2012-03-29 14:24:05 +00:00
|
|
|
#!/usr/bin/php -q
|
|
|
|
|
<?php
|
|
|
|
|
/*
|
|
|
|
|
LibreSSL - CAcert web application
|
|
|
|
|
Copyright (C) 2004-2012 CAcert Inc.
|
|
|
|
|
|
|
|
|
|
This program is free software; you can redistribute it and/or modify
|
|
|
|
|
it under the terms of the GNU General Public License as published by
|
|
|
|
|
the Free Software Foundation; version 2 of the License.
|
|
|
|
|
|
|
|
|
|
This program is distributed in the hope that it will be useful,
|
|
|
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
|
GNU General Public License for more details.
|
|
|
|
|
|
|
|
|
|
You should have received a copy of the GNU General Public License
|
|
|
|
|
along with this program; if not, write to the Free Software
|
|
|
|
|
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
require_once(dirname(__FILE__).'/../../includes/mysql.php');
|
|
|
|
|
|
|
|
|
|
$BOARD_PRIVATE = 'cacert-board-private@lists.cacert.org';
|
2012-06-21 15:24:46 +00:00
|
|
|
$ASSURANCE_OFFICER = 'ao@cacert.org';
|
|
|
|
|
$ORGANISATION_ASSURANCE_OFFICER = 'oao@cacert.org';
|
2012-03-29 14:24:05 +00:00
|
|
|
|
2012-06-21 15:24:46 +00:00
|
|
|
|
|
|
|
|
//defines to whom to send the lists
|
2012-03-29 14:24:05 +00:00
|
|
|
$flags = array(
|
2012-06-21 15:24:46 +00:00
|
|
|
'admin' => array(
|
|
|
|
|
'name' => 'Support Engineer',
|
|
|
|
|
'own' => false, //Don't send twice
|
|
|
|
|
'board' => true,
|
|
|
|
|
'support' => true,
|
|
|
|
|
'ao' => false,
|
|
|
|
|
'oao' => false
|
|
|
|
|
),
|
|
|
|
|
|
|
|
|
|
'orgadmin' => array(
|
|
|
|
|
'name' => 'Organisation Assurer',
|
|
|
|
|
'own' => true,
|
|
|
|
|
'board' => true,
|
|
|
|
|
'support' => true,
|
|
|
|
|
'ao' => true,
|
|
|
|
|
'oao' => true
|
|
|
|
|
),
|
|
|
|
|
|
|
|
|
|
'board' => array(
|
|
|
|
|
'name' => 'Board Member',
|
|
|
|
|
'own' => false,
|
|
|
|
|
'board' => true,
|
|
|
|
|
'support' => true,
|
|
|
|
|
'ao' => true,
|
|
|
|
|
'oao' => false
|
|
|
|
|
),
|
|
|
|
|
|
|
|
|
|
'ttpadmin' => array(
|
|
|
|
|
'name' => 'Trusted Third Party Admin',
|
|
|
|
|
'own' => true,
|
|
|
|
|
'board' => true,
|
|
|
|
|
'support' => true,
|
|
|
|
|
'ao' => true,
|
|
|
|
|
'oao' => true
|
|
|
|
|
),
|
|
|
|
|
|
|
|
|
|
'tverify' => array(
|
|
|
|
|
'name' => 'Tverify Admin',
|
|
|
|
|
'own' => false,
|
|
|
|
|
'board' => true,
|
|
|
|
|
'support' => true,
|
|
|
|
|
'ao' => true,
|
|
|
|
|
'oao' => false
|
|
|
|
|
),
|
|
|
|
|
|
|
|
|
|
'locadmin' => array(
|
|
|
|
|
'name' => 'Location Admin',
|
|
|
|
|
'own' => false,
|
|
|
|
|
'board' => true,
|
|
|
|
|
'support' => true,
|
|
|
|
|
'ao' => false,
|
|
|
|
|
'oao' => false
|
|
|
|
|
),
|
2012-03-29 14:24:05 +00:00
|
|
|
);
|
|
|
|
|
|
|
|
|
|
|
2012-06-21 15:24:46 +00:00
|
|
|
// Build up list of various admins
|
|
|
|
|
$adminlist = array();
|
|
|
|
|
foreach ($flags as $flag => $flag_properties) {
|
2012-03-29 14:24:05 +00:00
|
|
|
$query = "select `fname`, `lname`, `email` from `users` where `$flag` = 1";
|
|
|
|
|
if(! $res = mysql_query($query) ) {
|
|
|
|
|
fwrite(STDERR,
|
|
|
|
|
"MySQL query for flag $flag failed:\n".
|
|
|
|
|
"\"$query\"\n".
|
|
|
|
|
mysql_error()
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
|
2012-06-21 15:24:46 +00:00
|
|
|
$adminlist[$flag] = array();
|
2012-03-29 14:24:05 +00:00
|
|
|
|
|
|
|
|
while ($row = mysql_fetch_assoc($res)) {
|
2012-06-21 15:24:46 +00:00
|
|
|
$adminlist[$flag][] = $row;
|
2012-03-29 14:24:05 +00:00
|
|
|
}
|
|
|
|
|
|
2012-06-21 15:24:46 +00:00
|
|
|
|
|
|
|
|
// Send mail to admins of this group if 'own' is set
|
|
|
|
|
if ($flag_properties['own']) {
|
|
|
|
|
foreach ($adminlist[$flag] as $admin) {
|
|
|
|
|
$message = <<<EOF
|
2012-03-29 14:24:05 +00:00
|
|
|
Hello $admin[fname],
|
|
|
|
|
|
2012-06-21 15:24:46 +00:00
|
|
|
you get this message, because you are listed as $flag_properties[name] on
|
2012-03-29 14:24:05 +00:00
|
|
|
CAcert.org. Please review the following list of persons with the same privilege
|
|
|
|
|
and report to the responsible team leader or board
|
|
|
|
|
($BOARD_PRIVATE) if you spot any errors.
|
|
|
|
|
|
2012-06-21 15:24:46 +00:00
|
|
|
|
|
|
|
|
EOF;
|
|
|
|
|
|
|
|
|
|
foreach ($adminlist[$flag] as $colleague) {
|
|
|
|
|
$message .= "$colleague[fname] $colleague[lname] $colleague[email]\n";
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$message .= <<<EOF
|
2012-03-29 14:24:05 +00:00
|
|
|
|
|
|
|
|
|
|
|
|
|
Best Regards,
|
|
|
|
|
CAcert Support
|
|
|
|
|
EOF;
|
2012-06-21 15:24:46 +00:00
|
|
|
|
|
|
|
|
sendmail($admin['email'], "Permissions Review", $message, 'support@cacert.org');
|
|
|
|
|
}
|
2012-03-29 14:24:05 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2012-06-21 15:24:46 +00:00
|
|
|
// Send to support engineers
|
2012-03-29 14:24:05 +00:00
|
|
|
$message = <<<EOF
|
2012-06-21 15:24:46 +00:00
|
|
|
Dear Support Engineers,
|
2012-03-29 14:24:05 +00:00
|
|
|
|
|
|
|
|
it's time for the permission review again. Here is the list of privileged users
|
2012-06-21 15:24:46 +00:00
|
|
|
in the CAcert web application. Please review them.
|
2012-03-29 14:24:05 +00:00
|
|
|
|
|
|
|
|
|
|
|
|
|
EOF;
|
|
|
|
|
|
2012-06-21 15:24:46 +00:00
|
|
|
foreach ($flags as $flag => $flag_properties) {
|
|
|
|
|
if ($flag_properties['support']) {
|
|
|
|
|
$message .= "List of $flag_properties[name]s:\n\n";
|
|
|
|
|
foreach ($adminlist[$flag] as $colleague) {
|
|
|
|
|
$message .= "$colleague[fname] $colleague[lname] $colleague[email]\n";
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$message .= "\n\n";
|
|
|
|
|
}
|
2012-03-29 14:24:05 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$message .= <<<EOF
|
|
|
|
|
|
|
|
|
|
Best Regards,
|
|
|
|
|
CAcert Support
|
|
|
|
|
EOF;
|
|
|
|
|
|
2012-06-21 15:24:46 +00:00
|
|
|
foreach ($adminlist['admin'] as $support_engineer) {
|
|
|
|
|
sendmail(
|
|
|
|
|
$support_engineer['email'],
|
|
|
|
|
"Permissions Review",
|
|
|
|
|
$message,
|
|
|
|
|
'support@cacert.org');
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
// Send to one-email addresses
|
|
|
|
|
foreach (array(
|
|
|
|
|
'ao' => array(
|
|
|
|
|
'description' => 'Assurance Officer',
|
|
|
|
|
'email' => $ASSURANCE_OFFICER),
|
|
|
|
|
'oao' => array(
|
|
|
|
|
'description' => 'Organisation Assurance Officer',
|
|
|
|
|
'email' => $ORGANISATION_ASSURANCE_OFFICER),
|
|
|
|
|
'board' => array(
|
|
|
|
|
'description' => 'Board Members',
|
|
|
|
|
'email' => $BOARD_PRIVATE)
|
|
|
|
|
) as $key => $values) {
|
|
|
|
|
$message = <<<EOF
|
|
|
|
|
Dear $values[description],
|
|
|
|
|
|
|
|
|
|
it's time for the permission review again. Here is the list of privileged users
|
|
|
|
|
in the CAcert web application. Please review them and also ask the persons
|
|
|
|
|
responsible for an up-to-date copy of access lists not directly recorded in the
|
|
|
|
|
web application (critical admins, software assessors etc.)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
EOF;
|
|
|
|
|
|
|
|
|
|
foreach ($flags as $flag => $flag_properties) {
|
|
|
|
|
if ($flag_properties[$key]) {
|
|
|
|
|
$message .= "List of $flag_properties[name]s:\n\n";
|
|
|
|
|
foreach ($adminlist[$flag] as $colleague) {
|
|
|
|
|
$message .= "$colleague[fname] $colleague[lname] $colleague[email]\n";
|
|
|
|
|
}
|
|
|
|
|
$message .= "\n\n";
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$message .= <<<EOF
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Best Regards,
|
|
|
|
|
CAcert Support
|
|
|
|
|
EOF;
|
|
|
|
|
|
|
|
|
|
sendmail($values['email'], "Permissions Review", $message, 'support@cacert.org');
|
|
|
|
|
}
|
