Software
+Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/
+
+require_once(dirname(__FILE__).'/../includes/mysql.php');
+
+$flags = array('board', 'tverify');
+
+foreach ($flags as $flag) {
+ echo "Resetting $flag flag:\n";
+ $query = "select `id`, `fname`, `lname`, `email` from `users`
+ where `$flag` = 1";
+ if(! $res = mysql_query($query) ) {
+ fwrite(STDERR,
+ "MySQL query for flag $flag failed:\n".
+ "\"$query\"\n".
+ mysql_error()
+ );
+
+ continue;
+ }
+
+ while ($row = mysql_fetch_assoc($res)) {
+ echo "$row[fname] $row[lname] $row[email]";
+
+ $update = "update `users` set `$flag` = 0 where `id` = $row[id]";
+ if(! $res2 = mysql_query($update) ) {
+ echo " NOT RESET!!!\n";
+ fwrite(STDERR,
+ "MySQL query for $flag flag reset on user $row[id] failed:\n".
+ "\"$update\"\n".
+ mysql_error()
+ );
+
+ } else {
+ echo " reset.\n";
+ }
+ }
+
+ echo "\n\n";
+} \ No newline at end of file