mirror/ssh-key-authority
1
0
Fork 0
mirror of https://github.com/operasoftware/ssh-key-authority.git synced 2025-12-21 12:39:30 -06:00
Code Issues Packages Projects Releases Wiki Activity

Initial public commit

Browse Source
This commit is contained in:
Thomas Pike
2017-06-06 16:07:08 +02:00
commit b464e14873
144 changed files with 23448 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
.gitignore vendored Normal file
View File

@@ -0,0 +1,4 @@
config/config.ini
config/keys-sync
config/keys-sync.pub
extensions/*.php

201
LICENSE Normal file
View File

@@ -0,0 +1,201 @@
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "{}"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright {yyyy} {name of copyright owner}
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

82
NOTICE Normal file
View File

@@ -0,0 +1,82 @@
NOTICE
Copyright 2013-2017 Opera Software AS
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
THIRD PARTY ACKNOWLEDGEMENTS
Component: Bootstrap Framework
The MIT License (MIT)
Copyright (c) 2011-2017 Twitter, Inc.
Copyright (c) 2011-2017 The Bootstrap Authors
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in
all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE.
Component: jQuery Javascript Library
Copyright JS Foundation and other contributors, https://js.foundation/
This software consists of voluntary contributions made by many
individuals. For exact contribution history, see the revision history
available at https://github.com/jquery/jquery
The following license applies to all parts of this software except as
documented below:
====
Permission is hereby granted, free of charge, to any person obtaining
a copy of this software and associated documentation files (the
"Software"), to deal in the Software without restriction, including
without limitation the rights to use, copy, modify, merge, publish,
distribute, sublicense, and/or sell copies of the Software, and to
permit persons to whom the Software is furnished to do so, subject to
the following conditions:
The above copyright notice and this permission notice shall be
included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
====
All files located in the node_modules and external directories are
externally maintained libraries used by this software which have their
own licenses; we recommend you read them, as their terms may differ from
the terms above.

112
README.md Normal file
View File

@@ -0,0 +1,112 @@
SKA - SSH Key Authority
=======================
A tool for managing user and server SSH access to any number of servers.
Features
--------
* Easily manage SSH key access for all accounts on your servers.
* Manage user access and server-to-server access rules.
* Integrate with your LDAP directory service for user authorization.
* Provides an easy interface for your users to upload their public keys.
* Designate server administrators and let them manage access to their own server.
* Create group-based access rules for easier management.
* Specify SSH access options such as `command=`, `nopty` etc on your access rules.
* All access changes are logged to the database and to the system logs. Granting of access is also reported by email.
* Be notified when a server becomes orphaned (has no active administrators).
Requirements
------------
* Apache 2.2 or higher
* PHP 5.6 or higher
* PHP JSON extension
* PHP LDAP extension
* PHP MySQL extension
* PHP ssh2 extension
* MySQL database
Installation
------------
1. Clone the repo somewhere outside of your default Apache document root.
2. Add the following directives to your Apache configuration (eg. virtual host config):
DocumentRoot /path/to/ska/public_html
DirectoryIndex init.php
FallbackResource /init.php
3. Create a MySQL user and database (run in MySQL shell):
CREATE USER 'ska-user'@'localhost' IDENTIFIED BY 'password';
CREATE DATABASE ska-db;
GRANT ALL ON ska-db.* to 'ska-user';
4. Import database schema (the schema file can be found in the repository):
mysql ska-db < schema.sql
5. Copy the file `config/config-sample.ini` to `config/config.ini` and edit the settings as required.
6. Set up authnz_ldap for your virtual host (or any other authentication module that will pass on an Auth-user
variable to the application).
7. Set `scripts/ldap_update.php` to run on a regular cron job.
8. Generate an SSH key pair to synchronize with. SSH Key Authority will expect to find the files as `config/keys-sync` and `config/keys-sync.pub` for the private and public keys respectively.
8. Install the SSH key synchronization daemon. For systemd:
1. Copy `services/systemd/keys-sync.service` to `/etc/systemd/system/`
2. `systemctl daemon-reload`
3. `systemctl enable keys-sync.service`
for sysv-init:
1. Copy `services/init.d/keys-sync` to `/etc/init.d/`
2. `update-rc.d keys-sync defaults`
Usage
-----
Anyone in the LDAP group defined under `admin_group_cn` in `config/config.ini` will be able to manage accounts and servers.
Key distribution
----------------
SSH Key Authority distributes authorized keys to your servers via SSH. It does this by:
1. Connecting to the server with SSH, authorizing as the `keys-sync` user.
2. Writing the appropriate authorized keys to named user files in `/var/local/keys-sync/` (eg. all authorized keys for the root user will be written to `/var/local/keys-sync/root`).
This means that your SSH installation will need to be reconfigured to read authorized keys from `/var/local/keys-sync/`.
Please note that doing so will deny access to any existing SSH public key authorized in the default `~/.ssh` directories.
Under OpenSSH, the configuration changes needed are:
AuthorizedKeysFile /var/local/keys-sync/%u
StrictModes no
StrictModes must be disabled because the files will all be owned by the keys-sync user.
The file `/var/local/keys-sync/keys-sync` must exist, with the same contents as the `config/keys-sync.pub` file in order for the synchronization daemon to authenticate.
License
-------
Copyright 2013-2017 Opera Software
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

92
config/config-sample.ini Normal file
View File

@@ -0,0 +1,92 @@
; SSH Key Authority config file
[web]
enabled = 1
baseurl = https://ska.example.com
logo = /logo-header-opera.png
; footer may contain HTML. Literal & " < and > should be escaped as &amp; &quot; &lt; $gt;
footer = 'Developed by <a href="https://www.opera.com/">Opera Software</a>.'
[defaults]
; This setting will cause new servers to always have a managed account called "root"
; and for that account to be automatically added into the "root-accounts" group:
;
; account_groups[root] = "root-accounts"
;
; Any number of these can be specified
account_groups[root] = "root-accounts"
[email]
enabled = 1
; The mail address that outgoing mails will be sent from
from_address = ska@example.com
from_name = "SSH Key Authority system"
; Where to mail security notifications to
report_address = reports@example.com
report_name = "SSH Key Authority reports"
; Where users should contact for help
admin_address = admin@example.com
admin_name = "SSH Key Authority administrators"
; You can use the reroute directive to redirect all outgoing mail to a single
; mail address - typically for temporary testing purposes
;reroute = test@example.com
[database]
; Connection details to the MySQL database
hostname = localhost
port = 3306
username = keys
password = password
database = keys
[ldap]
; Address to connect to LDAP server
host = ldaps://ldap.example.com:636
; Use StartTLS for connection security (recommended if using ldap:// instead of ldaps:// above)
starttls = 0
; LDAP subtree containing USER entries
dn_user = "ou=users,dc=example,dc=com"
; LDAP subtree containing GROUP entries
dn_group = "ou=groups,dc=example,dc=com"
; Leave bind_dn empty if binding is not required
bind_dn =
bind_password =
; User attributes
user_id = uid
user_name = cn
user_email = mail
;user_superior = superioremployee
; If inactive users exist in your LDAP directory, filter with the following settings:
; Field to filter on:
;user_active = organizationalstatus
; Use *one* of user_active_true or user_active_false
; user_active_true means user is active if the user_active field equals its value
;user_active_true = 'current'
; user_active_false means user is active if the user_active field does not equal its value
;user_active_false = 'former'
; Group membership attributes. Examples below are for typical setups:
;
; POSIX groups
; group_member = memberUid
; group_member_value = uid
;
; Group-of-names groups
; group_member = member
; group_member_value = dn
;
; Attribute of group where members are stored
group_member = memberUid
; User attribute to compare with
group_member_value = uid
; Members of admin_group are given full admin access to SSH Key Authority web interface
admin_group_cn = ska-administrators
[inventory]
; SSH Key Authority will read the contents of the file /etc/uuid (if it exists) when syncing with a server.
; If a value is found, it can be used as a link to an inventory system.
; %s in the url directive will be replaced with the value found in /etc/uuid
;url = "https://inventory.example.com/device/%s"

207
core.php Normal file
View File

@@ -0,0 +1,207 @@
<?php
##
## Copyright 2013-2017 Opera Software AS
##
## Licensed under the Apache License, Version 2.0 (the "License");
## you may not use this file except in compliance with the License.
## You may obtain a copy of the License at
##
## http://www.apache.org/licenses/LICENSE-2.0
##
## Unless required by applicable law or agreed to in writing, software
## distributed under the License is distributed on an "AS IS" BASIS,
## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
## See the License for the specific language governing permissions and
## limitations under the License.
##
chdir(dirname(__FILE__));
mb_internal_encoding('UTF-8');
date_default_timezone_set('UTC');
set_error_handler('exception_error_handler');
spl_autoload_register('autoload_model');
require('pagesection.php');
$config_file = 'config/config.ini';
if(file_exists($config_file)) {
$config = parse_ini_file($config_file, true);
} else {
throw new Exception("Config file $config_file does not exist.");
}
require('router.php');
require('routes.php');
require('ldap.php');
require('email.php');
$ldap = new LDAP($config['ldap']['host'], $config['ldap']['starttls'], $config['ldap']['bind_dn'], $config['ldap']['bind_password']);
setup_database();
// Convert all non-fatal errors into exceptions
function exception_error_handler($errno, $errstr, $errfile, $errline) {
throw new ErrorException($errstr, $errno, 0, $errfile, $errline);
}
// Autoload needed model files
function autoload_model($classname) {
global $base_path;
$classname = preg_replace('/[^a-z]/', '', strtolower($classname)); # Prevent directory traversal and sanitize name
$filename = path_join($base_path, 'model', $classname.'.php');
if(file_exists($filename)) {
include($filename);
} else {
eval("class $classname {}");
throw new InvalidArgumentException("Attempted to load a class $classname that did not exist.");
}
}
// Setup database connection and models
function setup_database() {
global $config, $database, $driver, $pubkey_dir, $user_dir, $group_dir, $server_dir, $server_account_dir, $event_dir, $sync_request_dir;
try {
$database = new mysqli($config['database']['hostname'], $config['database']['username'], $config['database']['password'], $config['database']['database'], $config['database']['port']);
} catch(ErrorException $e) {
throw new DBConnectionFailedException($e->getMessage());
}
$database->set_charset('utf8mb4');
$driver = new mysqli_driver();
$driver->report_mode = MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT;
$pubkey_dir = new PublicKeyDirectory;
$user_dir = new UserDirectory;
$group_dir = new GroupDirectory;
$server_dir = new ServerDirectory;
$server_account_dir = new ServerAccountDirectory;
$event_dir = new EventDirectory;
$sync_request_dir = new SyncRequestDirectory;
}
/**
* Join a sequence of partial paths into a complete path
* e.g. pathJoin("foo", "bar") -> foo/bar
* pathJoin("f/oo", "b/ar") -> f/oo/b/ar
* pathJoin("/foo/b/", "ar") -> "/foo/b/ar"
* @param string part of path
* @return string joined path
*/
function path_join() {
$args = func_get_args();
$parts = array();
foreach($args as $arg) {
$parts = array_merge($parts, explode("/", $arg));
}
$parts = array_filter($parts, function($x) {return (bool)($x);});
$prefix = $args[0][0] == "/" ? "/" : "";
return $prefix . implode("/", $parts);
}
define('ESC_HTML', 1);
define('ESC_URL', 2);
define('ESC_URL_ALL', 3);
define('ESC_NONE', 9);
function out($string, $escaping = ESC_HTML) {
switch($escaping) {
case ESC_HTML:
echo htmlspecialchars($string);
break;
case ESC_URL:
echo urlencode($string);
break;
case ESC_URL_ALL:
echo rawurlencode($string);
break;
case ESC_NONE:
echo $string;
break;
default:
throw new InvalidArgumentException("Escaping format $escaping not known.");
}
}
/**
* Short-name HTML escape convenience function
* @param string $string string to escape
* @return string HTML-escaped string
*/
function hesc($string) {
return htmlspecialchars($string);
}
function english_list($array) {
if(count($array) == 1) return reset($array);
else return implode(', ', array_slice($array, 0, -1)).' and '.end($array);
}
/**
* Perform an HTTP redirect to the given URL (or the current URL if none given)
* @param string|null $url URL to redirect to
* @param string $type HTTP response code/name to use
*/
function redirect($url = null, $type = '303 See other') {
global $absolute_request_url;
if(is_null($url)) $url = $absolute_request_url;
elseif(substr($url, 0, 1) == '#') $url = $absolute_request_url.$url;
header("HTTP/1.1 $type");
header("Location: $url");
exit;
}
/**
* Given a set of defaults and an array of querystring data, convert to a simpler
* easy-to-read form and redirect if any conversion was done. Also return array
* combining defaults with any querysting parameters that do not match defaults.
* @param array $defaults associative array of default values
* @param array $values associative array of querystring data
* @return array result of combining defaults and querystring data
*/
function simplify_search($defaults, $values) {
global $absolute_request_url;
$simplify = false;
$simplified = array();
foreach($defaults as $key => $default) {
if(!isset($values[$key])) {
// No value provided, use default
$values[$key] = $default;
} elseif(is_array($values[$key])) {
if($values[$key] == $default) {
// Parameter not needed in URL if it matches the default
} else {
// Simplify array to semicolon-separated string in URL
$simplified[] = urlencode($key).'='.implode(';', array_map('urlencode', $values[$key]));
}
$simplify = true;
} elseif($values[$key] == $default) {
// Parameter not needed in URL if it matches the default
$simplify = true;
} else {
// Pass value as-is to simplified array
$simplified[] = urlencode($key).'='.urlencode($values[$key]);
if(is_array($default)) {
// We expect an array; extract array values from semicolon-separated string
$values[$key] = explode(';', $values[$key]);
}
}
}
if($simplify) {
$url = preg_replace('/\?.*$/', '', $absolute_request_url);
if(count($simplified) > 0) $url .= '?'.implode('&', $simplified);
redirect($url);
} else {
return $values;
}
}
class OutputFormatter {
public function comment_format($text) {
return hesc($text);
}
}
$output_formatter = new OutputFormatter;
foreach(glob("extensions/*.php") as $filename) {
include $filename;
}
class DBConnectionFailedException extends RuntimeException {}

222
email.php Normal file
View File

@@ -0,0 +1,222 @@
<?php
##
## Copyright 2013-2017 Opera Software AS
##
## Licensed under the Apache License, Version 2.0 (the "License");
## you may not use this file except in compliance with the License.
## You may obtain a copy of the License at
##
## http://www.apache.org/licenses/LICENSE-2.0
##
## Unless required by applicable law or agreed to in writing, software
## distributed under the License is distributed on an "AS IS" BASIS,
## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
## See the License for the specific language governing permissions and
## limitations under the License.
##
class Email {
public $from;
public $subject;
public $body;
public $signature;
private $to = array();
private $cc = array();
private $bcc = array();
private $reply_to = array();
private $headers = array();
private $gpg_sign = true;
public function __construct() {
global $config;
$this->from = array('email' => $config['email']['from_address'], 'name' => $config['email']['from_name']);
$this->signature = $config['web']['baseurl']."\nYour friendly SSH key management system";
}
public function add_recipient($email, $name = null) {
$this->to[] = array('email' => $email, 'name' => $name);
}
public function add_cc($email, $name = null) {
$this->cc[] = array('email' => $email, 'name' => $name);
}
public function add_bcc($email, $name = null) {
$this->bcc[] = array('email' => $email, 'name' => $name);
}
public function add_reply_to($email, $name = null) {
$this->reply_to[] = array('email' => $email, 'name' => $name);
}
public function set_from($email, $name = null) {
$this->from = array('email' => $email, 'name' => $name);
$this->gpg_sign = false;
}
public function send() {
global $config;
if(!empty($config['email']['reroute'])) {
$rcpt_summary = '';
foreach(array('to', 'cc', 'bcc') as $rcpt_type) {
if(count($this->$rcpt_type) > 0) {
$rcpt_summary .= ucfirst($rcpt_type).":\n";
foreach($this->$rcpt_type as $rcpt) {
if(is_null($rcpt['name'])) {
$rcpt_summary .= " $rcpt[email]\n";
} else {
$rcpt_summary .= " $rcpt[name] <$rcpt[email]>\n";
}
}
}
}
$this->body = $rcpt_summary."\n".$this->body;
$this->to = array(array('email' => $config['email']['reroute'], 'name' => null));
$this->cc = array();
$this->bcc = array();
}
$this->headers[] = "MIME-Version: 1.0";
$this->headers[] = "Content-Transfer-Encoding: 8bit";
$this->headers[] = "Auto-Submitted: auto-generated";
$this->headers[] = "Precedence: bulk";
$this->flow();
$this->append_signature();
if($this->gpg_sign) {
$this->sign();
}
if(is_null($this->from['name'])) {
$this->headers[] = "From: {$this->from['email']}";
} else {
$this->headers[] = "From: {$this->from['name']} <{$this->from['email']}>";
}
$to = array();
foreach($this->to as $rcpt) {
if(is_null($rcpt['name'])) {
$to[] = "$rcpt[email]";
} else {
$to[] = "$rcpt[name] <$rcpt[email]>";
}
}
if(count($this->reply_to) > 0) {
$header = 'Reply-To: ';
foreach($this->reply_to as $addr) {
if(is_null($addr['name'])) {
$header .= "$addr[email], ";
} else {
if(strrpos($header, "\n") === false) $indent = strlen($header);
else $indent = strlen($header) - strrpos($header, "\n") - 1;
$header .= $this->header_7bit_safe($addr['name'], $indent)." <$addr[email]>, ";
}
}
$this->headers[] = substr($header, 0, -2);
}
foreach(array('cc', 'bcc') as $rcpt_type) {
foreach($this->$rcpt_type as $rcpt) {
if(is_null($rcpt['name'])) {
$this->headers[] = ucfirst($rcpt_type).": $rcpt[email]";
} else {
$this->headers[] = ucfirst($rcpt_type).": ".$this->header_7bit_safe($rcpt['name'], strlen($rcpt_type) + 2)." <$rcpt[email]>";
}
}
}
if(!empty($config['email']['enabled'])) {
mail(implode(', ', $to), $this->header_7bit_safe($this->subject, 9), $this->body, implode("\n", $this->headers));
}
}
private function flow() {
$message = $this->body;
/* Excerpt from RFC 3676 - 4.2. Generating Format=Flowed
A generating agent SHOULD:
o Ensure all lines (fixed and flowed) are 78 characters or fewer in
length, counting any trailing space as well as a space added as
stuffing, but not counting the CRLF, unless a word by itself
exceeds 78 characters.
o Trim spaces before user-inserted hard line breaks.
A generating agent MUST:
o Space-stuff lines which start with a space, "From ", or ">".
*/
// Trimming spaces before user-inserted hard line breaks, and wrapping.
$lines = explode("\n", $message);
foreach($lines as $ref => $line) {
$lines[$ref] = wordwrap(rtrim($line), 76, " \n", false);
}
$message = implode("\n", $lines);
// Space-stuffing lines which start with a space, "From ", or ">".
$lines = explode("\n", $message);
foreach($lines as $ref => $line) {
if(strpos($line, " ") === 0 || strpos($line, "From ") === 0 || strpos($line, ">") === 0) $lines[$ref] = " ".$line;
}
$message = implode("\n", $lines);
$message = "$message\n\n";
$this->body = $message;
$this->headers[] = "Content-Type: text/plain; charset=utf-8; format=flowed";
}
private function header_7bit_safe($string, $indent = 0) {
if(is_null($string)) return null;
return mb_encode_mimeheader($string, 'UTF-8', 'Q', "\n", $indent);
}
private function append_signature() {
//Add a signature
$this->body .= "-- \n";
$this->body .= $this->signature;
}
private function sign() {
$localheaders = array();
foreach($this->headers as $k => $v) {
if(preg_match('/^Content-Type:/i', $v)) {
$localheaders[] = $v;
unset($this->headers[$k]);
}
}
$localheaders[] = "Content-Transfer-Encoding: quoted-printable";
$lines = explode("\n", $this->body);
foreach($lines as $ref => $line) {
$line = quoted_printable_encode($line);
if(substr($line, -1) == ' ') $line = substr($line, 0, -1).'=20';
$lines[$ref] = $line;
}
$boundary = uniqid(php_uname('n'));
$innerboundary = uniqid(php_uname('n').'1');
$this->headers[] = 'Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="'.$boundary.'"';
$message = "Content-Type: multipart/mixed; boundary=\"{$innerboundary}\";\r\n";
$message .= " protected-headers=\"v1\"\r\n";
$message .= "From: {$this->from['email']}\r\n";
foreach(array('to', 'cc') as $rcpt_type) {
foreach($this->$rcpt_type as $rcpt) {
if(is_null($rcpt['name'])) {
$message .= ucfirst($rcpt_type).": $rcpt[email]\r\n";
} else {
$message .= ucfirst($rcpt_type).": ".$this->header_7bit_safe($rcpt['name'], strlen($rcpt_type) + 2)." <$rcpt[email]>\r\n";
}
}
}
$message .= "Subject: ".$this->header_7bit_safe($this->subject, 9)."\r\n\r\n";
$message .= "--{$innerboundary}\r\n".implode("\r\n", $localheaders)."\r\n\r\n".implode("\r\n", $lines)."\r\n--{$innerboundary}--\r\n";
$signature = $this->get_gpg_signature($message);
$message = "This is an OpenPGP/MIME signed message (RFC 4880 and 3156)\r\n--{$boundary}\r\n{$message}\r\n--{$boundary}\r\n";
$message .= "Content-Type: application/pgp-signature; name=\"signature.asc\"\r\n";
$message .= "Content-Description: OpenPGP digital signature\r\n";
$message .= "Content-Disposition: attachment; filename=\"signature.asc\"\r\n\r\n";
$message .= $signature;
$message .= "\r\n--$boundary--";
$this->body = $message;
}
private function get_gpg_signature($message) {
$gpg = new gnupg();
$gpg->addsignkey('5BF47B590E2629854FC99BCEE8D5397409381BE2');
$gpg->setsignmode(GNUPG::SIG_MODE_DETACH);
return $gpg->sign($message);
}
}

2
extensions/README Normal file
View File

@@ -0,0 +1,2 @@
For extending or replacing functionality.
All .php files in this directory are automatically include()'d.

87
ldap.php Normal file
View File

@@ -0,0 +1,87 @@
<?php
##
## Copyright 2013-2017 Opera Software AS
##
## Licensed under the Apache License, Version 2.0 (the "License");
## you may not use this file except in compliance with the License.
## You may obtain a copy of the License at
##
## http://www.apache.org/licenses/LICENSE-2.0
##
## Unless required by applicable law or agreed to in writing, software
## distributed under the License is distributed on an "AS IS" BASIS,
## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
## See the License for the specific language governing permissions and
## limitations under the License.
##
class LDAP {
private $conn;
private $host;
private $starttls;
private $bind_dn;
private $bind_password;
public function __construct($host, $starttls, $bind_dn, $bind_password) {
$this->conn = null;
$this->host = $host;
$this->starttls = $starttls;
$this->bind_dn = $bind_dn;
$this->bind_password = $bind_password;
}
private function connect() {
$this->conn = ldap_connect($this->host);
if($this->conn === false) throw new LDAPConnectionFailureException('Invalid LDAP connection settings');
if($this->starttls) {
if(!ldap_start_tls($this->conn)) throw new LDAPConnectionFailureException('Could not initiate TLS connection to LDAP server');
}
if(!empty($this->bind_dn)) {
if(!ldap_bind($this->conn, $this->bind_dn, $this->bind_password)) throw new LDAPConnectionFailureException('Could not bind to LDAP server');
}
}
public function search($basedn, $filter, $fields = array(), $sort = array()) {
if(is_null($this->conn)) $this->connect();
if(empty($fields)) $r = @ldap_search($this->conn, $basedn, $filter);
else $r = @ldap_search($this->conn, $basedn, $filter, $fields);
$sort = array_reverse($sort);
foreach($sort as $field) {
@ldap_sort($this->conn, $r, $field);
}
if($r) {
// Fetch entries
$result = @ldap_get_entries($this->conn, $r);
unset($result['count']);
$items = array();
foreach($result as $item) {
unset($item['count']);
$itemResult = array();
foreach($item as $key => $values) {
if(!is_int($key)) {
if(is_array($values)) {
unset($values['count']);
if(count($values) == 1) $values = $values[0];
}
$itemResult[$key] = $values;
}
}
$items[] = $itemResult;
}
return $items;
}
return false;
}
public static function escape($str = '') {
$metaChars = array("\\00", "\\", "(", ")", "*");
$quotedMetaChars = array();
foreach($metaChars as $key => $value) {
$quotedMetaChars[$key] = '\\'. dechex(ord($value));
}
$str = str_replace($metaChars, $quotedMetaChars, $str);
return $str;
}
}
class LDAPConnectionFailureException extends RuntimeException {}

95
model/access.php Normal file
View File

@@ -0,0 +1,95 @@
<?php
##
## Copyright 2013-2017 Opera Software AS
##
## Licensed under the Apache License, Version 2.0 (the "License");
## you may not use this file except in compliance with the License.
## You may obtain a copy of the License at
##
## http://www.apache.org/licenses/LICENSE-2.0
##
## Unless required by applicable law or agreed to in writing, software
## distributed under the License is distributed on an "AS IS" BASIS,
## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
## See the License for the specific language governing permissions and
## limitations under the License.
##
/**
* Class that represents an access rule granting access from one entity to another
*/
class Access extends Record {
/**
* Defines the database table that this object is stored in
*/
protected $table = 'access';
/**
* Add an SSH access option to the access rule
* Access options include "command", "from", "no-port-forwarding" etc.
* @param AccessOption $option to be added
*/
public function add_option(AccessOption $option) {
if(is_null($this->id)) throw new BadMethodCallException('Access rule must be in directory before options can be added');
$stmt = $this->database->prepare("INSERT INTO access_option SET access_id = ?, `option` = ?, value = ?");
$stmt->bind_param('dss', $this->id, $option->option, $option->value);
$stmt->execute();
$stmt->close();
}
/**
* Remove an SSH option from the access rule
* @param AccessOption $option to be removed
*/
public function delete_option(AccessOption $option) {
if(is_null($this->id)) throw new BadMethodCallException('Access rule must be in directory before options can be deleted');
$stmt = $this->database->prepare("DELETE FROM access_option WHERE access_id = ? AND `option` = ?");
$stmt->bind_param('ds', $this->id, $option->option);
$stmt->execute();
$stmt->close();
}
/**
* Replace the current list of SSH access options with the provided array of options.
* This is a crude implementation - just deletes all existing options and adds new ones, with
* table locking for a small measure of safety.
* @param array $options array of AccessOption objects
*/
public function update_options(array $options) {
$stmt = $this->database->query("LOCK TABLES access_option WRITE");
$oldoptions = $this->list_options();
foreach($oldoptions as $oldoption) {
$this->delete_option($oldoption);
}
foreach($options as $option) {
$this->add_option($option);
}
$stmt = $this->database->query("UNLOCK TABLES");
$this->dest_entity->sync_access();
}
/**
* List all current SSH access options applied to the access rule.
* @return array of AccessOption objects
*/
public function list_options() {
if(is_null($this->id)) throw new BadMethodCallException('Access rule must be in directory before options can be listed');
$stmt = $this->database->prepare("
SELECT *
FROM access_option
WHERE access_id = ?
ORDER BY `option`
");
$stmt->bind_param('d', $this->id);
$stmt->execute();
$result = $stmt->get_result();
$options = array();
while($row = $result->fetch_assoc()) {
$options[$row['option']] = new AccessOption($row['option'], $row);
}
$stmt->close();
return $options;
}
}
class AccessNotFoundException extends Exception {}

26
model/accessoption.php Normal file
View File

@@ -0,0 +1,26 @@
<?php
##
## Copyright 2013-2017 Opera Software AS
##
## Licensed under the Apache License, Version 2.0 (the "License");
## you may not use this file except in compliance with the License.
## You may obtain a copy of the License at
##
## http://www.apache.org/licenses/LICENSE-2.0
##
## Unless required by applicable law or agreed to in writing, software
## distributed under the License is distributed on an "AS IS" BASIS,
## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
## See the License for the specific language governing permissions and
## limitations under the License.
##
/**
* Class that represents an SSH access option on an access rule
*/
class AccessOption extends Record {
/**
* Defines the database table that this object is stored in
*/
protected $table = 'access_option';
}

26
model/accessrequest.php Normal file
View File

@@ -0,0 +1,26 @@
<?php
##
## Copyright 2013-2017 Opera Software AS
##
## Licensed under the Apache License, Version 2.0 (the "License");
## you may not use this file except in compliance with the License.
## You may obtain a copy of the License at
##
## http://www.apache.org/licenses/LICENSE-2.0
##
## Unless required by applicable law or agreed to in writing, software
## distributed under the License is distributed on an "AS IS" BASIS,
## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
## See the License for the specific language governing permissions and
## limitations under the License.
##
/**
* Class that represents a request for access from one entity to another
*/
class AccessRequest extends Record {
/**
* Defines the database table that this object is stored in
*/
protected $table = 'access_request';
}

32
model/dbdirectory.php Normal file
View File

@@ -0,0 +1,32 @@
<?php
##
## Copyright 2013-2017 Opera Software AS
##
## Licensed under the Apache License, Version 2.0 (the "License");
## you may not use this file except in compliance with the License.
## You may obtain a copy of the License at
##
## http://www.apache.org/licenses/LICENSE-2.0
##
## Unless required by applicable law or agreed to in writing, software
## distributed under the License is distributed on an "AS IS" BASIS,
## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
## See the License for the specific language governing permissions and
## limitations under the License.
##
/**
* Basic database directory abstract class. Inherited by most classes that manipulate lists of objects in the database.
*/
abstract class DBDirectory {
protected $database;
/**
* Sets up the local $database object for use by the inheriting classes.
*/
public function __construct() {
global $database;
$this->database = $database;
}
}

416
model/entity.php Normal file
View File

@@ -0,0 +1,416 @@
<?php
##
## Copyright 2013-2017 Opera Software AS
##
## Licensed under the Apache License, Version 2.0 (the "License");
## you may not use this file except in compliance with the License.
## You may obtain a copy of the License at
##
## http://www.apache.org/licenses/LICENSE-2.0
##
## Unless required by applicable law or agreed to in writing, software
## distributed under the License is distributed on an "AS IS" BASIS,
## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
## See the License for the specific language governing permissions and
## limitations under the License.
##
/**
* Abstract class that represents one of several types of entities (users, server accounts, groups)
* which can have access rules created between them, administrators assigned, or be members of each other.
*/
abstract class Entity extends Record {
/**
* Defines the database table that this object is stored in
*/
protected $table = 'entity';
/**
* Write event details to syslog and to entity_event table.
* @param array $details event paramaters to be logged
* @param int $level syslog priority as defined in http://php.net/manual/en/function.syslog.php
*/
public function log($details, $level = LOG_INFO) {
if(is_null($this->id)) throw new BadMethodCallException('Entity must be in directory before log entries can be added');
switch(get_class($this)) {
case 'User':
$scope = "user:{$this->uid}";
break;
case 'ServerAccount':
$scope = "account:{$this->name}@{$this->server->hostname}";
break;
case 'Group':
$scope = "group:{$this->name}";
break;
default:
throw new BadMethodCallException('Unsupported entity type: '.get_class($this));
}
$json = json_encode($details, JSON_UNESCAPED_UNICODE);
$stmt = $this->database->prepare("INSERT INTO entity_event SET entity_id = ?, actor_id = ?, date = UTC_TIMESTAMP(), details = ?");
$stmt->bind_param('dds', $this->id, $this->active_user->entity_id, $json);
$stmt->execute();
$stmt->close();
$text = "KeysScope=\"{$scope}\" KeysRequester=\"{$this->active_user->uid}\"";
foreach($details as $key => $value) {
$text .= ' Keys'.ucfirst($key).'="'.str_replace('"', '', $value).'"';
}
openlog('keys', LOG_ODELAY, LOG_AUTH);
syslog($level, $text);
closelog();
}
/**
* Add the specified user as an administrator of the entity.
* Logging is performed by the inheriting classes.
* @param User $user to add as administrator
*/
public function add_admin(User $user) {
if(is_null($this->entity_id)) throw new BadMethodCallException('Entity must be in directory before admins can be added');
if(is_null($user->entity_id)) throw new InvalidArgumentException('User must be in directory before it can be made admin');
$entity_id = $user->entity_id;
try {
$stmt = $this->database->prepare("INSERT INTO entity_admin SET entity_id = ?, admin = ?");
$stmt->bind_param('dd', $this->entity_id, $entity_id);
$stmt->execute();
$stmt->close();
} catch(mysqli_sql_exception $e) {
if($e->getCode() == 1062) {
// Duplicate entry - ignore
} else {
throw $e;
}
}
}
/**
* Remove the specified user as an administrator of the entity.
* @param User $user to remove as administrator
*/
public function delete_admin(User $user) {
if(is_null($this->entity_id)) throw new BadMethodCallException('Entity must be in directory before admins can be deleted');
if(is_null($user->entity_id)) throw new InvalidArgumentException('User must be in directory before it can be removed as admin');
$entity_id = $user->entity_id;
$stmt = $this->database->prepare("DELETE FROM entity_admin WHERE entity_id = ? AND admin = ?");
$stmt->bind_param('dd', $this->entity_id, $entity_id);
$stmt->execute();
$stmt->close();
}
/**
* List all administrators of this entity.
* @return array of User objects
*/
public function list_admins() {
if(is_null($this->entity_id)) throw new BadMethodCallException('Entity must be in directory before admins can be listed');
$stmt = $this->database->prepare("SELECT admin FROM entity_admin WHERE entity_id = ?");
$stmt->bind_param('d', $this->entity_id);
$stmt->execute();
$result = $stmt->get_result();
$admins = array();
while($row = $result->fetch_assoc()) {
$admins[] = new User($row['admin']);
}
$stmt->close();
return $admins;
}
/**
* Add a public key to this entity for use with any outbound access rules that apply to it.
* Emailing and logging is handled by the inheriting classes.
* @param PublicKey $key to be added
*/
public function add_public_key(PublicKey $key) {
if(is_null($this->entity_id)) throw new BadMethodCallException('Entity must be in directory before public keys can be added');
$key->get_openssh_info();
$key_type = $key->type;
$key_keydata = $key->keydata;
$key_comment = $key->comment;
$key_size = $key->keysize;
$key_fingerprint_md5 = $key->fingerprint_md5;
$key_fingerprint_sha256 = $key->fingerprint_sha256;
$key_randomart_md5 = $key->randomart_md5;
$key_randomart_sha256 = $key->randomart_sha256;
$stmt = $this->database->prepare("
INSERT INTO public_key SET
entity_id = ?,
type = ?,
keydata = ?,
comment = ?,
keysize = ?,
fingerprint_md5 = ?,
fingerprint_sha256 = ?,
randomart_md5 = ?,
randomart_sha256 = ?
");
$stmt->bind_param('dsssdssss', $this->entity_id, $key_type, $key_keydata, $key_comment, $key_size, $key_fingerprint_md5, $key_fingerprint_sha256, $key_randomart_md5, $key_randomart_sha256);
$stmt->execute();
$key->id = $stmt->insert_id;
$stmt->close();
$this->sync_remote_access();
}
/**
* Delete the specified public key from this entity.
* @param PublicKey $key to be removed
*/
public function delete_public_key(PublicKey $key) {
if(is_null($this->entity_id)) throw new BadMethodCallException('Entity must be in directory before public keys can be deleted');
$stmt = $this->database->prepare("DELETE FROM public_key WHERE entity_id = ? AND id = ?");
$stmt->bind_param('dd', $this->entity_id, $key->id);
$stmt->execute();
$stmt->close();
$this->sync_remote_access();
}
/**
* Retrieve a specific public key for this entity by its ID.
* @param int $id of public key to retrieve
* @return PublicKey matching the ID
* @throws PublicKeyNotFoundException if no public key exists with that ID
*/
public function get_public_key_by_id($id) {
if(is_null($this->entity_id)) throw new BadMethodCallException('Entity must be in directory before public keys can be listed');
$stmt = $this->database->prepare("SELECT * FROM public_key WHERE entity_id = ? AND id = ?");
$stmt->bind_param('dd', $this->entity_id, $id);
$stmt->execute();
$result = $stmt->get_result();
if($row = $result->fetch_assoc()) {
$key = new PublicKey($row['id'], $row);
} else {
throw new PublicKeyNotFoundException('Public key does not exist.');
}
$stmt->close();
return $key;
}
/**
* List all public keys associated with this entity, optionally filtered by account name and hostname
* for any of the keys that have destination rules applied.
* @todo this is perhaps an unintuitive place to do this kind of filtering
* @param string|null $account_name to filter for in the destination rules for each key
* @param string|null $hostname to filter for in the destination rules for each key
* @return array of PublicKey objects
*/
public function list_public_keys($account_name = null, $hostname = null) {
if(is_null($this->entity_id)) throw new BadMethodCallException('Entity must be in directory before public keys can be listed');
$stmt = $this->database->prepare("
SELECT public_key.*, COUNT(public_key_dest_rule.id) AS dest_rule_count
FROM public_key
LEFT JOIN public_key_dest_rule ON public_key_dest_rule.public_key_id = public_key.id
WHERE entity_id = ?
GROUP BY public_key.id
");
$stmt->bind_param('d', $this->entity_id);
$stmt->execute();
$result = $stmt->get_result();
$keys = array();
while($row = $result->fetch_assoc()) {
if((is_null($account_name) && is_null($hostname)) || $row['dest_rule_count'] == 0) {
$include = true;
} else {
$include = false;
$rulestmt = $this->database->prepare("SELECT * FROM public_key_dest_rule WHERE public_key_id = ?");
$rulestmt->bind_param('d', $row['id']);
$rulestmt->execute();
$ruleresult = $rulestmt->get_result();
if($ruleresult->num_rows == 0) {
// Key has no destination rules defined, include it everywhere
$include = true;
} else {
// Apply destination rules
while($rule = $ruleresult->fetch_assoc()) {
$filter1 = '/^'.str_replace('\*', '.*', preg_quote($rule['account_name_filter'], '/')).'$/i';
$filter2 = '/^'.str_replace('\*', '.*', preg_quote($rule['hostname_filter'], '/')).'$/i';
if(preg_match($filter1, $account_name) && preg_match($filter2, $hostname)) {
$include = true;
break;
}
}
}
}
if($include) {
$keys[] = new PublicKey($row['id'], $row);
}
}
$stmt->close();
return $keys;
}
/**
* Retrieve a specific access rule towards this entity by its ID (inbound access).
* @param int $id to retrieve
* @return Access object
* @throws AccessNotFoundException if no access rule exists with this ID
*/
public function get_access_by_id($id) {
if(is_null($this->entity_id)) throw new BadMethodCallException('Entity must be in directory before access can be listed');
$stmt = $this->database->prepare("
SELECT access.*, entity.type
FROM access
INNER JOIN entity ON entity.id = access.source_entity_id
WHERE access.dest_entity_id = ? AND access.id = ?
");
$stmt->bind_param('dd', $this->entity_id, $id);
$stmt->execute();
$result = $stmt->get_result();
if($row = $result->fetch_assoc()) {
switch($row['type']) {
case 'user': $source_entity = new User($row['source_entity_id']); break;
case 'server account': $source_entity = new ServerAccount($row['source_entity_id']); break;
case 'group': $source_entity = new Group($row['source_entity_id']); break;
}
$row['granted_by'] = new User($row['granted_by']);
$row['source_entity'] = $source_entity;
$row['dest_entity'] = $this;
$access = new Access($row['id'], $row);
} else {
throw new AccessNotFoundException('Access rule does not exist.');
}
$stmt->close();
return $access;
}
/**
* List all access rules that grant access to this entity (inbound access).
* @return array of Access objects
*/
public function list_access() {
if(is_null($this->entity_id)) throw new BadMethodCallException('Entity must be in directory before access can be listed');
$stmt = $this->database->prepare("
SELECT access.*, entity.type
FROM access
INNER JOIN entity ON entity.id = access.source_entity_id
LEFT JOIN user ON user.entity_id = entity.id
LEFT JOIN server_account ON server_account.entity_id = entity.id
LEFT JOIN server ON server.id = server_account.server_id
LEFT JOIN `group` ON `group`.entity_id = entity.id
WHERE dest_entity_id = ?
ORDER BY entity.type, user.uid, server.hostname, server_account.name, `group`.name
");
$stmt->bind_param('d', $this->entity_id);
$stmt->execute();
$result = $stmt->get_result();
$access_list = array();
while($row = $result->fetch_assoc()) {
switch($row['type']) {
case 'user': $source_entity = new User($row['source_entity_id']); break;
case 'server account': $source_entity = new ServerAccount($row['source_entity_id']); break;
case 'group': $source_entity = new Group($row['source_entity_id']); break;
}
$row['granted_by'] = new User($row['granted_by']);
$row['source_entity'] = $source_entity;
$access_list[] = new Access($row['id'], $row);
}
$stmt->close();
return $access_list;
}
/**
* List all requests for access to this entity (inbound access).
* @return array of AccessRequest objects
*/
public function list_access_requests() {
if(is_null($this->entity_id)) throw new BadMethodCallException('Entity must be in directory before access can be listed');
$stmt = $this->database->prepare("
SELECT access_request.*, entity.type
FROM access_request
INNER JOIN entity ON entity.id = access_request.source_entity_id
LEFT JOIN user ON user.entity_id = entity.id
LEFT JOIN server_account ON server_account.entity_id = entity.id
LEFT JOIN server ON server.id = server_account.server_id
LEFT JOIN `group` ON `group`.entity_id = entity.id
WHERE dest_entity_id = ?
ORDER BY entity.type, user.uid, server.hostname, server_account.name, `group`.name
");
$stmt->bind_param('d', $this->entity_id);
$stmt->execute();
$result = $stmt->get_result();
$access_requests = array();
while($row = $result->fetch_assoc()) {
switch($row['type']) {
case 'user': $source_entity = new User($row['source_entity_id']); break;
case 'server account': $source_entity = new ServerAccount($row['source_entity_id']); break;
case 'group': $source_entity = new Group($row['source_entity_id']); break;
}
$row['requested_by'] = new User($row['requested_by']);
$row['source_entity'] = $source_entity;
$access_requests[] = new AccessRequest($row['id'], $row);
}
$stmt->close();
return $access_requests;
}
/**
* List all access rules that grant this entity access to other entities (outbound access).
* @return array of Access objects
*/
public function list_remote_access() {
if(is_null($this->entity_id)) throw new BadMethodCallException('Entity must be in directory before remote access can be listed');
$stmt = $this->database->prepare("
SELECT access.*, entity.type
FROM access
INNER JOIN entity ON access.dest_entity_id = entity.id
LEFT JOIN user ON user.entity_id = entity.id
LEFT JOIN server_account ON server_account.entity_id = entity.id
LEFT JOIN server ON server.id = server_account.server_id
LEFT JOIN `group` ON `group`.entity_id = entity.id
WHERE access.source_entity_id = ?
ORDER BY entity.type, user.uid, server.hostname, server_account.name, `group`.name
");
$stmt->bind_param('d', $this->entity_id);
$stmt->execute();
$result = $stmt->get_result();
$access_list = array();
while($row = $result->fetch_assoc()) {
switch($row['type']) {
case 'user': $dest_entity = new User($row['dest_entity_id']); break;
case 'server account': $dest_entity = new ServerAccount($row['dest_entity_id']); break;
case 'group': $dest_entity = new Group($row['dest_entity_id']); break;
}
$row['granted_by'] = new User($row['granted_by']);
$row['dest_entity'] = $dest_entity;
$access_list[] = new Access($row['id'], $row);
}
$stmt->close();
return $access_list;
}
/**
* Trigger a sync for this entity - must be implemented by inheriting class.
*/
abstract public function sync_access();
/**
* Trigger a sync for all entities that this entity has access to (and recurse to group members).
* @param $seen used to prevent infinite recursion and double-syncing by tracking all entities seen so far
*/
public function sync_remote_access(&$seen = array()) {
$seen[$this->entity_id] = true;
// Sync whatever this entity has access to
$access_list = $this->list_remote_access();
foreach($access_list as $access) {
$access->dest_entity->sync_access();
}
// Sync whatever groups this entity is a member of
global $group_dir;
$memberships = $group_dir->list_group_membership($this);
foreach($memberships as $group) {
if(!isset($seen[$group->entity_id])) {
$group->sync_remote_access($seen);
}
}
// If this is a user, also sync across LDAP-based servers
global $server_dir;
global $sync_request_dir;
if(get_class($this) == 'User') {
$servers = $server_dir->list_servers(array(), array('authorization' => array('manual LDAP', 'automatic LDAP')));
foreach($servers as $server) {
$sync_request = new SyncRequest;
$sync_request->server_id = $server->id;
$sync_request->account_name = $this->uid;
$sync_request_dir->add_sync_request($sync_request);
}
}
}
}

43
model/entityevent.php Normal file
View File

@@ -0,0 +1,43 @@
<?php
##
## Copyright 2013-2017 Opera Software AS
##
## Licensed under the Apache License, Version 2.0 (the "License");
## you may not use this file except in compliance with the License.
## You may obtain a copy of the License at
##
## http://www.apache.org/licenses/LICENSE-2.0
##
## Unless required by applicable law or agreed to in writing, software
## distributed under the License is distributed on an "AS IS" BASIS,
## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
## See the License for the specific language governing permissions and
## limitations under the License.
##
/**
* Abstract class that represents a log event that was recorded in relation to an entity
*/
abstract class EntityEvent extends Record {
/**
* Defines the database table that this object is stored in
*/
protected $table = 'entity_event';
/**
* Magic getter method - if actor field requested, return User object of the person who triggered
* the logged event.
* @param string $field to retrieve
* @return mixed data stored in field
*/
public function &__get($field) {
global $user_dir;
switch($field) {
case 'actor':
$actor = new User($this->data['actor_id']);
return $actor;
default:
return parent::__get($field);
}
}
}

90
model/eventdirectory.php Normal file
View File

@@ -0,0 +1,90 @@
<?php
##
## Copyright 2013-2017 Opera Software AS
##
## Licensed under the Apache License, Version 2.0 (the "License");
## you may not use this file except in compliance with the License.
## You may obtain a copy of the License at
##
## http://www.apache.org/licenses/LICENSE-2.0
##
## Unless required by applicable law or agreed to in writing, software
## distributed under the License is distributed on an "AS IS" BASIS,
## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
## See the License for the specific language governing permissions and
## limitations under the License.
##
/**
* Class for reading from the list of all *Event objects in the database.
*/
class EventDirectory extends DBDirectory {
/**
* List events of all types stored in the database ordered from most recent.
* @param array $include list of extra data to include in response - currently unused
* @param array $filter list of field/value pairs to filter results on
* @param int|null $limit max results to return
* @return array of *Event objects
*/
public function list_events($include = array(), $filter = array(), $limit = 100) {
// WARNING: The search query is not parameterized - be sure to properly escape all input
$fields = array(
'server' => array("se.id", "se.server_id", "NULL as `entity_id`", "se.actor_id", "se.date", "se.details"),
'group' => array("ee.id", "NULL AS server_id", "ee.entity_id", "ee.actor_id", "ee.date", "ee.details")
);
$joins = array('server' => array(), 'group' => array());
$where = array('server' => array(), 'group' => array());
foreach($filter as $field => $value) {
if($value) {
switch($field) {
case 'admin':
// Filter for events from servers that the user is an admin of
$joins['server']['adminsearch'] = "INNER JOIN server_admin AS admin_search ON admin_search.server_id = se.server_id";
$where['server'][] = "admin_search.entity_id = ".intval($value);
// Filter for events from server accounts or groups that the user is an admin of
// (possibly indirectly for the former as a result of being server admin)
$joins['group']['adminsearch'] = "LEFT JOIN entity_admin AS admin_search ON admin_search.entity_id = ee.entity_id";
$joins['group']['account'] = "LEFT JOIN server_account AS sa ON sa.entity_id = ee.entity_id";
$joins['group']['server'] = "LEFT JOIN server AS s ON s.id = sa.server_id";
$joins['group']['parentadminsearch'] = "LEFT JOIN server_admin AS parent_admin_search ON parent_admin_search.server_id = s.id";
$where['group'][] = "admin_search.admin = ".intval($value)." OR parent_admin_search.entity_id = ".intval($value);
break;
}
}
}
$stmt = $this->database->prepare("
(SELECT ".implode(", ", $fields['server']).", 'server' AS event_type
FROM server_event se ".implode(" ", $joins['server'])."
".(count($where['server']) == 0 ? "" : "WHERE (".implode(") AND (", $where['server']).")")."
GROUP BY se.id
ORDER BY se.id DESC)
UNION
(SELECT ".implode(", ", $fields['group']).", e.type AS event_type
FROM entity_event ee ".implode(" ", $joins['group'])."
INNER JOIN entity e ON e.id = ee.entity_id
".(count($where['group']) == 0 ? "" : "WHERE (".implode(") AND (", $where['group']).")")."
GROUP BY ee.id
ORDER BY ee.id DESC)
ORDER BY `date` DESC, id DESC
".(is_null($limit) ? '' : 'LIMIT '.intval($limit))."
");
$stmt->execute();
$result = $stmt->get_result();
$events = array();
while($row = $result->fetch_assoc()) {
if($row['event_type'] == 'server') {
$events[] = new ServerEvent($row['id'], $row);
} elseif($row['event_type'] == 'user') {
$events[] = new UserEvent($row['id'], $row);
} elseif($row['event_type'] == 'server account') {
$events[] = new ServerAccountEvent($row['id'], $row);
} elseif($row['event_type'] == 'group') {
$events[] = new GroupEvent($row['id'], $row);
}
}
$stmt->close();
return $events;
}
}
class EventNotFoundException extends Exception {}

348
model/group.php Normal file
View File

@@ -0,0 +1,348 @@
<?php
##
## Copyright 2013-2017 Opera Software AS
##
## Licensed under the Apache License, Version 2.0 (the "License");
## you may not use this file except in compliance with the License.
## You may obtain a copy of the License at
##
## http://www.apache.org/licenses/LICENSE-2.0
##
## Unless required by applicable law or agreed to in writing, software
## distributed under the License is distributed on an "AS IS" BASIS,
## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
## See the License for the specific language governing permissions and
## limitations under the License.
##
/**
* Class that represents a grouping of users or server accounts
*/
class Group extends Entity {
/**
* Defines the database table that this object is stored in
*/
protected $table = 'group';
/**
* Defines the field that is the primary key of the table
*/
protected $idfield = 'entity_id';
public function __construct($id = null, $preload_data = array()) {
parent::__construct($id, $preload_data);
if(!isset($this->data['system'])) $this->data['system'] = 0;
}
/**
* Write property changes to database and log the changes.
* Triggers a resync if the group was activated/deactivated.
*/
public function update() {
if($this->data['system']) $this->data['active'] = 1; // Cannot disable system groups
$changes = parent::update();
$resync = false;
foreach($changes as $change) {
$loglevel = LOG_INFO;
switch($change->field) {
case 'active':
$resync = true;
if($change->new_value == 1) $loglevel = LOG_WARNING;
break;
}
$this->log(array('action' => 'Setting update', 'value' => $change->new_value, 'oldvalue' => $change->old_value, 'field' => ucfirst(str_replace('_', ' ', $change->field))), $loglevel);
}
if($resync) {
$this->sync_access();
$this->sync_remote_access();
}
}
/**
* List all log events for this group.
* @return array of GroupEvent objects
*/
public function get_log() {
if(is_null($this->id)) throw new BadMethodCallException('Group must be in directory before log entries can be listed');
$stmt = $this->database->prepare("SELECT * FROM entity_event WHERE entity_id = ? ORDER BY id DESC");
$stmt->bind_param('d', $this->id);
$stmt->execute();
$result = $stmt->get_result();
$log = array();
while($row = $result->fetch_assoc()) {
$log[] = new GroupEvent($row['id'], $row);
}
$stmt->close();
return $log;
}
/**
* Add the specified user as an administrator of the group.
* This action is logged with a warning level as it is increasing an access level.
* @param User $user to add as administrator
*/
public function add_admin(User $user) {
global $config;
parent::add_admin($user);
$url = $config['web']['baseurl'].'/groups/'.urlencode($this->name);
$email = new Email;
$email->subject = "Administrator for {$this->name} group";
$email->add_cc($config['email']['report_address'], $config['email']['report_name']);
$email->add_recipient($user->email, $user->name);
$email->body = "{$this->active_user->name} ({$this->active_user->uid}) has added you as an administrator for the '{$this->name}' group. You can administer this group from <$url>";
$email->send();
$this->log(array('action' => 'Administrator add', 'value' => "user:{$user->uid}"), LOG_WARNING);
}
/**
* Remove the specified user as an administrator of the group.
* This action is logged with a warning level as it means the removed user will no longer
* receive notifications for any changes done to this group.
* @param User $user to remove as administrator
*/
public function delete_admin(User $user) {
parent::delete_admin($user);
$this->log(array('action' => 'Administrator remove', 'value' => "user:{$user->uid}"), LOG_WARNING);
}
/**
* Add the specified entity (User/ServerAccount/Group†) as a member of the group.
* †Adding a Group as a member of a group (nested groups) is no longer allowed by the UI.
* This action is logged with a warning level as it is potentially granting access.
* @todo remove nested group functionality
* @param Entity $entity to add as a group member
*/
public function add_member(Entity $entity) {
global $config;
if(is_null($this->entity_id)) throw new BadMethodCallException('Group must be in directory before members can be added');
if(is_null($entity->entity_id)) throw new InvalidArgumentException('Entity must be in directory before it can be added to a group');
$entity_id = $entity->entity_id;
switch(get_class($entity)) {
case 'User':
$name = "user {$entity->uid}";
$mailsubject = "{$entity->uid} added to {$this->name} group by {$this->active_user->uid}";
$mailbody = "{$entity->name} ({$entity->uid}) has been added to the {$this->name} group by {$this->active_user->name} ({$this->active_user->uid}).";
$logmsg = array('action' => 'Member add', 'value' => "user:{$entity->uid}");
break;
case 'ServerAccount':
// We should not allow adding server accounts to a group if the active user is not an admin of that server or server account
if(!$this->active_user->admin && !$this->active_user->admin_of($entity->server) && !$this->active_user->admin_of($entity)) {
throw new InvalidArgumentException('Active user is not an administrator of the specified server account');
}
$name = "account {$entity->name}@{$entity->server->hostname}";
$mailsubject = "{$entity->name}@{$entity->server->hostname} added to {$this->name} group by {$this->active_user->uid}";
$mailbody = "{$entity->name}@{$entity->server->hostname} has been added to the {$this->name} group by {$this->active_user->name} ({$this->active_user->uid}).";
$logmsg = array('action' => 'Member add', 'value' => "account:{$entity->name}@{$entity->server->hostname}");
break;
case 'Group':
// We should not allow adding groups to a group if the active user is not an admin of that group
if(!$this->active_user->admin && !$this->active_user->admin_of($entity)) {
throw new InvalidArgumentException('Active user is not an administrator of the specified group');
}
$name = "group {$entity->name}";
$mailsubject = "{$entity->name} group added to {$this->name} group by {$this->active_user->uid}";
$mailbody = "The {$entity->name} group has been added to the {$this->name} group by {$this->active_user->name} ({$this->active_user->uid}).";
$logmsg = array('action' => 'Member add', 'value' => "group:{$entity->name}");
break;
}
try {
$stmt = $this->database->prepare("INSERT INTO group_member SET `group` = ?, entity_id = ?, add_date = UTC_TIMESTAMP(), added_by = ?");
$stmt->bind_param('ddd', $this->entity_id, $entity_id, $this->active_user->entity_id);
$stmt->execute();
$stmt->close();
$this->log($logmsg, LOG_WARNING);
if($this->active_user->uid != 'import-script') {
$email = new Email;
foreach($this->list_admins() as $admin) {
$email->add_recipient($admin->email, $admin->name);
}
$email->add_cc($config['email']['report_address'], $config['email']['report_name']);
$email->subject = $mailsubject;
$email->body = $mailbody;
$email->send();
}
} catch(mysqli_sql_exception $e) {
if($e->getCode() == 1062) {
// Duplicate entry - ignore
} else {
throw $e;
}
}
$entity->sync_access(); // This entity is now a member of the group, so any access rules that apply to the group now apply to the entity
$this->sync_remote_access(); // If this group has access to anything, this entity now also has access to it
}
/**
* Remove the specified entity (User/ServerAccount/Group) as a member of the group.
* @todo remove nested group functionality
* @param Entity $entity to remove as a group member
*/
public function delete_member(Entity $entity) {
if(is_null($this->entity_id)) throw new BadMethodCallException('Group must be in directory before members can be deleted');
switch(get_class($entity)) {
case 'User':
$this->log(array('action' => 'Member remove', 'value' => "user:{$entity->uid}"));
break;
case 'ServerAccount':
$this->log(array('action' => 'Member remove', 'value' => "account:{$entity->name}@{$entity->server->hostname}"));
break;
case 'Group':
$this->log(array('action' => 'Member remove', 'value' => "group:{$entity->name}"));
break;
}
$stmt = $this->database->prepare("DELETE FROM group_member WHERE `group` = ? AND entity_id = ?");
$stmt->bind_param('ds', $this->entity_id, $entity->entity_id);
$stmt->execute();
$stmt->close();
// Resync both the entity being removed and the group itself
$entity->sync_access();
$this->sync_remote_access();
}
/**
* List all members of the group.
* @todo remove nested group functionality
* @return array of User/ServerAccount/Group objects
*/
public function list_members() {
if(is_null($this->entity_id)) throw new BadMethodCallException('Group must be in directory before members can be listed');
$stmt = $this->database->prepare("
SELECT entity.id, entity.type, add_date, added_by
FROM group_member
INNER JOIN entity ON group_member.entity_id = entity.id
LEFT JOIN user ON user.entity_id = entity.id
LEFT JOIN server_account ON server_account.entity_id = entity.id
LEFT JOIN server ON server.id = server_account.server_id
LEFT JOIN `group` ON `group`.entity_id = entity.id
WHERE group_member.group = ?
ORDER BY entity.type, user.uid, server.hostname, server_account.name, `group`.name
");
$stmt->bind_param('d', $this->entity_id);
$stmt->execute();
$result = $stmt->get_result();
$members = array();
while($row = $result->fetch_assoc()) {
$row['added_by'] = new User($row['added_by']);
switch($row['type']) {
case 'user': $members[] = new User($row['id'], $row); break;
case 'server account': $members[] = new ServerAccount($row['id'], $row); break;
case 'group': $members[] = new Group($row['id'], $row); break;
}
}
$stmt->close();
return $members;
}
/**
* Grant the specified entity (User/ServerAccount/Group) access to members of this group.
* An email is sent to the group admins and sec-ops to inform them of the change.
* This action is logged with a warning level as it is granting access.
* @param Entity $entity to add as a group member
* @param array $access_options array of AccessOption rules to apply to the granted access
*/
public function add_access(Entity $entity, array $access_options) {
global $config;
if(is_null($this->entity_id)) throw new BadMethodCallException('Group must be in directory before access can be added');
if(is_null($entity->entity_id)) throw new InvalidArgumentException('Entity must be in directory before it can be granted access to a group');
$access = new Access;
$access->dest_entity_id = $this->entity_id;
$access->source_entity_id = $entity->entity_id;
$access->granted_by = $this->active_user->entity_id;
try {
$stmt = $this->database->prepare("INSERT INTO access SET dest_entity_id = ?, source_entity_id = ?, grant_date = UTC_TIMESTAMP(), granted_by = ?");
$stmt->bind_param('ddd', $access->dest_entity_id, $access->source_entity_id, $access->granted_by);
$stmt->execute();
$access->id = $stmt->insert_id;
$stmt->close();
switch(get_class($entity)) {
case 'User':
$this->log(array('action' => 'Access add', 'value' => "user:{$entity->uid}"), LOG_WARNING);
$mailsubject = "{$entity->uid} granted access to {$this->name} group resources by {$this->active_user->uid}";
$mailbody = "{$entity->name} ({$entity->uid}) has been granted access to resources in the {$this->name} group by {$this->active_user->name} ({$this->active_user->uid}).";
break;
case 'ServerAccount':
$this->log(array('action' => 'Access add', 'value' => "account:{$entity->name}@{$entity->server->hostname}"), LOG_WARNING);
$mailsubject = "{$entity->name}@{$entity->server->hostname} granted access to {$this->name} group resources by {$this->active_user->uid}";
$mailbody = "{$entity->name}@{$entity->server->hostname} has been granted access to resources in the {$this->name} group by {$this->active_user->name} ({$this->active_user->uid}).";
break;
case 'Group':
$this->log(array('action' => 'Access add', 'value' => "group:{$entity->name}"), LOG_WARNING);
$mailsubject = "{$entity->name} group granted access to {$this->name} group resources by {$this->active_user->uid}";
$mailbody = "The {$entity->name} group has been granted access to resources in the {$this->name} group by {$this->active_user->name} ({$this->active_user->uid}).";
break;
}
if($this->active_user->uid != 'import-script') {
$email = new Email;
foreach($this->list_admins() as $admin) {
$email->add_recipient($admin->email, $admin->name);
}
$email->add_cc($config['email']['report_address'], $config['email']['report_name']);
$email->subject = $mailsubject;
$email->body = $mailbody;
$email->send();
}
foreach($access_options as $access_option) {
$access->add_option($access_option);
}
} catch(mysqli_sql_exception $e) {
if($e->getCode() == 1062) {
// Duplicate entry - ignore
} else {
throw $e;
}
}
$this->sync_access();
}
/**
* Revoke the specified access rule to members of this group.
* @param Access $access rule to be removed
*/
public function delete_access(Access $access) {
if(is_null($this->entity_id)) throw new BadMethodCallException('Group must be in directory before access can be deleted');
$entity = $access->source_entity;
switch(get_class($entity)) {
case 'User':
$this->log(array('action' => 'Access remove', 'value' => "user:{$entity->uid}"));
break;
case 'ServerAccount':
$this->log(array('action' => 'Access remove', 'value' => "account:{$entity->name}@{$entity->server->hostname}"));
break;
case 'Group':
$this->log(array('action' => 'Access remove', 'value' => "group:{$entity->name}"));
break;
}
$stmt = $this->database->prepare("DELETE FROM access WHERE dest_entity_id = ? AND id = ?");
$stmt->bind_param('ds', $this->entity_id, $access->id);
$stmt->execute();
$stmt->close();
$this->sync_access();
}
/**
* List all groups that *this* group is a member of, searched recursively.
* Note: nested groups are no longer allowed by the UI.
* @todo remove nested group functionality
* @return array of Group objects
*/
public function list_group_membership() {
global $group_dir;
return $group_dir->list_group_membership($this);
}
/**
* Trigger a resync for all members of this group, searched recursively†.
* †Nested groups are no longer allowed by the UI.
* @todo remove nested group functionality
* @param array $seen keep track of entities we've already processed to prevent infinite recursion
*/
public function sync_access(&$seen = array()) {
$seen[$this->entity_id] = true;
$members = $this->list_members();
foreach($members as $entity) {
if(!isset($seen[$entity->entity_id])) {
$entity->sync_access($seen);
}
}
}
}

204
model/groupdirectory.php Normal file
View File

@@ -0,0 +1,204 @@
<?php
##
## Copyright 2013-2017 Opera Software AS
##
## Licensed under the Apache License, Version 2.0 (the "License");
## you may not use this file except in compliance with the License.
## You may obtain a copy of the License at
##
## http://www.apache.org/licenses/LICENSE-2.0
##
## Unless required by applicable law or agreed to in writing, software
## distributed under the License is distributed on an "AS IS" BASIS,
## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
## See the License for the specific language governing permissions and
## limitations under the License.
##
/**
* Class for reading/writing to the list of Group objects in the database.
*/
class GroupDirectory extends DBDirectory {
/**
* Create the new group in the database.
* @param Group $group object to add
* @throws GroupAlreadyExistsException if a group with that name already exists
*/
public function add_group(Group $group) {
$name = $group->name;
$system = $group->system;
$this->database->begin_transaction();
$stmt = $this->database->prepare("INSERT INTO entity SET type = 'group'");
$stmt->execute();
$group->entity_id = $stmt->insert_id;
$stmt->close();
$stmt = $this->database->prepare("INSERT INTO `group` SET entity_id = ?, name = ?, system = ?");
$stmt->bind_param('dsd', $group->entity_id, $name, $system);
try {
$stmt->execute();
$stmt->close();
$this->database->commit();
$group->log(array('action' => 'Group add'));
} catch(mysqli_sql_exception $e) {
$this->database->rollback();
if($e->getCode() == 1062) {
// Duplicate entry
throw new GroupAlreadyExistsException("Group {$group->name} already exists");
} else {
throw $e;
}
}
}
/**
* Get a group from the database by its entity ID.
* @param int $entity_id of group
* @return Group with specified entity ID
* @throws GroupNotFoundException if no group with that entity ID exists
*/
public function get_group_by_id($entity_id) {
$stmt = $this->database->prepare("SELECT * FROM `group` WHERE entity_id = ?");
$stmt->bind_param('d', $entity_id);
$stmt->execute();
$result = $stmt->get_result();
if($row = $result->fetch_assoc()) {
$group = new Group($row['entity_id'], $row);
} else {
throw new GroupNotFoundException('Group does not exist.');
}
$stmt->close();
return $group;
}
/**
* Get a group from the database by its name.
* @param string $name of group
* @return Group with specified name
* @throws GroupNotFoundException if no group with that name exists
*/
public function get_group_by_name($name) {
$stmt = $this->database->prepare("SELECT * FROM `group` WHERE name = ?");
$stmt->bind_param('s', $name);
$stmt->execute();
$result = $stmt->get_result();
if($row = $result->fetch_assoc()) {
$group = new Group($row['entity_id'], $row);
} else {
throw new GroupNotFoundException('Group does not exist');
}
$stmt->close();
return $group;
}
/**
* List all groups in the database.
* @param array $include list of extra data to include in response
* @param array $filter list of field/value pairs to filter results on
* @return array of Group objects
*/
public function list_groups($include = array(), $filter = array()) {
// WARNING: The search query is not parameterized - be sure to properly escape all input
$fields = array("`group`.*");
$joins = array();
$where = array();
foreach($filter as $field => $value) {
if($value) {
switch($field) {
case 'name':
$where[] = "`group`.name REGEXP '".$this->database->escape_string($value)."'";
break;
case 'active':
$where[] = "`group`.active IN (".implode(", ", array_map('intval', $value)).")";
break;
case 'admin':
$where[] = "admin_filter.admin = ".intval($value);
$joins['adminfilter'] = "INNER JOIN entity_admin admin_filter ON admin_filter.entity_id = `group`.entity_id";
break;
case 'member':
$where[] = "member_filter.entity_id = ".intval($value);
$joins['memberfilter'] = "INNER JOIN group_member member_filter ON member_filter.group = `group`.entity_id";
break;
}
}
}
foreach($include as $inc) {
switch($inc) {
case 'admins':
$fields[] = "GROUP_CONCAT(DISTINCT user.uid SEPARATOR ', ') AS admins";
$joins['admins'] = "LEFT JOIN entity_admin ON entity_admin.entity_id = `group`.entity_id";
$joins['adminusers'] = "LEFT JOIN user ON user.entity_id = entity_admin.admin AND user.active";
break;
case 'members':
$fields[] = "COUNT(DISTINCT group_member.entity_id) AS member_count";
$joins['members'] = "LEFT JOIN group_member ON group_member.group = `group`.entity_id";
break;
}
}
try {
$stmt = $this->database->prepare("
SELECT ".implode(", ", $fields)."
FROM `group` ".implode(" ", $joins)."
".(count($where) == 0 ? "" : "WHERE (".implode(") AND (", $where).")")."
GROUP BY group.entity_id
ORDER BY `group`.name
");
} catch(mysqli_sql_exception $e) {
if($e->getCode() == 1139) {
throw new GroupSearchInvalidRegexpException;
} else {
throw $e;
}
}
$stmt->execute();
$result = $stmt->get_result();
$groups = array();
while($row = $result->fetch_assoc()) {
$groups[] = new Group($row['entity_id'], $row);
}
$stmt->close();
return $groups;
}
/**
* List all groups that the given entity (User/ServerAccount/Group†) is a member of (searched recursively†).
* †Nested groups are no longer allowed by the UI.
* @todo remove nested group functionality
* @param Entity $entity to find in group memberships
* @param array $via keep track of groups we have already searched through to prevent infinite recursion†
* @param array $groups to allow the function to add to the list of groups when recursing†
* @return array of Group objects
*/
public function list_group_membership(Entity $entity, $via = array(), &$groups = array()) {
$stmt = $this->database->prepare("
SELECT `group`.*, add_date, added_by
FROM group_member
INNER JOIN `group` ON `group`.entity_id = group_member.group
WHERE group_member.entity_id = ?
ORDER BY `group`.name
");
$stmt->bind_param('d', $entity->entity_id);
$stmt->execute();
$result = $stmt->get_result();
while($row = $result->fetch_assoc()) {
$row['added_by'] = new User($row['added_by']);
$group = new Group($row['entity_id'], $row);
$groups[] = $group;
$skip = false;
foreach($via as $check) {
if($group->id == $check->id) $skip = true;
}
if(!$skip) {
$thisvia = $via;
$thisvia[] = $group;
$this->list_group_membership($group, $thisvia, $groups);
}
}
$stmt->close();
return $groups;
}
}
class GroupNotFoundException extends Exception {}
class GroupAlreadyExistsException extends Exception {}
class GroupNotDeletableException extends Exception {}
class GroupSearchInvalidRegexpException extends Exception {}

36
model/groupevent.php Normal file
View File

@@ -0,0 +1,36 @@
<?php
##
## Copyright 2013-2017 Opera Software AS
##
## Licensed under the Apache License, Version 2.0 (the "License");
## you may not use this file except in compliance with the License.
## You may obtain a copy of the License at
##
## http://www.apache.org/licenses/LICENSE-2.0
##
## Unless required by applicable law or agreed to in writing, software
## distributed under the License is distributed on an "AS IS" BASIS,
## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
## See the License for the specific language governing permissions and
## limitations under the License.
##
/**
* Class that represents a log event that was recorded in relation to a group
*/
class GroupEvent extends EntityEvent {
/**
* Magic getter method - if group field requested, return Group object of the affected group.
* @param string $field to retrieve
* @return mixed data stored in field
*/
public function &__get($field) {
switch($field) {
case 'group':
$group = new Group($this->data['entity_id']);
return $group;
default:
return parent::__get($field);
}
}
}

289
model/publickey.php Normal file
View File

@@ -0,0 +1,289 @@
<?php
##
## Copyright 2013-2017 Opera Software AS
##
## Licensed under the Apache License, Version 2.0 (the "License");
## you may not use this file except in compliance with the License.
## You may obtain a copy of the License at
##
## http://www.apache.org/licenses/LICENSE-2.0
##
## Unless required by applicable law or agreed to in writing, software
## distributed under the License is distributed on an "AS IS" BASIS,
## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
## See the License for the specific language governing permissions and
## limitations under the License.
##
/**
* Class that represents a stored SSH public key
*/
class PublicKey extends Record {
/**
* Defines the database table that this object is stored in
*/
protected $table = 'public_key';
/**
* Import all key data from a provided OpenSSH-text-format public key.
* Cope with some possible correctable whitespace data issues.
* @param string $key data to import
* @param string|null $uid if not null, used if key has no comment to generate a standard comment
* @param bool $force if true, enable the use of lower security keys
* @throws InvalidArgumentException if the public key cannot be parsed or is not sufficiently secure
*/
public function import($key, $uid = null, $force = false) {
// Remove newlines (often included by accident) and trim
$key = str_replace(array("\r", "\n"), array(), trim($key));
// Initial sanity check and determine minimum length for algorithm
if(preg_match('|^(ssh-[a-z]{3}) ([A-Za-z0-9+/]+={0,2})(?: (.*))?$|', $key, $matches)) {
$minbits = 4096;
} elseif(preg_match('|^(ecdsa-sha2-nistp[0-9]+) ([A-Za-z0-9+/]+={0,2})(?: (.*))?$|', $key, $matches)) {
$minbits = 384;
} elseif(preg_match('|^(ssh-ed25519) ([A-Za-z0-9+/]+={0,2})(?: (.*))?$|', $key, $matches)) {
$minbits = 256;
} else {
throw new InvalidArgumentException("Public key doesn't look valid");
}
$this->type = $matches[1];
$this->keydata = $matches[2];
if(isset($matches[3])) {
$this->comment = $matches[3];
} elseif(is_null($uid)) {
$this->comment = date('Y-m-d');
} else {
$this->comment = $uid.'-'.date('Y-m-d');
}
$algorithm = $this->get_openssh_info();
$hash_md5 = md5(base64_decode($this->keydata));
$hash_sha256 = hash('sha256', base64_decode($this->keydata), true);
$this->fingerprint_md5 = rtrim(chunk_split($hash_md5, 2, ':'), ':');
$this->fingerprint_sha256 = rtrim(base64_encode($hash_sha256), '=');
$this->randomart_md5 = $this->generate_randomart($hash_md5, "{$algorithm} {$this->keysize}", 'MD5');
$this->randomart_sha256 = $this->generate_randomart(bin2hex($hash_sha256), "{$algorithm} {$this->keysize}", 'SHA256');
if($this->keysize < $minbits && !$force) {
throw new InvalidArgumentException("Insufficient bits in public key");
}
}
/**
* Determine the algorithm and keysize of a key by passing it to OpenSSH's ssh-keygen utility.
* @return string algorithm in use
*/
public function get_openssh_info() {
$filename = tempnam('/tmp', 'key-test-');
$file = fopen($filename, 'w');
fwrite($file, $this->export());
fclose($file);
exec('/usr/bin/ssh-keygen -lf '.escapeshellarg($filename).' 2>/dev/null', $output);
unlink($filename);
if(count($output) == 1 && preg_match('|^([0-9]+) .* \(([A-Z0-9]+)\)$|', $output[0], $matches)) {
$this->keysize = intval($matches[1]);
return $matches[2];
} else {
throw new InvalidArgumentException("Public key doesn't look valid");
}
}
/**
* Generate random art for the key in the same way that OpenSSH does
* OpenSSH random art uses the 'drunken bishop' algorithm as explained at
* https://pthree.org/2013/05/30/openssh-keys-and-the-drunken-bishop/
* @param string $string key hash to generate randomart of
* @param string $keytype string containing text to include at the top of the randomart
* @param string $algo string containing text to include at the bottom of the randomart
* @return string containing generated randomart
*/
function generate_randomart($string, $keytype, $algo) {
// Basic constants
$max_x = 16; // Map size, x dimension
$max_y = 8; // Map size, y dimension
$s_x = 8; // Starting position, x coord
$s_y = 4; // Starting position, y coord
// Character mapping
$char_map = array(' ', '.', 'o', '+', '=', '*', 'B', 'O', 'X', '@', '%', '&', '#', '/', '^');
// Build empty map
$map = array();
for($x = 0; $x <= $max_x; $x++) {
$map[$x] = array();
for($y = 0; $y <= $max_y; $y++) {
$map[$x][$y] = 0;
}
}
// Set the bishop to his starting position
$b_x = $s_x; // Bishop position, x coord
$b_y = $s_y; // Bishop position, y coord
// Let him wander
$chunks = str_split($string, 2);
foreach($chunks as $chunk) {
$binary = str_pad(base_convert($chunk, 16, 2), 8, '0', STR_PAD_LEFT);
foreach(array_reverse(str_split($binary, 2)) as $bit_pair) {
// Work out which diagonal direction he will move based on the bit pair
$dx = ($bit_pair[1] == 0 ? -1 : 1);
$dy = ($bit_pair[0] == 0 ? -1 : 1);
$b_x += $dx;
$b_y += $dy;
// Stop him wandering outside the map
$b_x = min(max($b_x, 0), 16);
$b_y = min(max($b_y, 0), 8);
// Increment count at his new position
$map[$b_x][$b_y]++;
}
}
// Output his path within the map
$output = "+".str_pad('['.$keytype.']', $max_x + 1, '-', STR_PAD_BOTH)."+\n";
for($y = 0; $y <= $max_y; $y++) {
$output .= "|";
for($x = 0; $x <= $max_x; $x++) {
if($x == $b_x && $y == $b_y) {
// End position
$output .= 'E';
} elseif($x == $s_x && $y == $s_y) {
// Start position
$output .= 'S';
} else {
// Output character corresponding to number of passes
if(isset($char_map[$map[$x][$y]])) {
$output .= $char_map[$map[$x][$y]];
} else {
$output .= '^';
}
}
}
$output .= "|\n";
}
$output .= "+".str_pad('['.$algo.']', $max_x + 1, '-', STR_PAD_BOTH)."+";
return $output;
}
/**
* Provide the key in OpenSSH-text-format.
* @return string key in OpenSSH-text-format
*/
public function export() {
return "{$this->type} {$this->keydata} {$this->comment}";
}
/**
* Provide a text summary of details about the key, including hashes, randomart and link to view it.
* @return string text summary
*/
public function summarize_key_information() {
global $config;
$url = $config['web']['baseurl'].'/pubkeys/'.urlencode($this->id);
$output = "The key fingerprint is:\n";
$output .= " MD5:{$this->fingerprint_md5}\n";
$output .= " SHA256:{$this->fingerprint_sha256}\n\n";
$output .= "The key randomart is:\n";
$randomart_md5 = explode("\n", $this->randomart_md5);
$randomart_sha256 = explode("\n", $this->randomart_sha256);
foreach($randomart_md5 as $ref => $line) {
$output .= $line.' '.$randomart_sha256[$ref]."\n";
}
$output .= "\nYou can also view the key at <$url>";
return $output;
}
/**
* Add a GPG signature for this public key.
* @param PublicKeySignature $sig GPG signature to add
*/
public function add_signature(PublicKeySignature $sig) {
if(is_null($this->id)) throw new BadMethodCallException('Public key must be in directory before signatures can be added');
$sig->validate();
$stmt = $this->database->prepare("INSERT INTO public_key_signature SET public_key_id = ?, signature = ?, upload_date = UTC_TIMESTAMP(), fingerprint = ?, sign_date = ?");
$stmt->bind_param('dsss', $this->id, $sig->signature, $sig->fingerprint, $sig->sign_date);
$stmt->execute();
$sig->id = $stmt->insert_id;
$stmt->close();
$this->owner->sync_remote_access();
}
/**
* Delete a GPG signature for this public key.
* @param PublicKeySignature $sig GPG signature to remove
*/
public function delete_signature(PublicKeySignature $sig) {
if(is_null($this->id)) throw new BadMethodCallException('Public key must be in directory before signatures can be deleted');
$stmt = $this->database->prepare("DELETE FROM public_key_signature WHERE public_key_id = ? AND id = ?");
$stmt->bind_param('dd', $this->id, $sig->id);
$stmt->execute();
$stmt->close();
$this->owner->sync_remote_access();
}
/**
* List all GPG signatures stored for this public key.
* @return array of PublicKeySignature objects
*/
public function list_signatures() {
if(is_null($this->entity_id)) throw new BadMethodCallException('Public key must be in directory before signatures can be listed');
$stmt = $this->database->prepare("SELECT * FROM public_key_signature WHERE public_key_id = ?");
$stmt->bind_param('d', $this->id);
$stmt->execute();
$result = $stmt->get_result();
$sigs = array();
while($row = $result->fetch_assoc()) {
$sig = new PublicKeySignature($row['id'], $row);
$sig->public_key = $this;
$sigs[] = $sig;
}
$stmt->close();
return $sigs;
}
/**
* Add a destination rule specifying where this key is allowed to be synced to.
* @param PublicKeyDestRule $rule destination rule to be added
*/
public function add_destination_rule(PublicKeyDestRule $rule) {
if(is_null($this->id)) throw new BadMethodCallException('Public key must be in directory before destination rules can be added');
$stmt = $this->database->prepare("INSERT INTO public_key_dest_rule SET public_key_id = ?, account_name_filter = ?, hostname_filter = ?");
$stmt->bind_param('dss', $this->id, $rule->account_name_filter, $rule->hostname_filter);
$stmt->execute();
$rule->id = $stmt->insert_id;
$stmt->close();
$this->owner->sync_remote_access();
}
/**
* Delete a destination rule that specified where this key was allowed to be synced to.
* @param PublicKeyDestRule $rule destination rule to be removed
*/
public function delete_destination_rule(PublicKeyDestRule $rule) {
if(is_null($this->id)) throw new BadMethodCallException('Public key must be in directory before destination rules can be added');
$stmt = $this->database->prepare("DELETE FROM public_key_dest_rule WHERE public_key_id = ? AND id = ?");
$stmt->bind_param('dd', $this->id, $rule->id);
$stmt->execute();
$stmt->close();
$this->owner->sync_remote_access();
}
/**
* List all destination rule currently applying to this key.
* @return array of PublicKeyDestRule objects
*/
public function list_destination_rules() {
if(is_null($this->entity_id)) throw new BadMethodCallException('Public key must be in directory before destination rules can be listed');
$stmt = $this->database->prepare("SELECT * FROM public_key_dest_rule WHERE public_key_id = ?");
$stmt->bind_param('d', $this->id);
$stmt->execute();
$result = $stmt->get_result();
$rules = array();
while($row = $result->fetch_assoc()) {
$rules[] = new PublicKeyDestRule($row['id'], $row);
}
$stmt->close();
return $rules;
}
}

29
model/publickeydestrule.php Normal file
View File

@@ -0,0 +1,29 @@
<?php
##
## Copyright 2013-2017 Opera Software AS
##
## Licensed under the Apache License, Version 2.0 (the "License");
## you may not use this file except in compliance with the License.
## You may obtain a copy of the License at
##
## http://www.apache.org/licenses/LICENSE-2.0
##
## Unless required by applicable law or agreed to in writing, software
## distributed under the License is distributed on an "AS IS" BASIS,
## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
## See the License for the specific language governing permissions and
## limitations under the License.
##
/**
* Class that represents a destination restriction rule on a public key (based on account name and
* server hostname). Wildcards (*) are possible for use in either or both fields.
* Public keys with one or more PublicKeyDestRule objects associated with them will only be synced
* to a destination if it matches at least one of those rules.
*/
class PublicKeyDestRule extends Record {
/**
* Defines the database table that this object is stored in
*/
protected $table = 'public_key_dest_rule';
}

105
model/publickeydirectory.php Normal file
View File

@@ -0,0 +1,105 @@
<?php
##
## Copyright 2013-2017 Opera Software AS
##
## Licensed under the Apache License, Version 2.0 (the "License");
## you may not use this file except in compliance with the License.
## You may obtain a copy of the License at
##
## http://www.apache.org/licenses/LICENSE-2.0
##
## Unless required by applicable law or agreed to in writing, software
## distributed under the License is distributed on an "AS IS" BASIS,
## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
## See the License for the specific language governing permissions and
## limitations under the License.
##
/**
* Class for reading/writing to the list of PublicKey objects in the database.
*/
class PublicKeyDirectory extends DBDirectory {
/**
* Retrieve a public key matching the specified ID.
* @param int $id of public key to retrieve
* @return PublicKey object with specified ID
* @throws PublicKeyNotFoundException if no key with that ID exists
*/
public function get_public_key_by_id($id) {
$stmt = $this->database->prepare("
SELECT public_key.*, entity.type AS entity_type
FROM public_key
INNER JOIN entity ON entity.id = public_key.entity_id
WHERE public_key.id = ?
");
$stmt->bind_param('d', $id);
$stmt->execute();
$result = $stmt->get_result();
if($row = $result->fetch_assoc()) {
switch($row['entity_type']) {
case 'user': $row['owner'] = new User($row['entity_id']); break;
case 'server account': $row['owner'] = new ServerAccount($row['entity_id']); break;
}
$key = new PublicKey($row['id'], $row);
} else {
throw new PublicKeyNotFoundException('Public key does not exist.');
}
$stmt->close();
return $key;
}
/**
* List stored public keys, optionally filtered by various parameters.
* See also Entity::list_public_keys function for retrieving keys belonging to a specific entity.
* @param array $include list of extra data to include in response - currently unused
* @param array $filter list of field/value pairs to filter results on
* @return array of PublicKey objects
*/
public function list_public_keys($include = array(), $filter = array()) {
// WARNING: The search query is not parameterized - be sure to properly escape all input
$fields = array("public_key.*, entity.type AS entity_type");
$joins = array();
$where = array();
foreach($filter as $field => $value) {
if($value) {
switch($field) {
case 'type':
$where[] = "public_key.type = '".$this->database->escape_string($value)."'";
break;
case 'keysize-min':
$where[] = "public_key.keysize >= ".intval($this->database->escape_string($value));
break;
case 'keysize-max':
$where[] = "public_key.keysize <= ".intval($this->database->escape_string($value));
break;
case 'fingerprint':
$where[] = "public_key.fingerprint_md5 = '".$this->database->escape_string($value)."' OR public_key.fingerprint_sha256 = '".$this->database->escape_string($value)."'";
break;
}
}
}
$stmt = $this->database->prepare("
SELECT ".implode(", ", $fields)."
FROM public_key ".implode(" ", $joins)."
INNER JOIN entity ON entity.id = public_key.entity_id
LEFT JOIN user ON user.entity_id = entity.id
LEFT JOIN server_account ON server_account.entity_id = entity.id
LEFT JOIN server ON server.id = server_account.server_id
".(count($where) == 0 ? "" : "WHERE (".implode(") AND (", $where).")")."
ORDER BY entity.type, user.uid, server.hostname, server_account.name
");
$stmt->execute();
$result = $stmt->get_result();
$pubkeys = array();
while($row = $result->fetch_assoc()) {
switch($row['entity_type']) {
case 'user': $row['owner'] = new User($row['entity_id']); break;
case 'server account': $row['owner'] = new ServerAccount($row['entity_id']); break;
}
$pubkeys[] = new PublicKey($row['id'], $row);
}
return $pubkeys;
}
}
class PublicKeyNotFoundException extends Exception {}

49
model/publickeysignature.php Normal file
View File

@@ -0,0 +1,49 @@
<?php
##
## Copyright 2013-2017 Opera Software AS
##
## Licensed under the Apache License, Version 2.0 (the "License");
## you may not use this file except in compliance with the License.
## You may obtain a copy of the License at
##
## http://www.apache.org/licenses/LICENSE-2.0
##
## Unless required by applicable law or agreed to in writing, software
## distributed under the License is distributed on an "AS IS" BASIS,
## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
## See the License for the specific language governing permissions and
## limitations under the License.
##
/**
* Class that represents a GPG signature that is claimed to sign the associated public key.
*/
class PublicKeySignature extends Record {
protected $table = 'public_key_signature';
/**
* Perform basic validation that the signature at least looks like a valid signature and
* retrieve the fingerprint and signing date.
* We cannot check that the signature is actually a valid signature for the public key since we
* would need to have the signing GPG public key on our keyring to do so.
*/
public function validate() {
$gpg = new gnupg();
// We assume that the pubkey file that was signed is equal to the uploaded pubkey + a single newline
$line_endings = array("\n", "\r\n", "\r", ""); // Endings to try in order of expected likelihood
foreach($line_endings as $line_ending) {
$info = $gpg->verify($this->public_key->export().$line_ending, $this->signature);
if(is_array($info)) {
$sig = reset($info);
if($sig['validity'] > 0) break;
} else {
throw new InvalidArgumentException("Signature doesn't seem valid");
}
}
if($sig['validity'] == 0) {
#throw new InvalidArgumentException("Signature doesn't validate against pubkey");
}
$this->fingerprint = $sig['fingerprint'];
$this->sign_date = gmdate('Y-m-d H:i:s', $sig['timestamp']);
}
}

184
model/record.php Normal file
View File

@@ -0,0 +1,184 @@
<?php
##
## Copyright 2013-2017 Opera Software AS
##
## Licensed under the Apache License, Version 2.0 (the "License");
## you may not use this file except in compliance with the License.
## You may obtain a copy of the License at
##
## http://www.apache.org/licenses/LICENSE-2.0
##
## Unless required by applicable law or agreed to in writing, software
## distributed under the License is distributed on an "AS IS" BASIS,
## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
## See the License for the specific language governing permissions and
## limitations under the License.
##
/**
* Basic record abstract class. Inherited by most classes whose objects are stored in the database.
* Provides __get, __set and update methods for reading and updating fields.
*/
abstract class Record {
/**
* Database connection object
*/
protected $database;
/**
* User object for the logged-in user
*/
protected $active_user;
/**
* Set to true if any data in this record has been modified
*/
protected $dirty;
/**
* The array of data associated with this record
*/
protected $data;
/**
* Defines the database table that these records are stored in
*/
protected $table;
/**
* Defines the field that is the primary key of the table
*/
protected $idfield = 'id';
/**
* The ID of this record
*/
public $id;
public function __construct($id = null, $preload_data = array()) {
global $database;
global $active_user;
$this->database = &$database;
$this->active_user = &$active_user;
$this->id = $id;
$this->data = array();
foreach($preload_data as $field => $value) {
$this->data[$field] = $value;
}
if(is_null($this->id)) $this->dirty = true;
}
/**
* Magic getter method - return the value of the specified field. Retrieve the row from the
* database if we do not have data for that field yet.
* @param string $field name of field to retrieve
* @return mixed data stored in field
* @throws Exception if the row or the field does not exist in the database
*/
public function &__get($field) {
if(!array_key_exists($field, $this->data)) {
// We don't have a value for this field yet
if(is_null($this->id)) {
// Record is not yet in the database - nothing to retrieve
$result = null;
return $result;
}
// Attempt to get data from database
$stmt = $this->database->prepare("SELECT * FROM `$this->table` WHERE {$this->idfield} = ?");
$stmt->bind_param('d', $this->id);
$stmt->execute();
$result = $stmt->get_result();
if($result->num_rows != 1) {
throw new Exception("Unexpected number of rows returned ({$result->num_rows}), expected exactly 1. Table:{$this->table}, ID field: {$this->idfield}, ID: {$this->id}");
}
$data = $result->fetch_assoc();
// Populate data array for fields we do not already have a value for
foreach($data as $f => $v) {
if(!isset($this->data[$f])) {
$this->data[$f] = $v;
}
}
$stmt->close();
if(!array_key_exists($field, $this->data)) {
// We still don't have a value, so this field doesn't exist in the database
throw new Exception("Field $field does not exist in {$this->table} table.");
}
}
return $this->data[$field];
}
/**
* Magic setter method - store the updated value and set the record as dirty.
* @param string $field name of field
* @param mixed $value data to store in field
*/
public function __set($field, $value) {
$this->data[$field] = $value;
$this->dirty = true;
if($field == $this->idfield) $this->id = $value;
}
/**
* Update the database with all fields that have been modified.
* @return array of StdClass detailing actual updates that were applied
* @throws UniqueKeyViolationException if the update violated a unique key on the table
*/
public function update() {
$stmt = $this->database->prepare("SELECT * FROM `$this->table` WHERE {$this->idfield} = ?");
$stmt->bind_param('d', $this->id);
$stmt->execute();
$result = $stmt->get_result();
if(!($row = $result->fetch_assoc())) {
throw new Exception("Record not found in database");
}
$stmt->close();
$updates = array();
$fields = array();
$values = array();
$types = '';
foreach($row as $field => $value) {
if(array_key_exists($field, $this->data) && $this->data[$field] != $value) {
$update = new StdClass;
$update->field = $field;
$update->old_value = $value;
$update->new_value = $this->data[$field];
$updates[] = $update;
$fields[] = "`$field` = ?";
$values[] =& $this->data[$field];
$types .= 's';
}
}
if(!empty($updates)) {
try {
$stmt = $this->database->prepare("UPDATE `$this->table` SET ".implode(', ', $fields)." WHERE {$this->idfield} = ?");
$values[] =& $this->id;
$types .= 'd';
array_unshift($values, $types);
$reflection = new ReflectionClass('mysqli_stmt');
$method = $reflection->getMethod("bind_param");
$method->invokeArgs($stmt, $values);
$stmt->execute();
} catch(mysqli_sql_exception $e) {
if($e->getCode() == 1062) {
// Duplicate entry
$message = $e->getMessage();
if(preg_match("/^Duplicate entry '(.*)' for key '(.*)'$/", $message, $matches)) {
$ne = new UniqueKeyViolationException($e->getMessage());
$ne->fields = explode(',', $matches[2]);
$ne->values = explode(',', $matches[1]);
throw $ne;
}
}
throw $e;
}
}
$this->dirty = false;
return $updates;
}
}
class UniqueKeyViolationException extends Exception {
/**
* Fields involved in the unique key conflict
*/
public $fields;
/**
* Values that conflicted
*/
public $values;
}

585
model/server.php Normal file
View File

@@ -0,0 +1,585 @@
<?php
##
## Copyright 2013-2017 Opera Software AS
##
## Licensed under the Apache License, Version 2.0 (the "License");
## you may not use this file except in compliance with the License.
## You may obtain a copy of the License at
##
## http://www.apache.org/licenses/LICENSE-2.0
##
## Unless required by applicable law or agreed to in writing, software
## distributed under the License is distributed on an "AS IS" BASIS,
## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
## See the License for the specific language governing permissions and
## limitations under the License.
##
/**
* Class that represents a server
*/
class Server extends Record {
/**
* Defines the database table that this object is stored in
*/
protected $table = 'server';
/**
* Write event details to syslog and to server_event table.
* @param array $details event paramaters to be logged
* @param int $level syslog priority as defined in http://php.net/manual/en/function.syslog.php
*/
public function log($details, $level = LOG_INFO) {
if(is_null($this->id)) throw new BadMethodCallException('Server must be in directory before log entries can be added');
$json = json_encode($details, JSON_UNESCAPED_UNICODE);
$stmt = $this->database->prepare("INSERT INTO server_event SET server_id = ?, actor_id = ?, date = UTC_TIMESTAMP(), details = ?");
$stmt->bind_param('dds', $this->id, $this->active_user->entity_id, $json);
$stmt->execute();
$stmt->close();
$text = "KeysScope=\"server:{$this->hostname}\" KeysRequester=\"{$this->active_user->uid}\"";
foreach($details as $key => $value) {
$text .= ' Keys'.ucfirst($key).'="'.str_replace('"', '', $value).'"';
}
openlog('keys', LOG_ODELAY, LOG_AUTH);
syslog($level, $text);
closelog();
}
/**
* Write property changes to database and log the changes.
* Triggers a resync if certain settings are changed.
*/
public function update() {
$changes = parent::update();
$resync = false;
foreach($changes as $change) {
switch($change->field) {
case 'hostname':
case 'key_management':
case 'authorization':
case 'custom_keys':
$resync = true;
break;
case 'rsa_key_fingerprint':
if(empty($change->new_value)) $resync = true;
break;
}
$this->log(array('action' => 'Setting update', 'value' => $change->new_value, 'oldvalue' => $change->old_value, 'field' => ucfirst(str_replace('_', ' ', $change->field))));
}
if($resync) {
$this->sync_access();
}
}
/**
* List all log events for this server.
* @return array of ServerEvent objects
*/
public function get_log() {
if(is_null($this->id)) throw new BadMethodCallException('Server must be in directory before log entries can be listed');
$stmt = $this->database->prepare("
SELECT *
FROM server_event
WHERE server_id = ?
ORDER BY id DESC
");
$stmt->bind_param('d', $this->id);
$stmt->execute();
$result = $stmt->get_result();
$log = array();
while($row = $result->fetch_assoc()) {
$log[] = new ServerEvent($row['id'], $row);
}
$stmt->close();
return $log;
}
/**
* List all log events for this server and any accounts on the server.
* @return array of ServerEvent/ServerAccountEvent objects
*/
public function get_log_including_accounts() {
if(is_null($this->id)) throw new BadMethodCallException('Server must be in directory before log entries can be listed');
$stmt = $this->database->prepare("
(SELECT se.id, se.actor_id, se.date, se.details, se.server_id, NULL as entity_id, 'server' as type
FROM server_event se
WHERE se.server_id = ?
ORDER BY id DESC)
UNION
(SELECT ee.id, ee.actor_id, ee.date, ee.details, NULL as server_id, ee.entity_id, 'server account' as type
FROM server_account sa
INNER JOIN entity_event ee ON ee.entity_id = sa.entity_id
WHERE sa.server_id = ?
ORDER BY id DESC)
ORDER BY date DESC, id DESC
");
$stmt->bind_param('dd', $this->id, $this->id);
$stmt->execute();
$result = $stmt->get_result();
$log = array();
while($row = $result->fetch_assoc()) {
if($row['type'] == 'server') {
$log[] = new ServerEvent($row['id'], $row);
} elseif($row['type'] == 'server account') {
$log[] = new ServerAccountEvent($row['id'], $row);
}
}
$stmt->close();
return $log;
}
/**
* Get the more recent log event that recorded a change in sync status.
* @todo In a future change we may want to move the 'action' parameter into its own database field.
* @return ServerEvent last sync status change event
*/
public function get_last_sync_event() {
if(is_null($this->id)) throw new BadMethodCallException('Server must be in directory before log entries can be listed');
$stmt = $this->database->prepare("SELECT * FROM server_event WHERE server_id = ? AND details LIKE '{\"action\":\"Sync status change\"%' ORDER BY id DESC LIMIT 1");
$stmt->bind_param('d', $this->id);
$stmt->execute();
$result = $stmt->get_result();
if($row = $result->fetch_assoc()) {
$event = new ServerEvent($row['id'], $row);
} else {
$event = null;
}
$stmt->close();
return $event;
}
/**
* Add the specified user or group as an administrator of the server.
* This action is logged with a warning level as it is increasing an access level.
* @param Entity $entity user or group to add as administrator
*/
public function add_admin(Entity $entity) {
global $config;
if(is_null($this->id)) throw new BadMethodCallException('Server must be in directory before admins can be added');
if(is_null($entity->entity_id)) throw new InvalidArgumentException('User or group must be in directory before it can be made admin');
$entity_id = $entity->entity_id;
try {
$url = $config['web']['baseurl'].'/servers/'.urlencode($this->hostname);
$email = new Email;
$email->subject = "Administrator for {$this->hostname}";
$email->add_cc($config['email']['report_address'], $config['email']['report_name']);
switch(get_class($entity)) {
case 'User':
$email->add_recipient($entity->email, $entity->name);
$email->body = "{$this->active_user->name} ({$this->active_user->uid}) has added you as a server administrator for {$this->hostname}. You can administer access to this server from <$url>";
$logmsg = array('action' => 'Administrator add', 'value' => "user:{$entity->uid}");
break;
case 'Group':
foreach($entity->list_members() as $member) {
if(get_class($member) == 'User') {
$email->add_recipient($member->email, $member->name);
}
}
$email->body = "{$this->active_user->name} ({$this->active_user->uid}) has added the {$entity->name} group as server administrator for {$this->hostname}. You are a member of the {$entity->name} group, so you can administer access to this server from <$url>";
$logmsg = array('action' => 'Administrator add', 'value' => "group:{$entity->name}");
break;
default:
throw new InvalidArgumentException('Entities of type '.get_class($entity).' cannot be added as server admins');
}
$stmt = $this->database->prepare("INSERT INTO server_admin SET server_id = ?, entity_id = ?");
$stmt->bind_param('dd', $this->id, $entity_id);
$stmt->execute();
$stmt->close();
if($this->active_user->uid != 'import-script') {
$this->log($logmsg, LOG_WARNING);
$email->send();
}
} catch(mysqli_sql_exception $e) {
if($e->getCode() == 1062) {
// Duplicate entry - ignore
} else {
throw $e;
}
}
}
/**
* Remove the specified user or group as an administrator of the server.
* This action is logged with a warning level as it means the removed user/group will no longer
* receive notifications for any changes done to this server.
* @param Entity $entity user or group to remove as administrator
*/
public function delete_admin(Entity $entity) {
if(is_null($this->id)) throw new BadMethodCallException('Server must be in directory before admins can be deleted');
if(is_null($entity->entity_id)) throw new InvalidArgumentException('User or group must be in directory before it can be removed as admin');
$entity_id = $entity->entity_id;
switch(get_class($entity)) {
case 'User':
$this->log(array('action' => 'Administrator remove', 'value' => "user:{$entity->uid}"), LOG_WARNING);
break;
case 'Group':
$this->log(array('action' => 'Administrator remove', 'value' => "group:{$entity->name}"), LOG_WARNING);
break;
default:
throw new InvalidArgumentException('Entities of type '.get_class($entity).' should not exist as server admins');
}
$stmt = $this->database->prepare("DELETE FROM server_admin WHERE server_id = ? AND entity_id = ?");
$stmt->bind_param('dd', $this->id, $entity_id);
$stmt->execute();
$stmt->close();
}
/**
* List all administrators of this server.
* @return array of User/Group objects
*/
public function list_admins() {
if(is_null($this->id)) throw new BadMethodCallException('Server must be in directory before admins can be listed');
$stmt = $this->database->prepare("SELECT entity_id, type FROM server_admin INNER JOIN entity ON entity.id = server_admin.entity_id WHERE server_id = ?");
$stmt->bind_param('d', $this->id);
$stmt->execute();
$result = $stmt->get_result();
$admins = array();
while($row = $result->fetch_assoc()) {
if(strtolower($row['type']) == "user") {
$admins[] = new User($row['entity_id']);
} elseif(strtolower($row['type']) == "group") {
$admins[] = new Group($row['entity_id']);
}
}
$stmt->close();
return $admins;
}
/**
* Return the list of all users who can administrate this server, including
* via group membership of a group that has been made administrator.
* @return array of User objects
*/
public function list_effective_admins() {
$admins = $this->list_admins();
$e_admins = array();
foreach($admins as $admin) {
switch(get_class($admin)) {
case 'Group':
if($admin->active) {
$members = $admin->list_members();
foreach($members as $member) {
if(get_class($member) == 'User') {
$e_admins[] = $member;
}
}
}
break;
case 'User':
$e_admins[] = $admin;
break;
}
}
return $e_admins;
}
/**
* Create any standard accounts that should exist on every server, and add them to the related
* groups.
*/
public function add_standard_accounts() {
global $group_dir, $config;
if(!isset($config['defaults']['account_groups'])) return;
foreach($config['defaults']['account_groups'] as $account_name => $group_name) {
$account = new ServerAccount;
$account->name = $account_name;
$this->add_account($account);
try {
$group = $group_dir->get_group_by_name($group_name);
} catch(GroupNotFoundException $e) {
$group = new Group;
$group->name = $group_name;
$group->system = 1;
$group_dir->add_group($group);
}
$group->add_member($account);
}
}
/**
* Create a new account on the server.
* Reactivates an existing account if one exists with the same name.
* @param ServerAccount $account to be added
* @throws AccountNameInvalid if account name is empty
*/
public function add_account(ServerAccount &$account) {
if(is_null($this->id)) throw new BadMethodCallException('Server must be in directory before accounts can be added');
$account_name = $account->name;
if($account_name === '') throw new AccountNameInvalid('Account name cannot be empty');
$sync_status = is_null($account->sync_status) ? 'not synced yet' : $account->sync_status;
$this->database->begin_transaction();
$stmt = $this->database->prepare("INSERT INTO entity SET type = 'server account'");
$stmt->execute();
$account->entity_id = $stmt->insert_id;
$stmt->close();
$stmt = $this->database->prepare("INSERT INTO server_account SET entity_id = ?, server_id = ?, name = ?, sync_status = ?");
$stmt->bind_param('ddss', $account->entity_id, $this->id, $account_name, $sync_status);
try {
$stmt->execute();
$stmt->close();
$this->database->commit();
$this->log(array('action' => 'Account add', 'value' => $account_name));
} catch(mysqli_sql_exception $e) {
$this->database->rollback();
if($e->getCode() == 1062) {
// Duplicate entry
$account = $this->get_account_by_name($account_name);
$account->active = 1;
$account->update();
} else {
throw $e;
}
}
}
/**
* Get a server account from the database by its name.
* @param string $name of account
* @return ServerAccount with specified name
* @throws ServerAccountNotFoundException if no account with that name exists
*/
public function get_account_by_name($name) {
if(is_null($this->id)) throw new BadMethodCallException('Server must be in directory before accounts can be listed');
$stmt = $this->database->prepare("SELECT entity_id, name FROM server_account WHERE server_id = ? AND name = ?");
$stmt->bind_param('ds', $this->id, $name);
$stmt->execute();
$result = $stmt->get_result();
if($row = $result->fetch_assoc()) {
$account = new ServerAccount($row['entity_id'], $row);
} else {
throw new ServerAccountNotFoundException('Account does not exist.');
}
$stmt->close();
return $account;
}
/**
* List accounts stored for this server.
* @param array $include list of extra data to include in response - currently unused
* @param array $filter list of field/value pairs to filter results on
* @return array of ServerAccount objects
*/
public function list_accounts($include = array(), $filter = array()) {
// WARNING: The search query is not parameterized - be sure to properly escape all input
if(is_null($this->id)) throw new BadMethodCallException('Server must be in directory before accounts can be listed');
$where = array('server_id = '.intval($this->id), 'active = 1');
$joins = array("LEFT JOIN access_request ON access_request.dest_entity_id = server_account.entity_id");
foreach($filter as $field => $value) {
if($value) {
switch($field) {
case 'admin':
$where[] = "admin_filter.admin = ".intval($value);
$joins['adminfilter'] = "INNER JOIN entity_admin admin_filter ON admin_filter.entity_id = server_account.entity_id";
break;
}
}
}
$stmt = $this->database->prepare("
SELECT server_account.entity_id, name,
COUNT(DISTINCT access_request.source_entity_id) AS pending_requests
FROM server_account
".implode("\n", $joins)."
WHERE (".implode(") AND (", $where).")
GROUP BY server_account.entity_id
ORDER BY name
");
$stmt->execute();
$result = $stmt->get_result();
$accounts = array();
while($row = $result->fetch_assoc()) {
$accounts[] = new ServerAccount($row['entity_id'], $row);
}
$stmt->close();
return $accounts;
}
/**
* Add an access option that should be applied to all LDAP accounts on the server.
* Access options include "command", "from", "no-port-forwarding" etc.
* @param ServerLDAPAccessOption $option to be added
*/
public function add_ldap_access_option(ServerLDAPAccessOption $option) {
if(is_null($this->id)) throw new BadMethodCallException('Server must be in directory before LDAP access options can be added');
$stmt = $this->database->prepare("INSERT INTO server_ldap_access_option SET server_id = ?, `option` = ?, value = ?");
$stmt->bind_param('dss', $this->id, $option->option, $option->value);
$stmt->execute();
$stmt->close();
}
/**
* Remove an access option from all LDAP accounts on the server.
* Access options include "command", "from", "no-port-forwarding" etc.
* @param ServerLDAPAccessOption $option to be removed
*/
public function delete_ldap_access_option(ServerLDAPAccessOption $option) {
if(is_null($this->id)) throw new BadMethodCallException('Server must be in directory before LDAP access options can be deleted');
$stmt = $this->database->prepare("DELETE FROM server_ldap_access_option WHERE server_id = ? AND `option` = ?");
$stmt->bind_param('ds', $this->id, $option->option);
$stmt->execute();
$stmt->close();
}
/**
* Replace the current list of LDAP access options with the provided array of options.
* This is a crude implementation - just deletes all existing options and adds new ones, with
* table locking for a small measure of safety.
* @param array $options array of ServerLDAPAccessOption objects
*/
public function update_ldap_access_options(array $options) {
$stmt = $this->database->query("LOCK TABLES server_ldap_access_option WRITE");
$oldoptions = $this->list_ldap_access_options();
foreach($oldoptions as $oldoption) {
$this->delete_ldap_access_option($oldoption);
}
foreach($options as $option) {
$this->add_ldap_access_option($option);
}
$stmt = $this->database->query("UNLOCK TABLES");
$this->sync_access();
}
/**
* List all current LDAP access options applied to the server.
* @return array of ServerLDAPAccessOption objects
*/
public function list_ldap_access_options() {
if(is_null($this->id)) throw new BadMethodCallException('Server must be in directory before LDAP access options can be listed');
$stmt = $this->database->prepare("
SELECT *
FROM server_ldap_access_option
WHERE server_id = ?
ORDER BY `option`
");
$stmt->bind_param('d', $this->id);
$stmt->execute();
$result = $stmt->get_result();
$options = array();
while($row = $result->fetch_assoc()) {
$options[$row['option']] = new ServerLDAPAccessOption($row['option'], $row);
}
$stmt->close();
return $options;
}
/**
* Update the sync status for the server and write a log message if the status details have changed.
* @param string $status "sync success", "sync failure" or "sync warning"
* @param string $logmsg details of the sync attempt's success or failure
*/
public function sync_report($status, $logmsg) {
if(is_null($this->id)) throw new BadMethodCallException('Server must be in directory before sync reporting can be done');
$prevlogmsg = $this->get_last_sync_event();
if(is_null($prevlogmsg) || $logmsg != json_decode($prevlogmsg->details)->value) {
$logmsg = array('action' => 'Sync status change', 'value' => $logmsg);
$this->log($logmsg);
}
$this->sync_status = $status;
$this->update();
}
/**
* Add a note to the server. The note is a piece of text with metadata (who added it and when).
* @param ServerNote $note to be added
*/
public function add_note(ServerNote $note) {
if(is_null($this->id)) throw new BadMethodCallException('Server must be in directory before notes can be added');
$entity_id = $note->user->entity_id;
$stmt = $this->database->prepare("INSERT INTO server_note SET server_id = ?, entity_id = ?, date = UTC_TIMESTAMP(), note = ?");
$stmt->bind_param('dds', $this->id, $entity_id, $note->note);
$stmt->execute();
$stmt->close();
}
/**
* Delete the specified note from the server.
* @param ServerNote $note to be deleted
*/
public function delete_note(ServerNote $note) {
if(is_null($this->id)) throw new BadMethodCallException('Server must be in directory before notes can be deleted');
$stmt = $this->database->prepare("DELETE FROM server_note WHERE server_id = ? AND id = ?");
$stmt->bind_param('dd', $this->id, $note->id);
$stmt->execute();
$stmt->close();
}
/**
* Retrieve a specific note for this server by its ID.
* @param int $id of note to retrieve
* @return ServerNote matching the ID
* @throws ServerNoteNotFoundException if no note exists with that ID
*/
public function get_note_by_id($id) {
if(is_null($this->id)) throw new BadMethodCallException('Server must be in directory before notes can be listed');
$stmt = $this->database->prepare("SELECT * FROM server_note WHERE server_id = ? AND id = ? ORDER BY id");
$stmt->bind_param('dd', $this->id, $id);
$stmt->execute();
$result = $stmt->get_result();
if($row = $result->fetch_assoc()) {
$note = new ServerNote($row['id'], $row);
} else {
throw new ServerNoteNotFoundException('Note does not exist.');
}
$stmt->close();
return $note;
}
/**
* List all notes associated with this server.
* @return array of ServerNote objects
*/
public function list_notes() {
if(is_null($this->id)) throw new BadMethodCallException('Server must be in directory before notes can be listed');
$stmt = $this->database->prepare("SELECT * FROM server_note WHERE server_id = ? ORDER BY id");
$stmt->bind_param('d', $this->id);
$stmt->execute();
$result = $stmt->get_result();
$notes = array();
while($row = $result->fetch_assoc()) {
$notes[] = new ServerNote($row['id'], $row);
}
$stmt->close();
return $notes;
}
/**
* Trigger a sync for all accounts on this server.
*/
public function sync_access() {
global $sync_request_dir;
$sync_request = new SyncRequest;
$sync_request->server_id = $this->id;
$sync_request->account_name = null;
$sync_request_dir->add_sync_request($sync_request);
}
/**
* List all pending sync requests for this server.
* @return array of SyncRequest objects
*/
public function list_sync_requests() {
$stmt = $this->database->prepare("SELECT * FROM sync_request WHERE server_id = ? ORDER BY account_name");
$stmt->bind_param('d', $this->id);
$stmt->execute();
$result = $stmt->get_result();
$reqs = array();
while($row = $result->fetch_assoc()) {
$reqs[] = new SyncRequest($row['id'], $row);
}
return $reqs;
}
/**
* Delete all pending sync requests for this server.
*/
public function delete_all_sync_requests() {
$stmt = $this->database->prepare("DELETE FROM sync_request WHERE server_id = ?");
$stmt->bind_param('d', $this->id);
$stmt->execute();
}
}
class ServerNoteNotFoundException extends Exception {}
class AccountNameInvalid extends InvalidArgumentException {}

452
model/serveraccount.php Normal file
View File

@@ -0,0 +1,452 @@
<?php
##
## Copyright 2013-2017 Opera Software AS
##
## Licensed under the Apache License, Version 2.0 (the "License");
## you may not use this file except in compliance with the License.
## You may obtain a copy of the License at
##
## http://www.apache.org/licenses/LICENSE-2.0
##
## Unless required by applicable law or agreed to in writing, software
## distributed under the License is distributed on an "AS IS" BASIS,
## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
## See the License for the specific language governing permissions and
## limitations under the License.
##
/**
* Class that represents an account on a server
*/
class ServerAccount extends Entity {
/**
* Defines the database table that this object is stored in
*/
protected $table = 'server_account';
/**
* Defines the field that is the primary key of the table
*/
protected $idfield = 'entity_id';
/**
* Magic getter method - if server field requested, return Server object
* @param string $field to retrieve
* @return mixed data stored in field
*/
public function &__get($field) {
global $user_dir;
switch($field) {
case 'server':
$server = new Server($this->server_id);
return $server;
default:
return parent::__get($field);
}
}
/**
* Write property changes to database and log the changes.
* Triggers a resync of the server if account is activated/deactivated.
*/
public function update() {
global $config;
// Make it impossible to set default accounts to inactive
if(is_array($config['defaults']['account_groups'])) {
if(array_key_exists($this->data['name'], $config['defaults']['account_groups'])) {
$this->data['active'] = true;
}
}
$changes = parent::update();
$resync = false;
foreach($changes as $change) {
$loglevel = LOG_INFO;
switch($change->field) {
case 'active':
if($this->sync_status != 'proposed') {
$resync = true;
}
if($change->new_value == 1) $loglevel = LOG_WARNING;
break;
}
$this->log(array('action' => 'Setting update', 'value' => $change->new_value, 'oldvalue' => $change->old_value, 'field' => ucfirst(str_replace('_', ' ', $change->field))), $loglevel);
}
if($resync) {
$this->server->sync_access();
$this->sync_remote_access();
}
}
/**
* List all log events for this server account.
* @return array of ServerAccountEvent objects
*/
public function get_log() {
if(is_null($this->id)) throw new BadMethodCallException('Server account must be in directory before log entries can be listed');
$stmt = $this->database->prepare("
SELECT *
FROM entity_event
WHERE entity_id = ?
ORDER BY id DESC
");
$stmt->bind_param('d', $this->id);
$stmt->execute();
$result = $stmt->get_result();
$log = array();
while($row = $result->fetch_assoc()) {
$log[] = new ServerAccountEvent($row['id'], $row);
}
$stmt->close();
return $log;
}
/**
* Add the specified user as an administrator of the account.
* This action is logged with a warning level as it is increasing an access level.
* @param User $user to add as administrator
*/
public function add_admin(User $user) {
global $config;
parent::add_admin($user);
$url = $config['web']['baseurl'].'/servers/'.urlencode($this->server->hostname).'/accounts/'.urlencode($this->name);
$email = new Email;
$email->subject = "Administrator for {$this->name}@{$this->server->hostname}";
$email->add_cc($config['email']['report_address'], $config['email']['report_name']);
$email->add_recipient($user->email, $user->name);
$email->body = "{$this->active_user->name} ({$this->active_user->uid}) has added you as an administrator for the '{$this->name}' account on {$this->server->hostname}. You can administer access to this account from <$url>";
$email->send();
$this->log(array('action' => 'Administrator add', 'value' => "user:{$user->uid}"), LOG_WARNING);
}
/**
* Remove the specified user as an administrator of the account.
* This action is logged with a warning level as it means the removed user will no longer
* receive notifications for any changes done to this account.
* @param User $user to remove as administrator
*/
public function delete_admin(User $user) {
parent::delete_admin($user);
$this->log(array('action' => 'Administrator remove', 'value' => "user:{$user->uid}"), LOG_WARNING);
}
/**
* Add a public key to this account for use with any outbound access rules that apply to it.
* An email is sent to the server admins and sec-ops to inform them of the change.
* This action is logged with a warning level as it is potentially granting SSH access with the key.
* @param PublicKey $key to be added
*/
public function add_public_key(PublicKey $key) {
global $config;
parent::add_public_key($key);
if($this->active_user->uid != 'import-script') {
$url = $config['web']['baseurl'].'/pubkeys/'.urlencode($key->id);
$email = new Email;
$email->add_reply_to($config['email']['admin_address'], $config['email']['admin_name']);
foreach($this->server->list_effective_admins() as $admin) {
$email->add_recipient($admin->email, $admin->name);
}
$email->add_cc($config['email']['report_address'], $config['email']['report_name']);
$email->subject = "A new SSH public key has been added to the account {$this->name}@{$this->server->hostname} by {$this->active_user->uid}";
$email->body = "A new SSH public key has been added to the account {$this->name}@{$this->server->hostname} on SSH Key Authority. The key was added by {$this->active_user->name} ({$this->active_user->uid}).\n\nIf this key was added without your knowledge, please contact {$config['email']['admin_address']} immediately.\n\n".$key->summarize_key_information();
$email->send();
}
$this->log(array('action' => 'Pubkey add', 'value' => $key->fingerprint_md5), LOG_WARNING);
}
/**
* Delete the specified public key from this account.
* @param PublicKey $key to be removed
*/
public function delete_public_key(PublicKey $key) {
parent::delete_public_key($key);
$this->log(array('action' => 'Pubkey remove', 'value' => $key->fingerprint_md5));
}
/**
* Request access for the specified entity (User/ServerAccount/Group) to this account.
* Stores the request and sends an email to the account admins and server admins notifying them of it.
* @param Entity $entity to request access for
*/
public function add_access_request(Entity $entity) {
global $config;
if(is_null($this->entity_id)) throw new BadMethodCallException('Server account must be added to server before access can be requested');
try {
$request = new AccessRequest;
$request->dest_entity_id = $this->entity_id;
$request->source_entity_id = $entity->entity_id;
$request->requested_by = $this->active_user->entity_id;
$stmt = $this->database->prepare("INSERT INTO access_request SET dest_entity_id = ?, source_entity_id = ?, request_date = UTC_TIMESTAMP(), requested_by = ?");
$stmt->bind_param('ddd', $request->dest_entity_id, $request->source_entity_id, $request->requested_by);
$stmt->execute();
$request->id = $stmt->insert_id;
$stmt->close();
switch(get_class($entity)) {
case 'User':
$this->log(array('action' => 'Access request', 'value' => "user:{$entity->uid}"));
break;
case 'ServerAccount':
$this->log(array('action' => 'Access request', 'value' => "account:{$entity->name}@{$entity->server->hostname}"));
break;
case 'Group':
$this->log(array('action' => 'Access request', 'value' => "group:{$entity->name}"));
break;
}
$account_admins = $this->list_admins();
$server_admins = $this->server->list_effective_admins();
if($this->active_user->uid != 'import-script') {
$email = new Email;
$email->add_reply_to($this->active_user->email, $this->active_user->name);
if(count($account_admins) == 0) {
foreach($server_admins as $admin) {
$email->add_recipient($admin->email, $admin->name);
}
} else {
foreach($account_admins as $admin) {
$email->add_recipient($admin->email, $admin->name);
}
foreach($server_admins as $admin) {
$email->add_cc($admin->email, $admin->name);
}
}
$url = $config['web']['baseurl'].'/servers/'.urlencode($this->server->hostname).'/accounts/'.urlencode($this->name);
switch(get_class($entity)) {
case 'User':
$email->subject = "{$entity->uid} requests access to {$this->name}@{$this->server->hostname}";
$email->body = "{$entity->name} ({$entity->uid}) has requested access to {$this->name}@{$this->server->hostname}. View this request at <$url>";
break;
case 'ServerAccount':
$email->subject = "{$this->active_user->uid} requests {$entity->name}@{$entity->server->hostname} access to {$this->name}@{$this->server->hostname}";
$email->body = "{$this->active_user->name} ({$this->active_user->uid}) has requested that {$entity->name}@{$entity->server->hostname} have server-to-server access to {$this->name}@{$this->server->hostname}. View this request at <$url>";
break;
case 'Group':
$email->subject = "{$this->active_user->uid} requests {$entity->name} group access to {$this->name}@{$this->server->hostname}";
$email->body = "{$this->active_user->name} ({$this->active_user->uid}) has requested that the {$entity->name} group have access to {$this->name}@{$this->server->hostname}. View this request at <$url>";
break;
}
$email->send();
}
} catch(mysqli_sql_exception $e) {
if($e->getCode() == 1062) {
// Duplicate entry - ignore
} else {
throw $e;
}
}
}
/**
* Approve a request for access to this account.
* For user access, sends an email to the requester informing them of the approval.
* Triggers add_access() and deletes the request from the DB.
* @todo send emails for all access types
* @param AccessRequest $request details
*/
public function approve_access_request(AccessRequest $request) {
if(is_null($this->entity_id)) throw new BadMethodCallException('Server account must be added to server before access can be approved');
if($this->sync_status == 'proposed') {
$this->sync_status = 'not synced yet';
$this->update();
}
$entity = $request->source_entity;
switch(get_class($entity)) {
case 'User':
$this->log(array('action' => 'Access approve', 'value' => "user:{$entity->uid}"));
$email = new Email;
$email->add_recipient($entity->email, $entity->name);
$email->subject = "Your request for access to {$this->name}@{$this->server->hostname} has been approved";
$email->body = "You requested access to {$this->name}@{$this->server->hostname}, and this request has now been approved by {$this->active_user->name} ({$this->active_user->uid}).";
$email->send();
break;
case 'ServerAccount':
$this->log(array('action' => 'Access approve', 'value' => "account:{$entity->name}@{$entity->server->hostname}"));
break;
case 'Group':
$this->log(array('action' => 'Access approve', 'value' => "group:{$entity->name}"));
break;
}
$options = array();
$this->add_access($entity, $options);
$stmt = $this->database->prepare("DELETE FROM access_request WHERE dest_entity_id = ? AND id = ?");
$stmt->bind_param('dd', $this->entity_id, $request->id);
$stmt->execute();
$stmt->close();
}
/**
* Reject a request for access to this account.
* For user access, sends an email to the requester informing them of the rejection.
* Deletes the request from the DB. If the account was created as the result of a request and
* there are no other pending access requests for the account, deactivate the account.
* @todo send emails for all access types
* @param AccessRequest $request details
*/
public function reject_access_request(AccessRequest $request) {
if(is_null($this->entity_id)) throw new BadMethodCallException('Server account must be added to server before access can be rejected');
$entity = $request->source_entity;
switch(get_class($entity)) {
case 'User':
$this->log(array('action' => 'Access reject', 'value' => "user:{$entity->uid}"));
$email = new Email;
$email->add_recipient($entity->email, $entity->name);
$email->subject = "Your request for access to {$this->name}@{$this->server->hostname} has been rejected";
$email->body = "You requested access to {$this->name}@{$this->server->hostname}, but this request has been rejected by {$this->active_user->name} ({$this->active_user->uid}).";
$email->send();
break;
case 'ServerAccount':
$this->log(array('action' => 'Access reject', 'value' => "account:{$entity->name}@{$entity->server->hostname}"));
break;
case 'Group':
$this->log(array('action' => 'Access reject', 'value' => "group:{$entity->name}"));
break;
}
$stmt = $this->database->prepare("DELETE FROM access_request WHERE dest_entity_id = ? AND id = ?");
$stmt->bind_param('dd', $this->entity_id, $request->id);
$stmt->execute();
$stmt->close();
if($this->sync_status == 'proposed') {
if(count($this->list_access_requests()) == 0) {
$this->active = 0;
$this->update();
}
}
}
/**
* Grant the specified entity (User/ServerAccount/Group) access to this server account.
* An email is sent to the account admins, server admins and sec-ops to inform them of the change.
* This action is logged with a warning level as it is granting access.
* @param Entity $entity to add as a group member
* @param array $access_options array of AccessOption rules to apply to the granted access
*/
public function add_access(Entity $entity, array $access_options) {
global $config;
if(is_null($this->entity_id)) throw new BadMethodCallException('Server account must be added to server before access can be added');
try {
$access = new Access;
$access->dest_entity_id = $this->entity_id;
$access->source_entity_id = $entity->entity_id;
$access->granted_by = $this->active_user->entity_id;
$stmt = $this->database->prepare("INSERT INTO access SET dest_entity_id = ?, source_entity_id = ?, grant_date = UTC_TIMESTAMP(), granted_by = ?");
$stmt->bind_param('ddd', $access->dest_entity_id, $access->source_entity_id, $access->granted_by);
$stmt->execute();
$access->id = $stmt->insert_id;
$stmt->close();
switch(get_class($entity)) {
case 'User':
$this->log(array('action' => 'Access add', 'value' => "user:{$entity->uid}"), LOG_WARNING);
$mailsubject = "Access granted for {$entity->uid} to {$this->name}@{$this->server->hostname} by {$this->active_user->uid}";
$mailbody = "{$entity->name} ({$entity->uid}) has been granted access to {$this->name}@{$this->server->hostname} by {$this->active_user->name} ({$this->active_user->uid}). The changes will be synced to the server within a few seconds.";
break;
case 'ServerAccount':
$this->log(array('action' => 'Access add', 'value' => "account:{$entity->name}@{$entity->server->hostname}"), LOG_WARNING);
$mailsubject = "Access granted for {$entity->name}@{$entity->server->hostname} to {$this->name}@{$this->server->hostname} by {$this->active_user->uid}";
$mailbody = "{$entity->name}@{$entity->server->hostname} has been granted server-to-server access to {$this->name}@{$this->server->hostname} by {$this->active_user->name} ({$this->active_user->uid}). The changes will be synced to the server within a few seconds.";
break;
case 'Group':
$this->log(array('action' => 'Access add', 'value' => "group:{$entity->name}"), LOG_WARNING);
$mailsubject = "Access granted for {$entity->name} group to {$this->name}@{$this->server->hostname} by {$this->active_user->uid}";
$mailbody = "The {$entity->name} group has been granted access to {$this->name}@{$this->server->hostname} by {$this->active_user->name} ({$this->active_user->uid}). The changes will be synced to the server within a few seconds.";
break;
}
if($this->active_user->uid != 'import-script') {
$account_admins = $this->list_admins();
$server_admins = $this->server->list_effective_admins();
$email = new Email;
if(count($account_admins) == 0) {
foreach($server_admins as $admin) {
$email->add_recipient($admin->email, $admin->name);
}
} else {
foreach($account_admins as $admin) {
$email->add_recipient($admin->email, $admin->name);
}
foreach($server_admins as $admin) {
$email->add_cc($admin->email, $admin->name);
}
}
$email->add_cc($config['email']['report_address'], $config['email']['report_name']);
$email->subject = $mailsubject;
$email->body = $mailbody;
$email->send();
}
foreach($access_options as $access_option) {
$access->add_option($access_option);
}
} catch(mysqli_sql_exception $e) {
if($e->getCode() == 1062) {
// Duplicate entry - ignore
} else {
throw $e;
}
}
$this->sync_access();
}
/**
* Revoke the specified access rule for this account.
* @param Access $access rule to be removed
*/
public function delete_access(Access $access) {
if(is_null($this->entity_id)) throw new BadMethodCallException('Server account must be added to server before access can be deleted');
$entity = $access->source_entity;
switch(get_class($entity)) {
case 'User':
$this->log(array('action' => 'Access remove', 'value' => "user:{$entity->uid}"));
break;
case 'ServerAccount':
$this->log(array('action' => 'Access remove', 'value' => "account:{$entity->name}@{$entity->server->hostname}"));
break;
case 'Group':
$this->log(array('action' => 'Access remove', 'value' => "group:{$entity->name}"));
break;
}
$stmt = $this->database->prepare("DELETE FROM access WHERE dest_entity_id = ? AND id = ?");
$stmt->bind_param('dd', $this->entity_id, $access->id);
$stmt->execute();
$stmt->close();
$this->sync_access();
}
/**
* List all groups that this account is a member of.
* @return array of Group objects
*/
public function list_group_membership() {
global $group_dir;
return $group_dir->list_group_membership($this);
}
/**
* Trigger a sync for this account.
*/
public function sync_access() {
global $sync_request_dir;
$sync_request = new SyncRequest;
$sync_request->server_id = $this->server_id;
$sync_request->account_name = $this->name;
$sync_request_dir->add_sync_request($sync_request);
}
/**
* Determine if a sync is currently pending for this account.
* @return boolean true if a sync is pending
*/
public function sync_is_pending() {
$stmt = $this->database->prepare("SELECT * FROM sync_request WHERE server_id = ? AND (account_name = ? OR account_name IS NULL) ORDER BY account_name");
$stmt->bind_param('ds', $this->server_id, $this->name);
$stmt->execute();
$result = $stmt->get_result();
return $result->num_rows > 0;
}
/**
* Update the sync status for the account.
* @param string $status "sync success", "sync failure" or "sync warning"
*/
public function sync_report($status) {
if(is_null($this->id)) throw new BadMethodCallException('Server account must be in directory before sync reporting can be done');
if($this->sync_status != 'proposed') {
$this->sync_status = $status;
$this->update();
}
}
}

45
model/serveraccountdirectory.php Normal file
View File

@@ -0,0 +1,45 @@
<?php
##
## Copyright 2013-2017 Opera Software AS
##
## Licensed under the Apache License, Version 2.0 (the "License");
## you may not use this file except in compliance with the License.
## You may obtain a copy of the License at
##
## http://www.apache.org/licenses/LICENSE-2.0
##
## Unless required by applicable law or agreed to in writing, software
## distributed under the License is distributed on an "AS IS" BASIS,
## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
## See the License for the specific language governing permissions and
## limitations under the License.
##
/**
* Class for reading/writing to the list of ServerAccount objects in the database.
* This class has no add or list methods as these will always be invoked from the parent object (Server).
*/
class ServerAccountDirectory extends DBDirectory {
/**
* Get a server account from the database by its entity ID.
* @param int $entity_id of server account
* @return ServerAccount with specified entity ID
* @throws ServerAccountNotFoundException if no server account with that entity ID exists
*/
public function get_server_account_by_id($entity_id) {
$stmt = $this->database->prepare("SELECT * FROM server_account WHERE entity_id = ?");
$stmt->bind_param('d', $entity_id);
$stmt->execute();
$result = $stmt->get_result();
if($row = $result->fetch_assoc()) {
$account = new ServerAccount($row['entity_id'], $row);
} else {
throw new ServerAccountNotFoundException('Server account does not exist.');
}
$stmt->close();
return $account;
}
}
class ServerAccountNotFoundException extends Exception {}
class ServerAccountNotDeletableException extends Exception {}

33
model/serveraccountevent.php Normal file
View File

@@ -0,0 +1,33 @@
<?php
##
## Copyright 2013-2017 Opera Software AS
##
## Licensed under the Apache License, Version 2.0 (the "License");
## you may not use this file except in compliance with the License.
## You may obtain a copy of the License at
##
## http://www.apache.org/licenses/LICENSE-2.0
##
## Unless required by applicable law or agreed to in writing, software
## distributed under the License is distributed on an "AS IS" BASIS,
## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
## See the License for the specific language governing permissions and
## limitations under the License.
##
class ServerAccountEvent extends EntityEvent {
/**
* Magic getter method - if account field requested, return ServerAccount object of the affected account.
* @param string $field to retrieve
* @return mixed data stored in field
*/
public function &__get($field) {
switch($field) {
case 'account':
$group = new ServerAccount($this->data['entity_id']);
return $group;
default:
return parent::__get($field);
}
}
}

188
model/serverdirectory.php Normal file
View File

@@ -0,0 +1,188 @@
<?php
##
## Copyright 2013-2017 Opera Software AS
##
## Licensed under the Apache License, Version 2.0 (the "License");
## you may not use this file except in compliance with the License.
## You may obtain a copy of the License at
##
## http://www.apache.org/licenses/LICENSE-2.0
##
## Unless required by applicable law or agreed to in writing, software
## distributed under the License is distributed on an "AS IS" BASIS,
## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
## See the License for the specific language governing permissions and
## limitations under the License.
##
/**
* Class for reading/writing to the list of Server objects in the database.
*/
class ServerDirectory extends DBDirectory {
/**
* Create the new server in the database.
* @param Server $server object to add
* @throws ServerAlreadyExistsException if a server with that hostname already exists
*/
public function add_server(Server $server) {
$hostname = $server->hostname;
try {
$stmt = $this->database->prepare("INSERT INTO server SET hostname = ?");
$stmt->bind_param('s', $hostname);
$stmt->execute();
$server->id = $stmt->insert_id;
$stmt->close();
$server->log(array('action' => 'Server add'));
$server->add_standard_accounts();
$server->sync_access();
} catch(mysqli_sql_exception $e) {
if($e->getCode() == 1062) {
// Duplicate entry
throw new ServerAlreadyExistsException("Server {$server->hostname} already exists");
} else {
throw $e;
}
}
}
/**
* Get a server from the database by its ID.
* @param int $id of server
* @return Server with specified ID
* @throws ServerNotFoundException if no server with that ID exists
*/
public function get_server_by_id($server_id) {
$stmt = $this->database->prepare("SELECT * FROM server WHERE id = ?");
$stmt->bind_param('d', $server_id);
$stmt->execute();
$result = $stmt->get_result();
if($row = $result->fetch_assoc()) {
$server = new Server($row['id'], $row);
} else {
throw new ServerNotFoundException('Server does not exist.');
}
$stmt->close();
return $server;
}
/**
* Get a server from the database by its hostname.
* @param string $hostname of server
* @return Server with specified hostname
* @throws ServerNotFoundException if no server with that hostname exists
*/
public function get_server_by_hostname($hostname) {
$stmt = $this->database->prepare("SELECT * FROM server WHERE hostname = ?");
$stmt->bind_param('s', $hostname);
$stmt->execute();
$result = $stmt->get_result();
if($row = $result->fetch_assoc()) {
$server = new Server($row['id'], $row);
} else {
throw new ServerNotFoundException('Server does not exist');
}
$stmt->close();
return $server;
}
/**
* Get a server from the database by its uuid.
* @param string $uuid of server
* @return Server with specified uuid
* @throws ServerNotFoundException if no server with that uuid exists
*/
public function get_server_by_uuid($uuid) {
$stmt = $this->database->prepare("SELECT * FROM server WHERE uuid = ?");
$stmt->bind_param('s', $uuid);
$stmt->execute();
$result = $stmt->get_result();
if($row = $result->fetch_assoc()) {
$server = new Server($row['id'], $row);
} else {
throw new ServerNotFoundException('Server does not exist');
}
$stmt->close();
return $server;
}
/**
* List all servers in the database.
* @param array $include list of extra data to include in response
* @param array $filter list of field/value pairs to filter results on
* @return array of Server objects
*/
public function list_servers($include = array(), $filter = array()) {
// WARNING: The search query is not parameterized - be sure to properly escape all input
$fields = array("server.*");
$joins = array();
$where = array('!server.deleted');
foreach($filter as $field => $value) {
if($value) {
switch($field) {
case 'hostname':
$where[] = "hostname REGEXP '".$this->database->escape_string($value)."'";
break;
case 'ip_address':
$where[] = "server.$field = '".$this->database->escape_string($value)."'";
break;
case 'admin':
$where[] = "admin_search.entity_id = ".intval($value)." OR admin_search_members.entity_id = ".intval($value);
$joins['adminsearch'] = "LEFT JOIN server_admin AS admin_search ON admin_search.server_id = server.id";
$joins['adminsearchmembers'] = "LEFT JOIN group_member AS admin_search_members ON admin_search_members.group = admin_search.entity_id";
break;
case 'authorization':
case 'key_management':
case 'sync_status':
$where[] = "server.$field IN ('".implode("', '", array_map(array($this->database, 'escape_string'), $value))."')";
break;
}
}
}
foreach($include as $inc) {
switch($inc) {
case 'pending_requests':
$fields[] = "COUNT(DISTINCT access_request.source_entity_id) AS pending_requests";
$joins['accounts'] = "LEFT JOIN server_account ON server_account.server_id = server.id";
$joins['requests'] = "LEFT JOIN access_request ON access_request.dest_entity_id = server_account.entity_id";
break;
case 'admins':
$fields[] = "GROUP_CONCAT(DISTINCT IF(user.uid IS NULL, CONCAT('G:', group.name), CONCAT('U:', user.uid)) SEPARATOR ',') AS admins";
$joins['admins'] = "LEFT JOIN server_admin ON server_admin.server_id = server.id";
$joins['adminusers'] = "LEFT JOIN user ON user.entity_id = server_admin.entity_id AND user.active";
$joins['admingroups'] = "LEFT JOIN `group` ON group.entity_id = server_admin.entity_id";
break;
}
}
try {
$stmt = $this->database->prepare("
SELECT ".implode(", ", $fields)."
FROM server ".implode(" ", $joins)."
WHERE (".implode(") AND (", $where).")
GROUP BY server.id
ORDER BY server.hostname
");
} catch(mysqli_sql_exception $e) {
if($e->getCode() == 1139) {
throw new ServerSearchInvalidRegexpException;
} else {
throw $e;
}
}
$stmt->execute();
$result = $stmt->get_result();
$servers = array();
while($row = $result->fetch_assoc()) {
$servers[] = new Server($row['id'], $row);
}
$stmt->close();
usort($servers, function($a, $b) {return strnatcasecmp($a->hostname, $b->hostname);});
# Reverse domain level sort
#usort($servers, function($a, $b) {return strnatcasecmp(implode('.', array_reverse(explode('.', $a->hostname))), implode('.', array_reverse(explode('.', $b->hostname))));});
return $servers;
}
}
class ServerNotFoundException extends Exception {}
class ServerAlreadyExistsException extends Exception {}
class ServerSearchInvalidRegexpException extends Exception {}

46
model/serverevent.php Normal file
View File

@@ -0,0 +1,46 @@
<?php
##
## Copyright 2013-2017 Opera Software AS
##
## Licensed under the Apache License, Version 2.0 (the "License");
## you may not use this file except in compliance with the License.
## You may obtain a copy of the License at
##
## http://www.apache.org/licenses/LICENSE-2.0
##
## Unless required by applicable law or agreed to in writing, software
## distributed under the License is distributed on an "AS IS" BASIS,
## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
## See the License for the specific language governing permissions and
## limitations under the License.
##
/**
* Class that represents a log event that was recorded in relation to a server
*/
class ServerEvent extends Record {
/**
* Defines the database table that this object is stored in
*/
protected $table = 'server_event';
/**
* Magic getter method - if server field requested, return Server object of the affected server;
* if actor field requested, return User object of the person who triggered the logged event.
* @param string $field to retrieve
* @return mixed data stored in field
*/
public function &__get($field) {
global $user_dir;
switch($field) {
case 'actor':
$actor = new User($this->data['actor_id']);
return $actor;
case 'server':
$server = new Server($this->data['server_id']);
return $server;
default:
return parent::__get($field);
}
}
}

26
model/serverldapaccessoption.php Normal file
View File

@@ -0,0 +1,26 @@
<?php
##
## Copyright 2013-2017 Opera Software AS
##
## Licensed under the Apache License, Version 2.0 (the "License");
## you may not use this file except in compliance with the License.
## You may obtain a copy of the License at
##
## http://www.apache.org/licenses/LICENSE-2.0
##
## Unless required by applicable law or agreed to in writing, software
## distributed under the License is distributed on an "AS IS" BASIS,
## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
## See the License for the specific language governing permissions and
## limitations under the License.
##
/**
* Class that represents an SSH access option that is applied to all LDAP accounts on a server
*/
class ServerLDAPAccessOption extends Record {
/**
* Defines the database table that this object is stored in
*/
protected $table = 'server_ldap_access_option';
}

52
model/servernote.php Normal file
View File

@@ -0,0 +1,52 @@
<?php
##
## Copyright 2013-2017 Opera Software AS
##
## Licensed under the Apache License, Version 2.0 (the "License");
## you may not use this file except in compliance with the License.
## You may obtain a copy of the License at
##
## http://www.apache.org/licenses/LICENSE-2.0
##
## Unless required by applicable law or agreed to in writing, software
## distributed under the License is distributed on an "AS IS" BASIS,
## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
## See the License for the specific language governing permissions and
## limitations under the License.
##
/**
* Class that represents a note associated with a server
*/
class ServerNote extends Record {
/**
* Defines the database table that this object is stored in
*/
protected $table = 'server_note';
public function __construct($id = null, $preload_data = array()) {
parent::__construct($id, $preload_data);
global $active_user;
if(is_null($id)) $this->entity_id = $active_user->entity_id;
}
/**
* Magic getter method - if server field requested, return Server object that note applies to;
* if user field requested, return User object of the person who wrote the note.
* @param string $field to retrieve
* @return mixed data stored in field
*/
public function &__get($field) {
global $user_dir;
switch($field) {
case 'user':
$user = new User($this->entity_id);
return $user;
case 'server':
$server = new Server($this->server_id);
return $server;
default:
return parent::__get($field);
}
}
}

34
model/syncrequest.php Normal file
View File

@@ -0,0 +1,34 @@
<?php
##
## Copyright 2013-2017 Opera Software AS
##
## Licensed under the Apache License, Version 2.0 (the "License");
## you may not use this file except in compliance with the License.
## You may obtain a copy of the License at
##
## http://www.apache.org/licenses/LICENSE-2.0
##
## Unless required by applicable law or agreed to in writing, software
## distributed under the License is distributed on an "AS IS" BASIS,
## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
## See the License for the specific language governing permissions and
## limitations under the License.
##
/**
* Class that represents a request for key syncing
*/
class SyncRequest extends Record {
/**
* Defines the database table that this object is stored in
*/
protected $table = 'sync_request';
/**
* Mark this request as in progress
*/
public function set_in_progress() {
$this->processing = true;
$this->update();
}
}

68
model/syncrequestdirectory.php Normal file
View File

@@ -0,0 +1,68 @@
<?php
##
## Copyright 2013-2017 Opera Software AS
##
## Licensed under the Apache License, Version 2.0 (the "License");
## you may not use this file except in compliance with the License.
## You may obtain a copy of the License at
##
## http://www.apache.org/licenses/LICENSE-2.0
##
## Unless required by applicable law or agreed to in writing, software
## distributed under the License is distributed on an "AS IS" BASIS,
## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
## See the License for the specific language governing permissions and
## limitations under the License.
##
/**
* Class for reading/writing to the list of SyncRequest objects in the database.
*/
class SyncRequestDirectory extends DBDirectory {
/**
* Store query as a prepared statement.
*/
private $sync_list_stmt;
/**
* Create the new sync request in the database.
* @param SyncRequest $req object to add
*/
public function add_sync_request(SyncRequest $req) {
$stmt = $this->database->prepare("INSERT IGNORE INTO sync_request SET server_id = ?, account_name = ?");
$stmt->bind_param('ds', $req->server_id, $req->account_name);
$stmt->execute();
$req->id = $stmt->insert_id;
$stmt->close();
}
/**
* Delete the sync request from the database.
* @param SyncRequest $req object to delete
*/
public function delete_sync_request(SyncRequest $req) {
$stmt = $this->database->prepare("DELETE FROM sync_request WHERE id = ?");
$stmt->bind_param('s', $req->id);
$stmt->execute();
$stmt->close();
}
/**
* List the sync requests stored in the database that are not being processed yet.
* @return array of SyncRequest objects
*/
public function list_pending_sync_requests() {
if(!isset($this->sync_list_stmt)) {
$this->sync_list_stmt = $this->database->prepare("SELECT * FROM sync_request WHERE processing = 0 ORDER BY id");
}
$this->sync_list_stmt->execute();
$result = $this->sync_list_stmt->get_result();
$reqs = array();
while($row = $result->fetch_assoc()) {
$reqs[] = new SyncRequest($row['id'], $row);
}
return $reqs;
}
}
class SyncRequestNotFoundException extends Exception {}

374
model/user.php Normal file
View File

@@ -0,0 +1,374 @@
<?php
##
## Copyright 2013-2017 Opera Software AS
##
## Licensed under the Apache License, Version 2.0 (the "License");
## you may not use this file except in compliance with the License.
## You may obtain a copy of the License at
##
## http://www.apache.org/licenses/LICENSE-2.0
##
## Unless required by applicable law or agreed to in writing, software
## distributed under the License is distributed on an "AS IS" BASIS,
## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
## See the License for the specific language governing permissions and
## limitations under the License.
##
/**
* Class that represents a user of this system
*/
class User extends Entity {
/**
* Defines the database table that this object is stored in
*/
protected $table = 'user';
/**
* Defines the field that is the primary key of the table
*/
protected $idfield = 'entity_id';
/**
* LDAP connection object
*/
private $ldap;
public function __construct($id = null, $preload_data = array()) {
parent::__construct($id, $preload_data);
global $ldap;
$this->ldap = $ldap;
}
/**
* Write property changes to database and log the changes.
* Triggers a resync if the user was activated/deactivated.
*/
public function update() {
$changes = parent::update();
$resync = false;
foreach($changes as $change) {
$loglevel = LOG_INFO;
switch($change->field) {
case 'active':
$resync = true;
if($change->new_value == 1) $loglevel = LOG_WARNING;
break;
case 'admin':
if($change->new_value == 1) $loglevel = LOG_WARNING;
break;
case 'csrf_token':
case 'superior_entity_id':
return;
}
$this->log(array('action' => 'Setting update', 'value' => $change->new_value, 'oldvalue' => $change->old_value, 'field' => ucfirst(str_replace('_', ' ', $change->field))), $loglevel);
}
if($resync) {
$this->sync_remote_access();
}
}
/**
* Magic getter method - if superior field requested, return User object of user's superior
* @param string $field to retrieve
* @return mixed data stored in field
*/
public function &__get($field) {
global $user_dir;
switch($field) {
case 'superior':
if(is_null($this->superior_entity_id)) $superior = null;
else $superior = new User($this->superior_entity_id);
return $superior;
default:
return parent::__get($field);
}
}
/**
* List all events on entities and servers that this user has administrator access to
* @param array $include list of extra data to include in response
* @return array of *Event objects
*/
public function list_events($include = array()) {
global $event_dir;
if(is_null($this->entity_id)) throw new BadMethodCallException('User must be in directory before events can be listed');
return $event_dir->list_events($include, array('admin' => $this->entity_id));
}
/**
* List all servers that are administrated by this user
* @param array $include list of extra data to include in response
* @return array of Server objects
*/
public function list_admined_servers($include = array()) {
global $server_dir;
if(is_null($this->entity_id)) throw new BadMethodCallException('User must be in directory before admined servers can be listed');
return $server_dir->list_servers($include, array('admin' => $this->entity_id, 'key_management' => array('none', 'keys', 'other')));
}
/**
* List all groups that are administrated by this user
* @param array $include list of extra data to include in response
* @return array of Group objects
*/
public function list_admined_groups($include = array()) {
global $group_dir;
if(is_null($this->entity_id)) throw new BadMethodCallException('User must be in directory before admined group can be listed');
$groups = $group_dir->list_groups($include, array('admin' => $this->entity_id));
return $groups;
}
/**
* List all groups that this user is a member of
* @param array $include list of extra data to include in response
* @return array of Group objects
*/
public function list_group_memberships($include = array()) {
global $group_dir;
if(is_null($this->entity_id)) throw new BadMethodCallException('User must be in directory before group memberships can be listed');
$groups = $group_dir->list_groups($include, array('member' => $this->entity_id));
return $groups;
}
/**
* Determine if this user is an administrator of the specified entity or server.
* @param Record $record object to check for administration privileges
* @return bool true if user is an administrator of the object
* @throws InvalidArgumentException if a non-administratable Record is provided
*/
public function admin_of(Record $record) {
switch(get_class($record)) {
case 'Server':
$stmt = $this->database->prepare("
SELECT entity_id
FROM group_member
WHERE (`group` IN (
SELECT entity_id
FROM server_admin
WHERE server_id = ?)
AND entity_id = ?)
UNION (SELECT entity_id
FROM server_admin
WHERE server_id = ?
AND entity_id = ?)");
$stmt->bind_param('dddd', $record->id, $this->entity_id, $record->id, $this->entity_id);
$stmt->execute();
$result = $stmt->get_result();
return $result->num_rows >= 1;
break;
case 'Group':
case 'ServerAccount':
$stmt = $this->database->prepare("SELECT * FROM entity_admin WHERE admin = ? AND entity_id = ?");
$stmt->bind_param('dd', $this->entity_id, $record->entity_id);
$stmt->execute();
$result = $stmt->get_result();
return $result->num_rows >= 1;
break;
default:
throw new InvalidArgumentException('Records of type '.get_class($record).' cannot be administered');
}
}
/**
* Determine if this user is a member of the specified group
* @param Group $group to check membership of
* @return bool true if user is an member of the group
*/
public function member_of(Group $group) {
$stmt = $this->database->prepare("SELECT * FROM group_member WHERE entity_id = ? AND `group` = ?");
$stmt->bind_param('dd', $this->entity_id, $group->entity_id);
$stmt->execute();
$result = $stmt->get_result();
return $result->num_rows >= 1;
}
/**
* Add a public key to this user for use with any outbound access rules that apply to them.
* An email is sent to the user and sec-ops to inform them of the change.
* This action is logged with a warning level as it is potentially granting SSH access with the key.
* @param PublicKey $key to be added
*/
public function add_public_key(PublicKey $key) {
global $active_user, $config;
parent::add_public_key($key);
if($active_user->uid != 'import-script') {
$url = $config['web']['baseurl'].'/pubkeys/'.urlencode($key->id);
$email = new Email;
$email->add_reply_to($config['email']['admin_address'], $config['email']['admin_name']);
$email->add_recipient($this->email, $this->name);
$email->add_cc($config['email']['report_address'], $config['email']['report_name']);
$email->subject = "A new SSH public key has been added to your account ({$this->uid})";
$email->body = "A new SSH public key has been added to your account on SSH Key Authority.\n\nIf you added this key then all is well. If you do not recall adding this key, please contact {$config['email']['admin_address']} immediately.\n\n".$key->summarize_key_information();
$email->send();
}
$this->log(array('action' => 'Pubkey add', 'value' => $key->fingerprint_md5), LOG_WARNING);
}
/**
* Delete the specified public key from this user.
* @param PublicKey $key to be removed
*/
public function delete_public_key(PublicKey $key) {
global $active_user;
parent::delete_public_key($key);
$this->log(array('action' => 'Pubkey remove', 'value' => $key->fingerprint_md5));
}
/**
* Add an alert to be displayed to this user on their next normal page load.
* @param UserAlert $alert to be displayed
*/
public function add_alert(UserAlert $alert) {
if(is_null($this->entity_id)) throw new BadMethodCallException('User must be in directory before alerts can be added');
$stmt = $this->database->prepare("INSERT INTO user_alert SET entity_id = ?, class = ?, content = ?, escaping = ?");
$stmt->bind_param('dssd', $this->entity_id, $alert->class, $alert->content, $alert->escaping);
$stmt->execute();
$alert->id = $stmt->insert_id;
$stmt->close();
}
/**
* List all alerts for this user *and* delete them.
* @return array of UserAlert objects
*/
public function pop_alerts() {
if(is_null($this->entity_id)) throw new BadMethodCallException('User must be in directory before alerts can be listed');
$stmt = $this->database->prepare("SELECT * FROM user_alert WHERE entity_id = ?");
$stmt->bind_param('d', $this->entity_id);
$stmt->execute();
$result = $stmt->get_result();
$alerts = array();
$alert_ids = array();
while($row = $result->fetch_assoc()) {
$alerts[] = new UserAlert($row['id'], $row);
$alert_ids[] = $row['id'];
}
$stmt->close();
if(count($alert_ids) > 0) {
$this->database->query("DELETE FROM user_alert WHERE id IN (".implode(", ", $alert_ids).")");
}
return $alerts;
}
/**
* Determine if this user has been granted access to the specified account.
* @param ServerAccount $account to check for access
* @return bool true if user has access to the account
*/
public function has_access(ServerAccount $account) {
if(is_null($this->entity_id)) throw new BadMethodCallException('User must be in directory before access can be checked');
$stmt = $this->database->prepare("SELECT * FROM access WHERE source_entity_id = ? AND dest_entity_id = ?");
$stmt->bind_param('dd', $this->entity_id, $account->entity_id);
$stmt->execute();
$result = $stmt->get_result();
return (bool)$result->fetch_assoc();
}
/**
* Return HTML containing the user's CSRF token for inclusion in a POST form.
* Also includes a random string of the same length to help guard against http://breachattack.com/
* @return string HTML
*/
public function get_csrf_field() {
return '<input type="hidden" name="csrf_token" value="'.hesc($this->get_csrf_token()).'"><!-- '.hash("sha512", mt_rand(0, mt_getrandmax())).' -->'."\n";
}
/**
* Return the user's CSRF token. Generate one if they do not yet have one.
* @return string CSRF token
*/
public function get_csrf_token() {
if(is_null($this->entity_id)) throw new BadMethodCallException('User must be in directory before CSRF token can be generated');
if(!isset($this->data['csrf_token'])) {
$this->data['csrf_token'] = hash("sha512", mt_rand(0, mt_getrandmax()));
$this->update();
}
return $this->data['csrf_token'];
}
/**
* Check the given string against the user's CSRF token.
* @return bool true on string match
*/
public function check_csrf_token($token) {
return $token === $this->get_csrf_token();
}
/**
* Retrieve the user's details from LDAP.
* @throws UserNotFoundException if the user is not found in LDAP
*/
public function get_details_from_ldap() {
global $config;
$attributes = array();
$attributes[] = 'dn';
$attributes[] = $config['ldap']['user_id'];
$attributes[] = $config['ldap']['user_name'];
$attributes[] = $config['ldap']['user_email'];
$attributes[] = $config['ldap']['group_member_value'];
if(isset($config['ldap']['user_active'])) {
$attributes[] = $config['ldap']['user_active'];
}
$ldapusers = $this->ldap->search($config['ldap']['dn_user'], LDAP::escape($config['ldap']['user_id']).'='.LDAP::escape($this->uid), array_keys(array_flip($attributes)));
if($ldapuser = reset($ldapusers)) {
$this->auth_realm = 'LDAP';
$this->uid = $ldapuser[strtolower($config['ldap']['user_id'])];
$this->name = $ldapuser[strtolower($config['ldap']['user_name'])];
$this->email = $ldapuser[strtolower($config['ldap']['user_email'])];
if(isset($config['ldap']['user_active'])) {
$this->active = 0;
if(isset($config['ldap']['user_active_true'])) {
$this->active = intval($ldapuser[strtolower($config['ldap']['user_active'])] == $config['ldap']['user_active_true']);
} elseif(isset($config['ldap']['user_active_false'])) {
$this->active = intval($ldapuser[strtolower($config['ldap']['user_active'])] != $config['ldap']['user_active_false']);
}
} else {
$this->active = 1;
}
$this->admin = 0;
$group_member = $ldapuser[strtolower($config['ldap']['group_member_value'])];
$ldapgroups = $this->ldap->search($config['ldap']['dn_group'], LDAP::escape($config['ldap']['group_member']).'='.LDAP::escape($group_member), array('cn'));
foreach($ldapgroups as $ldapgroup) {
if($ldapgroup['cn'] == $config['ldap']['admin_group_cn']) $this->admin = 1;
}
} else {
throw new UserNotFoundException('User does not exist.');
}
}
/**
* Retrieve the user's superior from LDAP.
* @throws UserNotFoundException if the user is not found in LDAP
*/
public function get_superior_from_ldap() {
global $user_dir, $config;
if(is_null($this->entity_id)) throw new BadMethodCallException('User must be in directory before superior employee can be looked up');
if(!isset($config['ldap']['user_superior'])) {
throw new BadMethodCallException("Cannot retrieve user's superior if user_superior is not configured");
}
$ldapusers = $this->ldap->search($config['ldap']['dn_user'], LDAP::escape($config['ldap']['user_id']).'='.LDAP::escape($this->uid), array($config['ldap']['user_superior']));
if($ldapuser = reset($ldapusers)) {
$superior = null;
if(isset($ldapuser[strtolower($config['ldap']['user_superior'])]) && $ldapuser[strtolower($config['ldap']['user_superior'])] != $this->uid) {
$superior_uid = $ldapuser[strtolower($config['ldap']['user_superior'])];
try {
$superior = $user_dir->get_user_by_uid($superior_uid);
} catch(UserNotFoundException $e) {
}
}
if(is_null($superior)) {
$this->superior_entity_id = null;
} else {
$this->superior_entity_id = $superior->entity_id;
}
$this->update();
} else {
throw new UserNotFoundException('User does not exist.');
}
}
/**
* Implements the Entity::sync_access as a no-op as it makes no sense to grant access TO a user.
*/
public function sync_access() {
}
}

35
model/useralert.php Normal file
View File

@@ -0,0 +1,35 @@
<?php
##
## Copyright 2013-2017 Opera Software AS
##
## Licensed under the Apache License, Version 2.0 (the "License");
## you may not use this file except in compliance with the License.
## You may obtain a copy of the License at
##
## http://www.apache.org/licenses/LICENSE-2.0
##
## Unless required by applicable law or agreed to in writing, software
## distributed under the License is distributed on an "AS IS" BASIS,
## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
## See the License for the specific language governing permissions and
## limitations under the License.
##
/**
* Class that represents an alert associated with a user
*/
class UserAlert extends Record {
/**
* Defines the database table that this object is stored in
*/
protected $table = 'user_alert';
/**
* Set some default values for the alert, including escaping HTML by default.
*/
public function __construct($id = null, $preload_data = array()) {
parent::__construct($id, $preload_data);
if(!isset($this->data['class'])) $this->data['class'] = 'success';
if(!isset($this->data['escaping'])) $this->data['escaping'] = ESC_HTML;
}
}

150
model/userdirectory.php Normal file
View File

@@ -0,0 +1,150 @@
<?php
##
## Copyright 2013-2017 Opera Software AS
##
## Licensed under the Apache License, Version 2.0 (the "License");
## you may not use this file except in compliance with the License.
## You may obtain a copy of the License at
##
## http://www.apache.org/licenses/LICENSE-2.0
##
## Unless required by applicable law or agreed to in writing, software
## distributed under the License is distributed on an "AS IS" BASIS,
## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
## See the License for the specific language governing permissions and
## limitations under the License.
##
/**
* Class for reading/writing to the list of User objects in the database.
*/
class UserDirectory extends DBDirectory {
/**
* LDAP connection object
*/
private $ldap;
/**
* Avoid making multiple LDAP lookups on the same person by caching their details here
*/
private $cache_uid;
public function __construct() {
parent::__construct();
global $ldap;
$this->ldap = $ldap;
$this->cache_uid = array();
}
/**
* Create the new user in the database.
* @param User $user object to add
*/
public function add_user(User $user) {
$user_id = $user->uid;
$user_name = $user->name;
$user_active = $user->active;
$user_admin = $user->admin;
$user_email = $user->email;
$stmt = $this->database->prepare("INSERT INTO entity SET type = 'user'");
$stmt->execute();
$user->entity_id = $stmt->insert_id;
$stmt = $this->database->prepare("INSERT INTO user SET entity_id = ?, uid = ?, name = ?, email = ?, active = ?, admin = ?");
$stmt->bind_param('dsssdd', $user->entity_id, $user_id, $user_name, $user_email, $user_active, $user_admin);
$stmt->execute();
$stmt->close();
}
/**
* Get a user from the database by its entity ID.
* @param int $entity_id of user
* @return User with specified entity ID
* @throws UserNotFoundException if no user with that entity ID exists
*/
public function get_user_by_id($id) {
$stmt = $this->database->prepare("SELECT * FROM user WHERE entity_id = ?");
$stmt->bind_param('d', $id);
$stmt->execute();
$result = $stmt->get_result();
if($row = $result->fetch_assoc()) {
$user = new User($row['entity_id'], $row);
} else {
throw new UserNotFoundException('User does not exist.');
}
$stmt->close();
return $user;
}
/**
* Get a user from the database by its uid. If it does not exist in the database, retrieve it
* from LDAP and store in the database.
* @param string $uid of user
* @return User with specified entity uid
* @throws UserNotFoundException if no user with that uid exists
*/
public function get_user_by_uid($uid) {
if(isset($this->cache_uid[$uid])) {
return $this->cache_uid[$uid];
}
$stmt = $this->database->prepare("SELECT * FROM user WHERE uid = ?");
$stmt->bind_param('s', $uid);
$stmt->execute();
$result = $stmt->get_result();
if($row = $result->fetch_assoc()) {
$user = new User($row['entity_id'], $row);
$this->cache_uid[$uid] = $user;
} else {
$user = new User;
$user->uid = $uid;
$this->cache_uid[$uid] = $user;
$user->get_details_from_ldap();
$this->add_user($user);
}
$stmt->close();
return $user;
}
/**
* List all users in the database.
* @param array $include list of extra data to include in response - currently unused
* @param array $filter list of field/value pairs to filter results on
* @return array of User objects
*/
public function list_users($include = array(), $filter = array()) {
// WARNING: The search query is not parameterized - be sure to properly escape all input
$fields = array("user.*");
$joins = array();
$where = array();
foreach($filter as $field => $value) {
if($value) {
switch($field) {
case 'uid':
$where[] = "uid = '".$this->database->escape_string($value)."'";
break;
case 'name':
$where[] = "name = '".$this->database->escape_string($value)."'";
break;
case 'admins_servers':
$joins[] = "INNER JOIN server_admin ON server_admin.entity_id = user.entity_id";
$joins[] = "INNER JOIN server ON server.id = server_admin.server_id AND server.key_management <> 'decommissioned'";
break;
}
}
}
$stmt = $this->database->prepare("
SELECT ".implode(", ", $fields)."
FROM user ".implode(" ", $joins)."
".(count($where) == 0 ? "" : "WHERE (".implode(") AND (", $where).")")."
GROUP BY user.entity_id
ORDER BY user.uid
");
$stmt->execute();
$result = $stmt->get_result();
$users = array();
while($row = $result->fetch_assoc()) {
$users[] = new User($row['entity_id'], $row);
}
return $users;
}
}
class UserNotFoundException extends Exception {}

36
model/userevent.php Normal file
View File

@@ -0,0 +1,36 @@
<?php
##
## Copyright 2013-2017 Opera Software AS
##
## Licensed under the Apache License, Version 2.0 (the "License");
## you may not use this file except in compliance with the License.
## You may obtain a copy of the License at
##
## http://www.apache.org/licenses/LICENSE-2.0
##
## Unless required by applicable law or agreed to in writing, software
## distributed under the License is distributed on an "AS IS" BASIS,
## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
## See the License for the specific language governing permissions and
## limitations under the License.
##
/**
* Class that represents a log event that was recorded in relation to a group
*/
class UserEvent extends EntityEvent {
/**
* Magic getter method - if group field requested, return Group object of the affected group.
* @param string $field to retrieve
* @return mixed data stored in field
*/
public function &__get($field) {
switch($field) {
case 'user':
$user = new User($this->data['entity_id']);
return $user;
default:
return parent::__get($field);
}
}
}

78
pagesection.php Normal file
View File

@@ -0,0 +1,78 @@
<?php
##
## Copyright 2013-2017 Opera Software AS
##
## Licensed under the Apache License, Version 2.0 (the "License");
## you may not use this file except in compliance with the License.
## You may obtain a copy of the License at
##
## http://www.apache.org/licenses/LICENSE-2.0
##
## Unless required by applicable law or agreed to in writing, software
## distributed under the License is distributed on an "AS IS" BASIS,
## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
## See the License for the specific language governing permissions and
## limitations under the License.
##
class PageSection {
private $template;
private $data;
public function __construct($template) {
global $relative_request_url;
global $active_user;
global $database;
global $config;
$this->template = $template;
$this->data = new StdClass;
$this->data->menu_items = array();
$this->data->menu_items['/'] = 'Home';
$this->data->menu_items['/servers'] = 'Servers';
$this->data->menu_items['/users'] = 'Users';
$this->data->menu_items['/groups'] = 'Groups';
$this->data->menu_items['/pubkeys'] = 'Public keys';
if($active_user->admin || count($active_user->list_admined_servers()) > 0) {
$this->data->menu_items['/activity'] = 'Activity';
}
if($active_user->admin) {
$this->data->menu_items['/tools'] = 'Tools';
}
$this->data->menu_items['/help'] = 'Help';
$this->data->relative_request_url = $relative_request_url;
$this->data->active_user = $active_user;
$this->data->web_config = $config['web'];
$this->data->email_config = $config['email'];
if($active_user->developer) {
$this->data->database = $database;
}
}
public function set_by_array($array, $prefix = '') {
foreach($array as $item => $data) {
$this->setData($prefix.$item, $data);
}
}
public function set($item, $data) {
$this->data->$item = $data;
}
public function get($item) {
if(isset($this->data->$item)) {
if(is_object($this->data->$item) && get_class($this->data->$item) == 'PageSection') {
return $this->data->$item->generate();
} else {
return $this->data->$item;
}
} else {
return null;
}
}
public function generate() {
ob_start();
$data = $this->data;
include_once(path_join('templates', 'functions.php'));
include(path_join('templates', $this->template.'.php'));
$output = ob_get_contents();
ob_end_clean();
return $output;
}
}

587
public_html/bootstrap/css/bootstrap-theme.css vendored Normal file
View File

@@ -0,0 +1,587 @@
/*!
* Bootstrap v3.3.7 (http://getbootstrap.com)
* Copyright 2011-2016 Twitter, Inc.
* Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE)
*/
.btn-default,
.btn-primary,
.btn-success,
.btn-info,
.btn-warning,
.btn-danger {
text-shadow: 0 -1px 0 rgba(0, 0, 0, .2);
-webkit-box-shadow: inset 0 1px 0 rgba(255, 255, 255, .15), 0 1px 1px rgba(0, 0, 0, .075);
box-shadow: inset 0 1px 0 rgba(255, 255, 255, .15), 0 1px 1px rgba(0, 0, 0, .075);
}
.btn-default:active,
.btn-primary:active,
.btn-success:active,
.btn-info:active,
.btn-warning:active,
.btn-danger:active,
.btn-default.active,
.btn-primary.active,
.btn-success.active,
.btn-info.active,
.btn-warning.active,
.btn-danger.active {
-webkit-box-shadow: inset 0 3px 5px rgba(0, 0, 0, .125);
box-shadow: inset 0 3px 5px rgba(0, 0, 0, .125);
}
.btn-default.disabled,
.btn-primary.disabled,
.btn-success.disabled,
.btn-info.disabled,
.btn-warning.disabled,
.btn-danger.disabled,
.btn-default[disabled],
.btn-primary[disabled],
.btn-success[disabled],
.btn-info[disabled],
.btn-warning[disabled],
.btn-danger[disabled],
fieldset[disabled] .btn-default,
fieldset[disabled] .btn-primary,
fieldset[disabled] .btn-success,
fieldset[disabled] .btn-info,
fieldset[disabled] .btn-warning,
fieldset[disabled] .btn-danger {
-webkit-box-shadow: none;
box-shadow: none;
}
.btn-default .badge,
.btn-primary .badge,
.btn-success .badge,
.btn-info .badge,
.btn-warning .badge,
.btn-danger .badge {
text-shadow: none;
}
.btn:active,
.btn.active {
background-image: none;
}
.btn-default {
text-shadow: 0 1px 0 #fff;
background-image: -webkit-linear-gradient(top, #fff 0%, #e0e0e0 100%);
background-image: -o-linear-gradient(top, #fff 0%, #e0e0e0 100%);
background-image: -webkit-gradient(linear, left top, left bottom, from(#fff), to(#e0e0e0));
background-image: linear-gradient(to bottom, #fff 0%, #e0e0e0 100%);
filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffffffff', endColorstr='#ffe0e0e0', GradientType=0);
filter: progid:DXImageTransform.Microsoft.gradient(enabled = false);
background-repeat: repeat-x;
border-color: #dbdbdb;
border-color: #ccc;
}
.btn-default:hover,
.btn-default:focus {
background-color: #e0e0e0;
background-position: 0 -15px;
}
.btn-default:active,
.btn-default.active {
background-color: #e0e0e0;
border-color: #dbdbdb;
}
.btn-default.disabled,
.btn-default[disabled],
fieldset[disabled] .btn-default,
.btn-default.disabled:hover,
.btn-default[disabled]:hover,
fieldset[disabled] .btn-default:hover,
.btn-default.disabled:focus,
.btn-default[disabled]:focus,
fieldset[disabled] .btn-default:focus,
.btn-default.disabled.focus,
.btn-default[disabled].focus,
fieldset[disabled] .btn-default.focus,
.btn-default.disabled:active,
.btn-default[disabled]:active,
fieldset[disabled] .btn-default:active,
.btn-default.disabled.active,
.btn-default[disabled].active,
fieldset[disabled] .btn-default.active {
background-color: #e0e0e0;
background-image: none;
}
.btn-primary {
background-image: -webkit-linear-gradient(top, #337ab7 0%, #265a88 100%);
background-image: -o-linear-gradient(top, #337ab7 0%, #265a88 100%);
background-image: -webkit-gradient(linear, left top, left bottom, from(#337ab7), to(#265a88));
background-image: linear-gradient(to bottom, #337ab7 0%, #265a88 100%);
filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff337ab7', endColorstr='#ff265a88', GradientType=0);
filter: progid:DXImageTransform.Microsoft.gradient(enabled = false);
background-repeat: repeat-x;
border-color: #245580;
}
.btn-primary:hover,
.btn-primary:focus {
background-color: #265a88;
background-position: 0 -15px;
}
.btn-primary:active,
.btn-primary.active {
background-color: #265a88;
border-color: #245580;
}
.btn-primary.disabled,
.btn-primary[disabled],
fieldset[disabled] .btn-primary,
.btn-primary.disabled:hover,
.btn-primary[disabled]:hover,
fieldset[disabled] .btn-primary:hover,
.btn-primary.disabled:focus,
.btn-primary[disabled]:focus,
fieldset[disabled] .btn-primary:focus,
.btn-primary.disabled.focus,
.btn-primary[disabled].focus,
fieldset[disabled] .btn-primary.focus,
.btn-primary.disabled:active,
.btn-primary[disabled]:active,
fieldset[disabled] .btn-primary:active,
.btn-primary.disabled.active,
.btn-primary[disabled].active,
fieldset[disabled] .btn-primary.active {
background-color: #265a88;
background-image: none;
}
.btn-success {
background-image: -webkit-linear-gradient(top, #5cb85c 0%, #419641 100%);
background-image: -o-linear-gradient(top, #5cb85c 0%, #419641 100%);
background-image: -webkit-gradient(linear, left top, left bottom, from(#5cb85c), to(#419641));
background-image: linear-gradient(to bottom, #5cb85c 0%, #419641 100%);
filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff5cb85c', endColorstr='#ff419641', GradientType=0);
filter: progid:DXImageTransform.Microsoft.gradient(enabled = false);
background-repeat: repeat-x;
border-color: #3e8f3e;
}
.btn-success:hover,
.btn-success:focus {
background-color: #419641;
background-position: 0 -15px;
}
.btn-success:active,
.btn-success.active {
background-color: #419641;
border-color: #3e8f3e;
}
.btn-success.disabled,
.btn-success[disabled],
fieldset[disabled] .btn-success,
.btn-success.disabled:hover,
.btn-success[disabled]:hover,
fieldset[disabled] .btn-success:hover,
.btn-success.disabled:focus,
.btn-success[disabled]:focus,
fieldset[disabled] .btn-success:focus,
.btn-success.disabled.focus,
.btn-success[disabled].focus,
fieldset[disabled] .btn-success.focus,
.btn-success.disabled:active,
.btn-success[disabled]:active,
fieldset[disabled] .btn-success:active,
.btn-success.disabled.active,
.btn-success[disabled].active,
fieldset[disabled] .btn-success.active {
background-color: #419641;
background-image: none;
}
.btn-info {
background-image: -webkit-linear-gradient(top, #5bc0de 0%, #2aabd2 100%);
background-image: -o-linear-gradient(top, #5bc0de 0%, #2aabd2 100%);
background-image: -webkit-gradient(linear, left top, left bottom, from(#5bc0de), to(#2aabd2));
background-image: linear-gradient(to bottom, #5bc0de 0%, #2aabd2 100%);
filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff5bc0de', endColorstr='#ff2aabd2', GradientType=0);
filter: progid:DXImageTransform.Microsoft.gradient(enabled = false);
background-repeat: repeat-x;
border-color: #28a4c9;
}
.btn-info:hover,
.btn-info:focus {
background-color: #2aabd2;
background-position: 0 -15px;
}
.btn-info:active,
.btn-info.active {
background-color: #2aabd2;
border-color: #28a4c9;
}
.btn-info.disabled,
.btn-info[disabled],
fieldset[disabled] .btn-info,
.btn-info.disabled:hover,
.btn-info[disabled]:hover,
fieldset[disabled] .btn-info:hover,
.btn-info.disabled:focus,
.btn-info[disabled]:focus,
fieldset[disabled] .btn-info:focus,
.btn-info.disabled.focus,
.btn-info[disabled].focus,
fieldset[disabled] .btn-info.focus,
.btn-info.disabled:active,
.btn-info[disabled]:active,
fieldset[disabled] .btn-info:active,
.btn-info.disabled.active,
.btn-info[disabled].active,
fieldset[disabled] .btn-info.active {
background-color: #2aabd2;
background-image: none;
}
.btn-warning {
background-image: -webkit-linear-gradient(top, #f0ad4e 0%, #eb9316 100%);
background-image: -o-linear-gradient(top, #f0ad4e 0%, #eb9316 100%);
background-image: -webkit-gradient(linear, left top, left bottom, from(#f0ad4e), to(#eb9316));
background-image: linear-gradient(to bottom, #f0ad4e 0%, #eb9316 100%);
filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#fff0ad4e', endColorstr='#ffeb9316', GradientType=0);
filter: progid:DXImageTransform.Microsoft.gradient(enabled = false);
background-repeat: repeat-x;
border-color: #e38d13;
}
.btn-warning:hover,
.btn-warning:focus {
background-color: #eb9316;
background-position: 0 -15px;
}
.btn-warning:active,
.btn-warning.active {
background-color: #eb9316;
border-color: #e38d13;
}
.btn-warning.disabled,
.btn-warning[disabled],
fieldset[disabled] .btn-warning,
.btn-warning.disabled:hover,
.btn-warning[disabled]:hover,
fieldset[disabled] .btn-warning:hover,
.btn-warning.disabled:focus,
.btn-warning[disabled]:focus,
fieldset[disabled] .btn-warning:focus,
.btn-warning.disabled.focus,
.btn-warning[disabled].focus,
fieldset[disabled] .btn-warning.focus,
.btn-warning.disabled:active,
.btn-warning[disabled]:active,
fieldset[disabled] .btn-warning:active,
.btn-warning.disabled.active,
.btn-warning[disabled].active,
fieldset[disabled] .btn-warning.active {
background-color: #eb9316;
background-image: none;
}
.btn-danger {
background-image: -webkit-linear-gradient(top, #d9534f 0%, #c12e2a 100%);
background-image: -o-linear-gradient(top, #d9534f 0%, #c12e2a 100%);
background-image: -webkit-gradient(linear, left top, left bottom, from(#d9534f), to(#c12e2a));
background-image: linear-gradient(to bottom, #d9534f 0%, #c12e2a 100%);
filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffd9534f', endColorstr='#ffc12e2a', GradientType=0);
filter: progid:DXImageTransform.Microsoft.gradient(enabled = false);
background-repeat: repeat-x;
border-color: #b92c28;
}
.btn-danger:hover,
.btn-danger:focus {
background-color: #c12e2a;
background-position: 0 -15px;
}
.btn-danger:active,
.btn-danger.active {
background-color: #c12e2a;
border-color: #b92c28;
}
.btn-danger.disabled,
.btn-danger[disabled],
fieldset[disabled] .btn-danger,
.btn-danger.disabled:hover,
.btn-danger[disabled]:hover,
fieldset[disabled] .btn-danger:hover,
.btn-danger.disabled:focus,
.btn-danger[disabled]:focus,
fieldset[disabled] .btn-danger:focus,
.btn-danger.disabled.focus,
.btn-danger[disabled].focus,
fieldset[disabled] .btn-danger.focus,
.btn-danger.disabled:active,
.btn-danger[disabled]:active,
fieldset[disabled] .btn-danger:active,
.btn-danger.disabled.active,
.btn-danger[disabled].active,
fieldset[disabled] .btn-danger.active {
background-color: #c12e2a;
background-image: none;
}
.thumbnail,
.img-thumbnail {
-webkit-box-shadow: 0 1px 2px rgba(0, 0, 0, .075);
box-shadow: 0 1px 2px rgba(0, 0, 0, .075);
}
.dropdown-menu > li > a:hover,
.dropdown-menu > li > a:focus {
background-color: #e8e8e8;
background-image: -webkit-linear-gradient(top, #f5f5f5 0%, #e8e8e8 100%);
background-image: -o-linear-gradient(top, #f5f5f5 0%, #e8e8e8 100%);
background-image: -webkit-gradient(linear, left top, left bottom, from(#f5f5f5), to(#e8e8e8));
background-image: linear-gradient(to bottom, #f5f5f5 0%, #e8e8e8 100%);
filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#fff5f5f5', endColorstr='#ffe8e8e8', GradientType=0);
background-repeat: repeat-x;
}
.dropdown-menu > .active > a,
.dropdown-menu > .active > a:hover,
.dropdown-menu > .active > a:focus {
background-color: #2e6da4;
background-image: -webkit-linear-gradient(top, #337ab7 0%, #2e6da4 100%);
background-image: -o-linear-gradient(top, #337ab7 0%, #2e6da4 100%);
background-image: -webkit-gradient(linear, left top, left bottom, from(#337ab7), to(#2e6da4));
background-image: linear-gradient(to bottom, #337ab7 0%, #2e6da4 100%);
filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff337ab7', endColorstr='#ff2e6da4', GradientType=0);
background-repeat: repeat-x;
}
.navbar-default {
background-image: -webkit-linear-gradient(top, #fff 0%, #f8f8f8 100%);
background-image: -o-linear-gradient(top, #fff 0%, #f8f8f8 100%);
background-image: -webkit-gradient(linear, left top, left bottom, from(#fff), to(#f8f8f8));
background-image: linear-gradient(to bottom, #fff 0%, #f8f8f8 100%);
filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffffffff', endColorstr='#fff8f8f8', GradientType=0);
filter: progid:DXImageTransform.Microsoft.gradient(enabled = false);
background-repeat: repeat-x;
border-radius: 4px;
-webkit-box-shadow: inset 0 1px 0 rgba(255, 255, 255, .15), 0 1px 5px rgba(0, 0, 0, .075);
box-shadow: inset 0 1px 0 rgba(255, 255, 255, .15), 0 1px 5px rgba(0, 0, 0, .075);
}
.navbar-default .navbar-nav > .open > a,
.navbar-default .navbar-nav > .active > a {
background-image: -webkit-linear-gradient(top, #dbdbdb 0%, #e2e2e2 100%);
background-image: -o-linear-gradient(top, #dbdbdb 0%, #e2e2e2 100%);
background-image: -webkit-gradient(linear, left top, left bottom, from(#dbdbdb), to(#e2e2e2));
background-image: linear-gradient(to bottom, #dbdbdb 0%, #e2e2e2 100%);
filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffdbdbdb', endColorstr='#ffe2e2e2', GradientType=0);
background-repeat: repeat-x;
-webkit-box-shadow: inset 0 3px 9px rgba(0, 0, 0, .075);
box-shadow: inset 0 3px 9px rgba(0, 0, 0, .075);
}
.navbar-brand,
.navbar-nav > li > a {
text-shadow: 0 1px 0 rgba(255, 255, 255, .25);
}
.navbar-inverse {
background-image: -webkit-linear-gradient(top, #3c3c3c 0%, #222 100%);
background-image: -o-linear-gradient(top, #3c3c3c 0%, #222 100%);
background-image: -webkit-gradient(linear, left top, left bottom, from(#3c3c3c), to(#222));
background-image: linear-gradient(to bottom, #3c3c3c 0%, #222 100%);
filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff3c3c3c', endColorstr='#ff222222', GradientType=0);
filter: progid:DXImageTransform.Microsoft.gradient(enabled = false);
background-repeat: repeat-x;
border-radius: 4px;
}
.navbar-inverse .navbar-nav > .open > a,
.navbar-inverse .navbar-nav > .active > a {
background-image: -webkit-linear-gradient(top, #080808 0%, #0f0f0f 100%);
background-image: -o-linear-gradient(top, #080808 0%, #0f0f0f 100%);
background-image: -webkit-gradient(linear, left top, left bottom, from(#080808), to(#0f0f0f));
background-image: linear-gradient(to bottom, #080808 0%, #0f0f0f 100%);
filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff080808', endColorstr='#ff0f0f0f', GradientType=0);
background-repeat: repeat-x;
-webkit-box-shadow: inset 0 3px 9px rgba(0, 0, 0, .25);
box-shadow: inset 0 3px 9px rgba(0, 0, 0, .25);
}
.navbar-inverse .navbar-brand,
.navbar-inverse .navbar-nav > li > a {
text-shadow: 0 -1px 0 rgba(0, 0, 0, .25);
}
.navbar-static-top,
.navbar-fixed-top,
.navbar-fixed-bottom {
border-radius: 0;
}
@media (max-width: 767px) {
.navbar .navbar-nav .open .dropdown-menu > .active > a,
.navbar .navbar-nav .open .dropdown-menu > .active > a:hover,
.navbar .navbar-nav .open .dropdown-menu > .active > a:focus {
color: #fff;
background-image: -webkit-linear-gradient(top, #337ab7 0%, #2e6da4 100%);
background-image: -o-linear-gradient(top, #337ab7 0%, #2e6da4 100%);
background-image: -webkit-gradient(linear, left top, left bottom, from(#337ab7), to(#2e6da4));
background-image: linear-gradient(to bottom, #337ab7 0%, #2e6da4 100%);
filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff337ab7', endColorstr='#ff2e6da4', GradientType=0);
background-repeat: repeat-x;
}
}
.alert {
text-shadow: 0 1px 0 rgba(255, 255, 255, .2);
-webkit-box-shadow: inset 0 1px 0 rgba(255, 255, 255, .25), 0 1px 2px rgba(0, 0, 0, .05);
box-shadow: inset 0 1px 0 rgba(255, 255, 255, .25), 0 1px 2px rgba(0, 0, 0, .05);
}
.alert-success {
background-image: -webkit-linear-gradient(top, #dff0d8 0%, #c8e5bc 100%);
background-image: -o-linear-gradient(top, #dff0d8 0%, #c8e5bc 100%);
background-image: -webkit-gradient(linear, left top, left bottom, from(#dff0d8), to(#c8e5bc));
background-image: linear-gradient(to bottom, #dff0d8 0%, #c8e5bc 100%);
filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffdff0d8', endColorstr='#ffc8e5bc', GradientType=0);
background-repeat: repeat-x;
border-color: #b2dba1;
}
.alert-info {
background-image: -webkit-linear-gradient(top, #d9edf7 0%, #b9def0 100%);
background-image: -o-linear-gradient(top, #d9edf7 0%, #b9def0 100%);
background-image: -webkit-gradient(linear, left top, left bottom, from(#d9edf7), to(#b9def0));
background-image: linear-gradient(to bottom, #d9edf7 0%, #b9def0 100%);
filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffd9edf7', endColorstr='#ffb9def0', GradientType=0);
background-repeat: repeat-x;
border-color: #9acfea;
}
.alert-warning {
background-image: -webkit-linear-gradient(top, #fcf8e3 0%, #f8efc0 100%);
background-image: -o-linear-gradient(top, #fcf8e3 0%, #f8efc0 100%);
background-image: -webkit-gradient(linear, left top, left bottom, from(#fcf8e3), to(#f8efc0));
background-image: linear-gradient(to bottom, #fcf8e3 0%, #f8efc0 100%);
filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#fffcf8e3', endColorstr='#fff8efc0', GradientType=0);
background-repeat: repeat-x;
border-color: #f5e79e;
}
.alert-danger {
background-image: -webkit-linear-gradient(top, #f2dede 0%, #e7c3c3 100%);
background-image: -o-linear-gradient(top, #f2dede 0%, #e7c3c3 100%);
background-image: -webkit-gradient(linear, left top, left bottom, from(#f2dede), to(#e7c3c3));
background-image: linear-gradient(to bottom, #f2dede 0%, #e7c3c3 100%);
filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#fff2dede', endColorstr='#ffe7c3c3', GradientType=0);
background-repeat: repeat-x;
border-color: #dca7a7;
}
.progress {
background-image: -webkit-linear-gradient(top, #ebebeb 0%, #f5f5f5 100%);
background-image: -o-linear-gradient(top, #ebebeb 0%, #f5f5f5 100%);
background-image: -webkit-gradient(linear, left top, left bottom, from(#ebebeb), to(#f5f5f5));
background-image: linear-gradient(to bottom, #ebebeb 0%, #f5f5f5 100%);
filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffebebeb', endColorstr='#fff5f5f5', GradientType=0);
background-repeat: repeat-x;
}
.progress-bar {
background-image: -webkit-linear-gradient(top, #337ab7 0%, #286090 100%);
background-image: -o-linear-gradient(top, #337ab7 0%, #286090 100%);
background-image: -webkit-gradient(linear, left top, left bottom, from(#337ab7), to(#286090));
background-image: linear-gradient(to bottom, #337ab7 0%, #286090 100%);
filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff337ab7', endColorstr='#ff286090', GradientType=0);
background-repeat: repeat-x;
}
.progress-bar-success {
background-image: -webkit-linear-gradient(top, #5cb85c 0%, #449d44 100%);
background-image: -o-linear-gradient(top, #5cb85c 0%, #449d44 100%);
background-image: -webkit-gradient(linear, left top, left bottom, from(#5cb85c), to(#449d44));
background-image: linear-gradient(to bottom, #5cb85c 0%, #449d44 100%);
filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff5cb85c', endColorstr='#ff449d44', GradientType=0);
background-repeat: repeat-x;
}
.progress-bar-info {
background-image: -webkit-linear-gradient(top, #5bc0de 0%, #31b0d5 100%);
background-image: -o-linear-gradient(top, #5bc0de 0%, #31b0d5 100%);
background-image: -webkit-gradient(linear, left top, left bottom, from(#5bc0de), to(#31b0d5));
background-image: linear-gradient(to bottom, #5bc0de 0%, #31b0d5 100%);
filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff5bc0de', endColorstr='#ff31b0d5', GradientType=0);
background-repeat: repeat-x;
}
.progress-bar-warning {
background-image: -webkit-linear-gradient(top, #f0ad4e 0%, #ec971f 100%);
background-image: -o-linear-gradient(top, #f0ad4e 0%, #ec971f 100%);
background-image: -webkit-gradient(linear, left top, left bottom, from(#f0ad4e), to(#ec971f));
background-image: linear-gradient(to bottom, #f0ad4e 0%, #ec971f 100%);
filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#fff0ad4e', endColorstr='#ffec971f', GradientType=0);
background-repeat: repeat-x;
}
.progress-bar-danger {
background-image: -webkit-linear-gradient(top, #d9534f 0%, #c9302c 100%);
background-image: -o-linear-gradient(top, #d9534f 0%, #c9302c 100%);
background-image: -webkit-gradient(linear, left top, left bottom, from(#d9534f), to(#c9302c));
background-image: linear-gradient(to bottom, #d9534f 0%, #c9302c 100%);
filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffd9534f', endColorstr='#ffc9302c', GradientType=0);
background-repeat: repeat-x;
}
.progress-bar-striped {
background-image: -webkit-linear-gradient(45deg, rgba(255, 255, 255, .15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, .15) 50%, rgba(255, 255, 255, .15) 75%, transparent 75%, transparent);
background-image: -o-linear-gradient(45deg, rgba(255, 255, 255, .15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, .15) 50%, rgba(255, 255, 255, .15) 75%, transparent 75%, transparent);
background-image: linear-gradient(45deg, rgba(255, 255, 255, .15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, .15) 50%, rgba(255, 255, 255, .15) 75%, transparent 75%, transparent);
}
.list-group {
border-radius: 4px;
-webkit-box-shadow: 0 1px 2px rgba(0, 0, 0, .075);
box-shadow: 0 1px 2px rgba(0, 0, 0, .075);
}
.list-group-item.active,
.list-group-item.active:hover,
.list-group-item.active:focus {
text-shadow: 0 -1px 0 #286090;
background-image: -webkit-linear-gradient(top, #337ab7 0%, #2b669a 100%);
background-image: -o-linear-gradient(top, #337ab7 0%, #2b669a 100%);
background-image: -webkit-gradient(linear, left top, left bottom, from(#337ab7), to(#2b669a));
background-image: linear-gradient(to bottom, #337ab7 0%, #2b669a 100%);
filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff337ab7', endColorstr='#ff2b669a', GradientType=0);
background-repeat: repeat-x;
border-color: #2b669a;
}
.list-group-item.active .badge,
.list-group-item.active:hover .badge,
.list-group-item.active:focus .badge {
text-shadow: none;
}
.panel {
-webkit-box-shadow: 0 1px 2px rgba(0, 0, 0, .05);
box-shadow: 0 1px 2px rgba(0, 0, 0, .05);
}
.panel-default > .panel-heading {
background-image: -webkit-linear-gradient(top, #f5f5f5 0%, #e8e8e8 100%);
background-image: -o-linear-gradient(top, #f5f5f5 0%, #e8e8e8 100%);
background-image: -webkit-gradient(linear, left top, left bottom, from(#f5f5f5), to(#e8e8e8));
background-image: linear-gradient(to bottom, #f5f5f5 0%, #e8e8e8 100%);
filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#fff5f5f5', endColorstr='#ffe8e8e8', GradientType=0);
background-repeat: repeat-x;
}
.panel-primary > .panel-heading {
background-image: -webkit-linear-gradient(top, #337ab7 0%, #2e6da4 100%);
background-image: -o-linear-gradient(top, #337ab7 0%, #2e6da4 100%);
background-image: -webkit-gradient(linear, left top, left bottom, from(#337ab7), to(#2e6da4));
background-image: linear-gradient(to bottom, #337ab7 0%, #2e6da4 100%);
filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff337ab7', endColorstr='#ff2e6da4', GradientType=0);
background-repeat: repeat-x;
}
.panel-success > .panel-heading {
background-image: -webkit-linear-gradient(top, #dff0d8 0%, #d0e9c6 100%);
background-image: -o-linear-gradient(top, #dff0d8 0%, #d0e9c6 100%);
background-image: -webkit-gradient(linear, left top, left bottom, from(#dff0d8), to(#d0e9c6));
background-image: linear-gradient(to bottom, #dff0d8 0%, #d0e9c6 100%);
filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffdff0d8', endColorstr='#ffd0e9c6', GradientType=0);
background-repeat: repeat-x;
}
.panel-info > .panel-heading {
background-image: -webkit-linear-gradient(top, #d9edf7 0%, #c4e3f3 100%);
background-image: -o-linear-gradient(top, #d9edf7 0%, #c4e3f3 100%);
background-image: -webkit-gradient(linear, left top, left bottom, from(#d9edf7), to(#c4e3f3));
background-image: linear-gradient(to bottom, #d9edf7 0%, #c4e3f3 100%);
filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffd9edf7', endColorstr='#ffc4e3f3', GradientType=0);
background-repeat: repeat-x;
}
.panel-warning > .panel-heading {
background-image: -webkit-linear-gradient(top, #fcf8e3 0%, #faf2cc 100%);
background-image: -o-linear-gradient(top, #fcf8e3 0%, #faf2cc 100%);
background-image: -webkit-gradient(linear, left top, left bottom, from(#fcf8e3), to(#faf2cc));
background-image: linear-gradient(to bottom, #fcf8e3 0%, #faf2cc 100%);
filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#fffcf8e3', endColorstr='#fffaf2cc', GradientType=0);
background-repeat: repeat-x;
}
.panel-danger > .panel-heading {
background-image: -webkit-linear-gradient(top, #f2dede 0%, #ebcccc 100%);
background-image: -o-linear-gradient(top, #f2dede 0%, #ebcccc 100%);
background-image: -webkit-gradient(linear, left top, left bottom, from(#f2dede), to(#ebcccc));
background-image: linear-gradient(to bottom, #f2dede 0%, #ebcccc 100%);
filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#fff2dede', endColorstr='#ffebcccc', GradientType=0);
background-repeat: repeat-x;
}
.well {
background-image: -webkit-linear-gradient(top, #e8e8e8 0%, #f5f5f5 100%);
background-image: -o-linear-gradient(top, #e8e8e8 0%, #f5f5f5 100%);
background-image: -webkit-gradient(linear, left top, left bottom, from(#e8e8e8), to(#f5f5f5));
background-image: linear-gradient(to bottom, #e8e8e8 0%, #f5f5f5 100%);
filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffe8e8e8', endColorstr='#fff5f5f5', GradientType=0);
background-repeat: repeat-x;
border-color: #dcdcdc;
-webkit-box-shadow: inset 0 1px 3px rgba(0, 0, 0, .05), 0 1px 0 rgba(255, 255, 255, .1);
box-shadow: inset 0 1px 3px rgba(0, 0, 0, .05), 0 1px 0 rgba(255, 255, 255, .1);
}
/*# sourceMappingURL=bootstrap-theme.css.map */

1
public_html/bootstrap/css/bootstrap-theme.css.map Normal file
View File

File diff suppressed because one or more lines are too long

6
public_html/bootstrap/css/bootstrap-theme.min.css vendored Normal file
View File

File diff suppressed because one or more lines are too long

1
public_html/bootstrap/css/bootstrap-theme.min.css.map Normal file
View File

File diff suppressed because one or more lines are too long

6757
public_html/bootstrap/css/bootstrap.css vendored Normal file
View File

File diff suppressed because it is too large Load Diff

1
public_html/bootstrap/css/bootstrap.css.map Normal file
View File

File diff suppressed because one or more lines are too long

6
public_html/bootstrap/css/bootstrap.min.css vendored Normal file
View File

File diff suppressed because one or more lines are too long

1
public_html/bootstrap/css/bootstrap.min.css.map Normal file
View File

File diff suppressed because one or more lines are too long

BIN
public_html/bootstrap/fonts/glyphicons-halflings-regular.eot Normal file
View File

Binary file not shown.

288
public_html/bootstrap/fonts/glyphicons-halflings-regular.svg Normal file
View File

@@ -0,0 +1,288 @@
<?xml version="1.0" standalone="no"?>
<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd" >
<svg xmlns="http://www.w3.org/2000/svg">
<metadata></metadata>
<defs>
<font id="glyphicons_halflingsregular" horiz-adv-x="1200" >
<font-face units-per-em="1200" ascent="960" descent="-240" />
<missing-glyph horiz-adv-x="500" />
<glyph horiz-adv-x="0" />
<glyph horiz-adv-x="400" />
<glyph unicode=" " />
<glyph unicode="*" d="M600 1100q15 0 34 -1.5t30 -3.5l11 -1q10 -2 17.5 -10.5t7.5 -18.5v-224l158 158q7 7 18 8t19 -6l106 -106q7 -8 6 -19t-8 -18l-158 -158h224q10 0 18.5 -7.5t10.5 -17.5q6 -41 6 -75q0 -15 -1.5 -34t-3.5 -30l-1 -11q-2 -10 -10.5 -17.5t-18.5 -7.5h-224l158 -158 q7 -7 8 -18t-6 -19l-106 -106q-8 -7 -19 -6t-18 8l-158 158v-224q0 -10 -7.5 -18.5t-17.5 -10.5q-41 -6 -75 -6q-15 0 -34 1.5t-30 3.5l-11 1q-10 2 -17.5 10.5t-7.5 18.5v224l-158 -158q-7 -7 -18 -8t-19 6l-106 106q-7 8 -6 19t8 18l158 158h-224q-10 0 -18.5 7.5 t-10.5 17.5q-6 41 -6 75q0 15 1.5 34t3.5 30l1 11q2 10 10.5 17.5t18.5 7.5h224l-158 158q-7 7 -8 18t6 19l106 106q8 7 19 6t18 -8l158 -158v224q0 10 7.5 18.5t17.5 10.5q41 6 75 6z" />
<glyph unicode="+" d="M450 1100h200q21 0 35.5 -14.5t14.5 -35.5v-350h350q21 0 35.5 -14.5t14.5 -35.5v-200q0 -21 -14.5 -35.5t-35.5 -14.5h-350v-350q0 -21 -14.5 -35.5t-35.5 -14.5h-200q-21 0 -35.5 14.5t-14.5 35.5v350h-350q-21 0 -35.5 14.5t-14.5 35.5v200q0 21 14.5 35.5t35.5 14.5 h350v350q0 21 14.5 35.5t35.5 14.5z" />
<glyph unicode="&#xa0;" />
<glyph unicode="&#xa5;" d="M825 1100h250q10 0 12.5 -5t-5.5 -13l-364 -364q-6 -6 -11 -18h268q10 0 13 -6t-3 -14l-120 -160q-6 -8 -18 -14t-22 -6h-125v-100h275q10 0 13 -6t-3 -14l-120 -160q-6 -8 -18 -14t-22 -6h-125v-174q0 -11 -7.5 -18.5t-18.5 -7.5h-148q-11 0 -18.5 7.5t-7.5 18.5v174 h-275q-10 0 -13 6t3 14l120 160q6 8 18 14t22 6h125v100h-275q-10 0 -13 6t3 14l120 160q6 8 18 14t22 6h118q-5 12 -11 18l-364 364q-8 8 -5.5 13t12.5 5h250q25 0 43 -18l164 -164q8 -8 18 -8t18 8l164 164q18 18 43 18z" />
<glyph unicode="&#x2000;" horiz-adv-x="650" />
<glyph unicode="&#x2001;" horiz-adv-x="1300" />
<glyph unicode="&#x2002;" horiz-adv-x="650" />
<glyph unicode="&#x2003;" horiz-adv-x="1300" />
<glyph unicode="&#x2004;" horiz-adv-x="433" />
<glyph unicode="&#x2005;" horiz-adv-x="325" />
<glyph unicode="&#x2006;" horiz-adv-x="216" />
<glyph unicode="&#x2007;" horiz-adv-x="216" />
<glyph unicode="&#x2008;" horiz-adv-x="162" />
<glyph unicode="&#x2009;" horiz-adv-x="260" />
<glyph unicode="&#x200a;" horiz-adv-x="72" />
<glyph unicode="&#x202f;" horiz-adv-x="260" />
<glyph unicode="&#x205f;" horiz-adv-x="325" />
<glyph unicode="&#x20ac;" d="M744 1198q242 0 354 -189q60 -104 66 -209h-181q0 45 -17.5 82.5t-43.5 61.5t-58 40.5t-60.5 24t-51.5 7.5q-19 0 -40.5 -5.5t-49.5 -20.5t-53 -38t-49 -62.5t-39 -89.5h379l-100 -100h-300q-6 -50 -6 -100h406l-100 -100h-300q9 -74 33 -132t52.5 -91t61.5 -54.5t59 -29 t47 -7.5q22 0 50.5 7.5t60.5 24.5t58 41t43.5 61t17.5 80h174q-30 -171 -128 -278q-107 -117 -274 -117q-206 0 -324 158q-36 48 -69 133t-45 204h-217l100 100h112q1 47 6 100h-218l100 100h134q20 87 51 153.5t62 103.5q117 141 297 141z" />
<glyph unicode="&#x20bd;" d="M428 1200h350q67 0 120 -13t86 -31t57 -49.5t35 -56.5t17 -64.5t6.5 -60.5t0.5 -57v-16.5v-16.5q0 -36 -0.5 -57t-6.5 -61t-17 -65t-35 -57t-57 -50.5t-86 -31.5t-120 -13h-178l-2 -100h288q10 0 13 -6t-3 -14l-120 -160q-6 -8 -18 -14t-22 -6h-138v-175q0 -11 -5.5 -18 t-15.5 -7h-149q-10 0 -17.5 7.5t-7.5 17.5v175h-267q-10 0 -13 6t3 14l120 160q6 8 18 14t22 6h117v100h-267q-10 0 -13 6t3 14l120 160q6 8 18 14t22 6h117v475q0 10 7.5 17.5t17.5 7.5zM600 1000v-300h203q64 0 86.5 33t22.5 119q0 84 -22.5 116t-86.5 32h-203z" />
<glyph unicode="&#x2212;" d="M250 700h800q21 0 35.5 -14.5t14.5 -35.5v-200q0 -21 -14.5 -35.5t-35.5 -14.5h-800q-21 0 -35.5 14.5t-14.5 35.5v200q0 21 14.5 35.5t35.5 14.5z" />
<glyph unicode="&#x231b;" d="M1000 1200v-150q0 -21 -14.5 -35.5t-35.5 -14.5h-50v-100q0 -91 -49.5 -165.5t-130.5 -109.5q81 -35 130.5 -109.5t49.5 -165.5v-150h50q21 0 35.5 -14.5t14.5 -35.5v-150h-800v150q0 21 14.5 35.5t35.5 14.5h50v150q0 91 49.5 165.5t130.5 109.5q-81 35 -130.5 109.5 t-49.5 165.5v100h-50q-21 0 -35.5 14.5t-14.5 35.5v150h800zM400 1000v-100q0 -60 32.5 -109.5t87.5 -73.5q28 -12 44 -37t16 -55t-16 -55t-44 -37q-55 -24 -87.5 -73.5t-32.5 -109.5v-150h400v150q0 60 -32.5 109.5t-87.5 73.5q-28 12 -44 37t-16 55t16 55t44 37 q55 24 87.5 73.5t32.5 109.5v100h-400z" />
<glyph unicode="&#x25fc;" horiz-adv-x="500" d="M0 0z" />
<glyph unicode="&#x2601;" d="M503 1089q110 0 200.5 -59.5t134.5 -156.5q44 14 90 14q120 0 205 -86.5t85 -206.5q0 -121 -85 -207.5t-205 -86.5h-750q-79 0 -135.5 57t-56.5 137q0 69 42.5 122.5t108.5 67.5q-2 12 -2 37q0 153 108 260.5t260 107.5z" />
<glyph unicode="&#x26fa;" d="M774 1193.5q16 -9.5 20.5 -27t-5.5 -33.5l-136 -187l467 -746h30q20 0 35 -18.5t15 -39.5v-42h-1200v42q0 21 15 39.5t35 18.5h30l468 746l-135 183q-10 16 -5.5 34t20.5 28t34 5.5t28 -20.5l111 -148l112 150q9 16 27 20.5t34 -5zM600 200h377l-182 112l-195 534v-646z " />
<glyph unicode="&#x2709;" d="M25 1100h1150q10 0 12.5 -5t-5.5 -13l-564 -567q-8 -8 -18 -8t-18 8l-564 567q-8 8 -5.5 13t12.5 5zM18 882l264 -264q8 -8 8 -18t-8 -18l-264 -264q-8 -8 -13 -5.5t-5 12.5v550q0 10 5 12.5t13 -5.5zM918 618l264 264q8 8 13 5.5t5 -12.5v-550q0 -10 -5 -12.5t-13 5.5 l-264 264q-8 8 -8 18t8 18zM818 482l364 -364q8 -8 5.5 -13t-12.5 -5h-1150q-10 0 -12.5 5t5.5 13l364 364q8 8 18 8t18 -8l164 -164q8 -8 18 -8t18 8l164 164q8 8 18 8t18 -8z" />
<glyph unicode="&#x270f;" d="M1011 1210q19 0 33 -13l153 -153q13 -14 13 -33t-13 -33l-99 -92l-214 214l95 96q13 14 32 14zM1013 800l-615 -614l-214 214l614 614zM317 96l-333 -112l110 335z" />
<glyph unicode="&#xe001;" d="M700 650v-550h250q21 0 35.5 -14.5t14.5 -35.5v-50h-800v50q0 21 14.5 35.5t35.5 14.5h250v550l-500 550h1200z" />
<glyph unicode="&#xe002;" d="M368 1017l645 163q39 15 63 0t24 -49v-831q0 -55 -41.5 -95.5t-111.5 -63.5q-79 -25 -147 -4.5t-86 75t25.5 111.5t122.5 82q72 24 138 8v521l-600 -155v-606q0 -42 -44 -90t-109 -69q-79 -26 -147 -5.5t-86 75.5t25.5 111.5t122.5 82.5q72 24 138 7v639q0 38 14.5 59 t53.5 34z" />
<glyph unicode="&#xe003;" d="M500 1191q100 0 191 -39t156.5 -104.5t104.5 -156.5t39 -191l-1 -2l1 -5q0 -141 -78 -262l275 -274q23 -26 22.5 -44.5t-22.5 -42.5l-59 -58q-26 -20 -46.5 -20t-39.5 20l-275 274q-119 -77 -261 -77l-5 1l-2 -1q-100 0 -191 39t-156.5 104.5t-104.5 156.5t-39 191 t39 191t104.5 156.5t156.5 104.5t191 39zM500 1022q-88 0 -162 -43t-117 -117t-43 -162t43 -162t117 -117t162 -43t162 43t117 117t43 162t-43 162t-117 117t-162 43z" />
<glyph unicode="&#xe005;" d="M649 949q48 68 109.5 104t121.5 38.5t118.5 -20t102.5 -64t71 -100.5t27 -123q0 -57 -33.5 -117.5t-94 -124.5t-126.5 -127.5t-150 -152.5t-146 -174q-62 85 -145.5 174t-150 152.5t-126.5 127.5t-93.5 124.5t-33.5 117.5q0 64 28 123t73 100.5t104 64t119 20 t120.5 -38.5t104.5 -104z" />
<glyph unicode="&#xe006;" d="M407 800l131 353q7 19 17.5 19t17.5 -19l129 -353h421q21 0 24 -8.5t-14 -20.5l-342 -249l130 -401q7 -20 -0.5 -25.5t-24.5 6.5l-343 246l-342 -247q-17 -12 -24.5 -6.5t-0.5 25.5l130 400l-347 251q-17 12 -14 20.5t23 8.5h429z" />
<glyph unicode="&#xe007;" d="M407 800l131 353q7 19 17.5 19t17.5 -19l129 -353h421q21 0 24 -8.5t-14 -20.5l-342 -249l130 -401q7 -20 -0.5 -25.5t-24.5 6.5l-343 246l-342 -247q-17 -12 -24.5 -6.5t-0.5 25.5l130 400l-347 251q-17 12 -14 20.5t23 8.5h429zM477 700h-240l197 -142l-74 -226 l193 139l195 -140l-74 229l192 140h-234l-78 211z" />
<glyph unicode="&#xe008;" d="M600 1200q124 0 212 -88t88 -212v-250q0 -46 -31 -98t-69 -52v-75q0 -10 6 -21.5t15 -17.5l358 -230q9 -5 15 -16.5t6 -21.5v-93q0 -10 -7.5 -17.5t-17.5 -7.5h-1150q-10 0 -17.5 7.5t-7.5 17.5v93q0 10 6 21.5t15 16.5l358 230q9 6 15 17.5t6 21.5v75q-38 0 -69 52 t-31 98v250q0 124 88 212t212 88z" />
<glyph unicode="&#xe009;" d="M25 1100h1150q10 0 17.5 -7.5t7.5 -17.5v-1050q0 -10 -7.5 -17.5t-17.5 -7.5h-1150q-10 0 -17.5 7.5t-7.5 17.5v1050q0 10 7.5 17.5t17.5 7.5zM100 1000v-100h100v100h-100zM875 1000h-550q-10 0 -17.5 -7.5t-7.5 -17.5v-350q0 -10 7.5 -17.5t17.5 -7.5h550 q10 0 17.5 7.5t7.5 17.5v350q0 10 -7.5 17.5t-17.5 7.5zM1000 1000v-100h100v100h-100zM100 800v-100h100v100h-100zM1000 800v-100h100v100h-100zM100 600v-100h100v100h-100zM1000 600v-100h100v100h-100zM875 500h-550q-10 0 -17.5 -7.5t-7.5 -17.5v-350q0 -10 7.5 -17.5 t17.5 -7.5h550q10 0 17.5 7.5t7.5 17.5v350q0 10 -7.5 17.5t-17.5 7.5zM100 400v-100h100v100h-100zM1000 400v-100h100v100h-100zM100 200v-100h100v100h-100zM1000 200v-100h100v100h-100z" />
<glyph unicode="&#xe010;" d="M50 1100h400q21 0 35.5 -14.5t14.5 -35.5v-400q0 -21 -14.5 -35.5t-35.5 -14.5h-400q-21 0 -35.5 14.5t-14.5 35.5v400q0 21 14.5 35.5t35.5 14.5zM650 1100h400q21 0 35.5 -14.5t14.5 -35.5v-400q0 -21 -14.5 -35.5t-35.5 -14.5h-400q-21 0 -35.5 14.5t-14.5 35.5v400 q0 21 14.5 35.5t35.5 14.5zM50 500h400q21 0 35.5 -14.5t14.5 -35.5v-400q0 -21 -14.5 -35.5t-35.5 -14.5h-400q-21 0 -35.5 14.5t-14.5 35.5v400q0 21 14.5 35.5t35.5 14.5zM650 500h400q21 0 35.5 -14.5t14.5 -35.5v-400q0 -21 -14.5 -35.5t-35.5 -14.5h-400 q-21 0 -35.5 14.5t-14.5 35.5v400q0 21 14.5 35.5t35.5 14.5z" />
<glyph unicode="&#xe011;" d="M50 1100h200q21 0 35.5 -14.5t14.5 -35.5v-200q0 -21 -14.5 -35.5t-35.5 -14.5h-200q-21 0 -35.5 14.5t-14.5 35.5v200q0 21 14.5 35.5t35.5 14.5zM450 1100h200q21 0 35.5 -14.5t14.5 -35.5v-200q0 -21 -14.5 -35.5t-35.5 -14.5h-200q-21 0 -35.5 14.5t-14.5 35.5v200 q0 21 14.5 35.5t35.5 14.5zM850 1100h200q21 0 35.5 -14.5t14.5 -35.5v-200q0 -21 -14.5 -35.5t-35.5 -14.5h-200q-21 0 -35.5 14.5t-14.5 35.5v200q0 21 14.5 35.5t35.5 14.5zM50 700h200q21 0 35.5 -14.5t14.5 -35.5v-200q0 -21 -14.5 -35.5t-35.5 -14.5h-200 q-21 0 -35.5 14.5t-14.5 35.5v200q0 21 14.5 35.5t35.5 14.5zM450 700h200q21 0 35.5 -14.5t14.5 -35.5v-200q0 -21 -14.5 -35.5t-35.5 -14.5h-200q-21 0 -35.5 14.5t-14.5 35.5v200q0 21 14.5 35.5t35.5 14.5zM850 700h200q21 0 35.5 -14.5t14.5 -35.5v-200 q0 -21 -14.5 -35.5t-35.5 -14.5h-200q-21 0 -35.5 14.5t-14.5 35.5v200q0 21 14.5 35.5t35.5 14.5zM50 300h200q21 0 35.5 -14.5t14.5 -35.5v-200q0 -21 -14.5 -35.5t-35.5 -14.5h-200q-21 0 -35.5 14.5t-14.5 35.5v200q0 21 14.5 35.5t35.5 14.5zM450 300h200 q21 0 35.5 -14.5t14.5 -35.5v-200q0 -21 -14.5 -35.5t-35.5 -14.5h-200q-21 0 -35.5 14.5t-14.5 35.5v200q0 21 14.5 35.5t35.5 14.5zM850 300h200q21 0 35.5 -14.5t14.5 -35.5v-200q0 -21 -14.5 -35.5t-35.5 -14.5h-200q-21 0 -35.5 14.5t-14.5 35.5v200q0 21 14.5 35.5 t35.5 14.5z" />
<glyph unicode="&#xe012;" d="M50 1100h200q21 0 35.5 -14.5t14.5 -35.5v-200q0 -21 -14.5 -35.5t-35.5 -14.5h-200q-21 0 -35.5 14.5t-14.5 35.5v200q0 21 14.5 35.5t35.5 14.5zM450 1100h700q21 0 35.5 -14.5t14.5 -35.5v-200q0 -21 -14.5 -35.5t-35.5 -14.5h-700q-21 0 -35.5 14.5t-14.5 35.5v200 q0 21 14.5 35.5t35.5 14.5zM50 700h200q21 0 35.5 -14.5t14.5 -35.5v-200q0 -21 -14.5 -35.5t-35.5 -14.5h-200q-21 0 -35.5 14.5t-14.5 35.5v200q0 21 14.5 35.5t35.5 14.5zM450 700h700q21 0 35.5 -14.5t14.5 -35.5v-200q0 -21 -14.5 -35.5t-35.5 -14.5h-700 q-21 0 -35.5 14.5t-14.5 35.5v200q0 21 14.5 35.5t35.5 14.5zM50 300h200q21 0 35.5 -14.5t14.5 -35.5v-200q0 -21 -14.5 -35.5t-35.5 -14.5h-200q-21 0 -35.5 14.5t-14.5 35.5v200q0 21 14.5 35.5t35.5 14.5zM450 300h700q21 0 35.5 -14.5t14.5 -35.5v-200 q0 -21 -14.5 -35.5t-35.5 -14.5h-700q-21 0 -35.5 14.5t-14.5 35.5v200q0 21 14.5 35.5t35.5 14.5z" />
<glyph unicode="&#xe013;" d="M465 477l571 571q8 8 18 8t17 -8l177 -177q8 -7 8 -17t-8 -18l-783 -784q-7 -8 -17.5 -8t-17.5 8l-384 384q-8 8 -8 18t8 17l177 177q7 8 17 8t18 -8l171 -171q7 -7 18 -7t18 7z" />
<glyph unicode="&#xe014;" d="M904 1083l178 -179q8 -8 8 -18.5t-8 -17.5l-267 -268l267 -268q8 -7 8 -17.5t-8 -18.5l-178 -178q-8 -8 -18.5 -8t-17.5 8l-268 267l-268 -267q-7 -8 -17.5 -8t-18.5 8l-178 178q-8 8 -8 18.5t8 17.5l267 268l-267 268q-8 7 -8 17.5t8 18.5l178 178q8 8 18.5 8t17.5 -8 l268 -267l268 268q7 7 17.5 7t18.5 -7z" />
<glyph unicode="&#xe015;" d="M507 1177q98 0 187.5 -38.5t154.5 -103.5t103.5 -154.5t38.5 -187.5q0 -141 -78 -262l300 -299q8 -8 8 -18.5t-8 -18.5l-109 -108q-7 -8 -17.5 -8t-18.5 8l-300 299q-119 -77 -261 -77q-98 0 -188 38.5t-154.5 103t-103 154.5t-38.5 188t38.5 187.5t103 154.5 t154.5 103.5t188 38.5zM506.5 1023q-89.5 0 -165.5 -44t-120 -120.5t-44 -166t44 -165.5t120 -120t165.5 -44t166 44t120.5 120t44 165.5t-44 166t-120.5 120.5t-166 44zM425 900h150q10 0 17.5 -7.5t7.5 -17.5v-75h75q10 0 17.5 -7.5t7.5 -17.5v-150q0 -10 -7.5 -17.5 t-17.5 -7.5h-75v-75q0 -10 -7.5 -17.5t-17.5 -7.5h-150q-10 0 -17.5 7.5t-7.5 17.5v75h-75q-10 0 -17.5 7.5t-7.5 17.5v150q0 10 7.5 17.5t17.5 7.5h75v75q0 10 7.5 17.5t17.5 7.5z" />
<glyph unicode="&#xe016;" d="M507 1177q98 0 187.5 -38.5t154.5 -103.5t103.5 -154.5t38.5 -187.5q0 -141 -78 -262l300 -299q8 -8 8 -18.5t-8 -18.5l-109 -108q-7 -8 -17.5 -8t-18.5 8l-300 299q-119 -77 -261 -77q-98 0 -188 38.5t-154.5 103t-103 154.5t-38.5 188t38.5 187.5t103 154.5 t154.5 103.5t188 38.5zM506.5 1023q-89.5 0 -165.5 -44t-120 -120.5t-44 -166t44 -165.5t120 -120t165.5 -44t166 44t120.5 120t44 165.5t-44 166t-120.5 120.5t-166 44zM325 800h350q10 0 17.5 -7.5t7.5 -17.5v-150q0 -10 -7.5 -17.5t-17.5 -7.5h-350q-10 0 -17.5 7.5 t-7.5 17.5v150q0 10 7.5 17.5t17.5 7.5z" />
<glyph unicode="&#xe017;" d="M550 1200h100q21 0 35.5 -14.5t14.5 -35.5v-400q0 -21 -14.5 -35.5t-35.5 -14.5h-100q-21 0 -35.5 14.5t-14.5 35.5v400q0 21 14.5 35.5t35.5 14.5zM800 975v166q167 -62 272 -209.5t105 -331.5q0 -117 -45.5 -224t-123 -184.5t-184.5 -123t-224 -45.5t-224 45.5 t-184.5 123t-123 184.5t-45.5 224q0 184 105 331.5t272 209.5v-166q-103 -55 -165 -155t-62 -220q0 -116 57 -214.5t155.5 -155.5t214.5 -57t214.5 57t155.5 155.5t57 214.5q0 120 -62 220t-165 155z" />
<glyph unicode="&#xe018;" d="M1025 1200h150q10 0 17.5 -7.5t7.5 -17.5v-1150q0 -10 -7.5 -17.5t-17.5 -7.5h-150q-10 0 -17.5 7.5t-7.5 17.5v1150q0 10 7.5 17.5t17.5 7.5zM725 800h150q10 0 17.5 -7.5t7.5 -17.5v-750q0 -10 -7.5 -17.5t-17.5 -7.5h-150q-10 0 -17.5 7.5t-7.5 17.5v750 q0 10 7.5 17.5t17.5 7.5zM425 500h150q10 0 17.5 -7.5t7.5 -17.5v-450q0 -10 -7.5 -17.5t-17.5 -7.5h-150q-10 0 -17.5 7.5t-7.5 17.5v450q0 10 7.5 17.5t17.5 7.5zM125 300h150q10 0 17.5 -7.5t7.5 -17.5v-250q0 -10 -7.5 -17.5t-17.5 -7.5h-150q-10 0 -17.5 7.5t-7.5 17.5 v250q0 10 7.5 17.5t17.5 7.5z" />
<glyph unicode="&#xe019;" d="M600 1174q33 0 74 -5l38 -152l5 -1q49 -14 94 -39l5 -2l134 80q61 -48 104 -105l-80 -134l3 -5q25 -44 39 -93l1 -6l152 -38q5 -43 5 -73q0 -34 -5 -74l-152 -38l-1 -6q-15 -49 -39 -93l-3 -5l80 -134q-48 -61 -104 -105l-134 81l-5 -3q-44 -25 -94 -39l-5 -2l-38 -151 q-43 -5 -74 -5q-33 0 -74 5l-38 151l-5 2q-49 14 -94 39l-5 3l-134 -81q-60 48 -104 105l80 134l-3 5q-25 45 -38 93l-2 6l-151 38q-6 42 -6 74q0 33 6 73l151 38l2 6q13 48 38 93l3 5l-80 134q47 61 105 105l133 -80l5 2q45 25 94 39l5 1l38 152q43 5 74 5zM600 815 q-89 0 -152 -63t-63 -151.5t63 -151.5t152 -63t152 63t63 151.5t-63 151.5t-152 63z" />
<glyph unicode="&#xe020;" d="M500 1300h300q41 0 70.5 -29.5t29.5 -70.5v-100h275q10 0 17.5 -7.5t7.5 -17.5v-75h-1100v75q0 10 7.5 17.5t17.5 7.5h275v100q0 41 29.5 70.5t70.5 29.5zM500 1200v-100h300v100h-300zM1100 900v-800q0 -41 -29.5 -70.5t-70.5 -29.5h-700q-41 0 -70.5 29.5t-29.5 70.5 v800h900zM300 800v-700h100v700h-100zM500 800v-700h100v700h-100zM700 800v-700h100v700h-100zM900 800v-700h100v700h-100z" />
<glyph unicode="&#xe021;" d="M18 618l620 608q8 7 18.5 7t17.5 -7l608 -608q8 -8 5.5 -13t-12.5 -5h-175v-575q0 -10 -7.5 -17.5t-17.5 -7.5h-250q-10 0 -17.5 7.5t-7.5 17.5v375h-300v-375q0 -10 -7.5 -17.5t-17.5 -7.5h-250q-10 0 -17.5 7.5t-7.5 17.5v575h-175q-10 0 -12.5 5t5.5 13z" />
<glyph unicode="&#xe022;" d="M600 1200v-400q0 -41 29.5 -70.5t70.5 -29.5h300v-650q0 -21 -14.5 -35.5t-35.5 -14.5h-800q-21 0 -35.5 14.5t-14.5 35.5v1100q0 21 14.5 35.5t35.5 14.5h450zM1000 800h-250q-21 0 -35.5 14.5t-14.5 35.5v250z" />
<glyph unicode="&#xe023;" d="M600 1177q117 0 224 -45.5t184.5 -123t123 -184.5t45.5 -224t-45.5 -224t-123 -184.5t-184.5 -123t-224 -45.5t-224 45.5t-184.5 123t-123 184.5t-45.5 224t45.5 224t123 184.5t184.5 123t224 45.5zM600 1027q-116 0 -214.5 -57t-155.5 -155.5t-57 -214.5t57 -214.5 t155.5 -155.5t214.5 -57t214.5 57t155.5 155.5t57 214.5t-57 214.5t-155.5 155.5t-214.5 57zM525 900h50q10 0 17.5 -7.5t7.5 -17.5v-275h175q10 0 17.5 -7.5t7.5 -17.5v-50q0 -10 -7.5 -17.5t-17.5 -7.5h-250q-10 0 -17.5 7.5t-7.5 17.5v350q0 10 7.5 17.5t17.5 7.5z" />
<glyph unicode="&#xe024;" d="M1300 0h-538l-41 400h-242l-41 -400h-538l431 1200h209l-21 -300h162l-20 300h208zM515 800l-27 -300h224l-27 300h-170z" />
<glyph unicode="&#xe025;" d="M550 1200h200q21 0 35.5 -14.5t14.5 -35.5v-450h191q20 0 25.5 -11.5t-7.5 -27.5l-327 -400q-13 -16 -32 -16t-32 16l-327 400q-13 16 -7.5 27.5t25.5 11.5h191v450q0 21 14.5 35.5t35.5 14.5zM1125 400h50q10 0 17.5 -7.5t7.5 -17.5v-350q0 -10 -7.5 -17.5t-17.5 -7.5 h-1050q-10 0 -17.5 7.5t-7.5 17.5v350q0 10 7.5 17.5t17.5 7.5h50q10 0 17.5 -7.5t7.5 -17.5v-175h900v175q0 10 7.5 17.5t17.5 7.5z" />
<glyph unicode="&#xe026;" d="M600 1177q117 0 224 -45.5t184.5 -123t123 -184.5t45.5 -224t-45.5 -224t-123 -184.5t-184.5 -123t-224 -45.5t-224 45.5t-184.5 123t-123 184.5t-45.5 224t45.5 224t123 184.5t184.5 123t224 45.5zM600 1027q-116 0 -214.5 -57t-155.5 -155.5t-57 -214.5t57 -214.5 t155.5 -155.5t214.5 -57t214.5 57t155.5 155.5t57 214.5t-57 214.5t-155.5 155.5t-214.5 57zM525 900h150q10 0 17.5 -7.5t7.5 -17.5v-275h137q21 0 26 -11.5t-8 -27.5l-223 -275q-13 -16 -32 -16t-32 16l-223 275q-13 16 -8 27.5t26 11.5h137v275q0 10 7.5 17.5t17.5 7.5z " />
<glyph unicode="&#xe027;" d="M600 1177q117 0 224 -45.5t184.5 -123t123 -184.5t45.5 -224t-45.5 -224t-123 -184.5t-184.5 -123t-224 -45.5t-224 45.5t-184.5 123t-123 184.5t-45.5 224t45.5 224t123 184.5t184.5 123t224 45.5zM600 1027q-116 0 -214.5 -57t-155.5 -155.5t-57 -214.5t57 -214.5 t155.5 -155.5t214.5 -57t214.5 57t155.5 155.5t57 214.5t-57 214.5t-155.5 155.5t-214.5 57zM632 914l223 -275q13 -16 8 -27.5t-26 -11.5h-137v-275q0 -10 -7.5 -17.5t-17.5 -7.5h-150q-10 0 -17.5 7.5t-7.5 17.5v275h-137q-21 0 -26 11.5t8 27.5l223 275q13 16 32 16 t32 -16z" />
<glyph unicode="&#xe028;" d="M225 1200h750q10 0 19.5 -7t12.5 -17l186 -652q7 -24 7 -49v-425q0 -12 -4 -27t-9 -17q-12 -6 -37 -6h-1100q-12 0 -27 4t-17 8q-6 13 -6 38l1 425q0 25 7 49l185 652q3 10 12.5 17t19.5 7zM878 1000h-556q-10 0 -19 -7t-11 -18l-87 -450q-2 -11 4 -18t16 -7h150 q10 0 19.5 -7t11.5 -17l38 -152q2 -10 11.5 -17t19.5 -7h250q10 0 19.5 7t11.5 17l38 152q2 10 11.5 17t19.5 7h150q10 0 16 7t4 18l-87 450q-2 11 -11 18t-19 7z" />
<glyph unicode="&#xe029;" d="M600 1177q117 0 224 -45.5t184.5 -123t123 -184.5t45.5 -224t-45.5 -224t-123 -184.5t-184.5 -123t-224 -45.5t-224 45.5t-184.5 123t-123 184.5t-45.5 224t45.5 224t123 184.5t184.5 123t224 45.5zM600 1027q-116 0 -214.5 -57t-155.5 -155.5t-57 -214.5t57 -214.5 t155.5 -155.5t214.5 -57t214.5 57t155.5 155.5t57 214.5t-57 214.5t-155.5 155.5t-214.5 57zM540 820l253 -190q17 -12 17 -30t-17 -30l-253 -190q-16 -12 -28 -6.5t-12 26.5v400q0 21 12 26.5t28 -6.5z" />
<glyph unicode="&#xe030;" d="M947 1060l135 135q7 7 12.5 5t5.5 -13v-362q0 -10 -7.5 -17.5t-17.5 -7.5h-362q-11 0 -13 5.5t5 12.5l133 133q-109 76 -238 76q-116 0 -214.5 -57t-155.5 -155.5t-57 -214.5t57 -214.5t155.5 -155.5t214.5 -57t214.5 57t155.5 155.5t57 214.5h150q0 -117 -45.5 -224 t-123 -184.5t-184.5 -123t-224 -45.5t-224 45.5t-184.5 123t-123 184.5t-45.5 224t45.5 224t123 184.5t184.5 123t224 45.5q192 0 347 -117z" />
<glyph unicode="&#xe031;" d="M947 1060l135 135q7 7 12.5 5t5.5 -13v-361q0 -11 -7.5 -18.5t-18.5 -7.5h-361q-11 0 -13 5.5t5 12.5l134 134q-110 75 -239 75q-116 0 -214.5 -57t-155.5 -155.5t-57 -214.5h-150q0 117 45.5 224t123 184.5t184.5 123t224 45.5q192 0 347 -117zM1027 600h150 q0 -117 -45.5 -224t-123 -184.5t-184.5 -123t-224 -45.5q-192 0 -348 118l-134 -134q-7 -8 -12.5 -5.5t-5.5 12.5v360q0 11 7.5 18.5t18.5 7.5h360q10 0 12.5 -5.5t-5.5 -12.5l-133 -133q110 -76 240 -76q116 0 214.5 57t155.5 155.5t57 214.5z" />
<glyph unicode="&#xe032;" d="M125 1200h1050q10 0 17.5 -7.5t7.5 -17.5v-1150q0 -10 -7.5 -17.5t-17.5 -7.5h-1050q-10 0 -17.5 7.5t-7.5 17.5v1150q0 10 7.5 17.5t17.5 7.5zM1075 1000h-850q-10 0 -17.5 -7.5t-7.5 -17.5v-850q0 -10 7.5 -17.5t17.5 -7.5h850q10 0 17.5 7.5t7.5 17.5v850 q0 10 -7.5 17.5t-17.5 7.5zM325 900h50q10 0 17.5 -7.5t7.5 -17.5v-50q0 -10 -7.5 -17.5t-17.5 -7.5h-50q-10 0 -17.5 7.5t-7.5 17.5v50q0 10 7.5 17.5t17.5 7.5zM525 900h450q10 0 17.5 -7.5t7.5 -17.5v-50q0 -10 -7.5 -17.5t-17.5 -7.5h-450q-10 0 -17.5 7.5t-7.5 17.5v50 q0 10 7.5 17.5t17.5 7.5zM325 700h50q10 0 17.5 -7.5t7.5 -17.5v-50q0 -10 -7.5 -17.5t-17.5 -7.5h-50q-10 0 -17.5 7.5t-7.5 17.5v50q0 10 7.5 17.5t17.5 7.5zM525 700h450q10 0 17.5 -7.5t7.5 -17.5v-50q0 -10 -7.5 -17.5t-17.5 -7.5h-450q-10 0 -17.5 7.5t-7.5 17.5v50 q0 10 7.5 17.5t17.5 7.5zM325 500h50q10 0 17.5 -7.5t7.5 -17.5v-50q0 -10 -7.5 -17.5t-17.5 -7.5h-50q-10 0 -17.5 7.5t-7.5 17.5v50q0 10 7.5 17.5t17.5 7.5zM525 500h450q10 0 17.5 -7.5t7.5 -17.5v-50q0 -10 -7.5 -17.5t-17.5 -7.5h-450q-10 0 -17.5 7.5t-7.5 17.5v50 q0 10 7.5 17.5t17.5 7.5zM325 300h50q10 0 17.5 -7.5t7.5 -17.5v-50q0 -10 -7.5 -17.5t-17.5 -7.5h-50q-10 0 -17.5 7.5t-7.5 17.5v50q0 10 7.5 17.5t17.5 7.5zM525 300h450q10 0 17.5 -7.5t7.5 -17.5v-50q0 -10 -7.5 -17.5t-17.5 -7.5h-450q-10 0 -17.5 7.5t-7.5 17.5v50 q0 10 7.5 17.5t17.5 7.5z" />
<glyph unicode="&#xe033;" d="M900 800v200q0 83 -58.5 141.5t-141.5 58.5h-300q-82 0 -141 -59t-59 -141v-200h-100q-41 0 -70.5 -29.5t-29.5 -70.5v-600q0 -41 29.5 -70.5t70.5 -29.5h900q41 0 70.5 29.5t29.5 70.5v600q0 41 -29.5 70.5t-70.5 29.5h-100zM400 800v150q0 21 15 35.5t35 14.5h200 q20 0 35 -14.5t15 -35.5v-150h-300z" />
<glyph unicode="&#xe034;" d="M125 1100h50q10 0 17.5 -7.5t7.5 -17.5v-1075h-100v1075q0 10 7.5 17.5t17.5 7.5zM1075 1052q4 0 9 -2q16 -6 16 -23v-421q0 -6 -3 -12q-33 -59 -66.5 -99t-65.5 -58t-56.5 -24.5t-52.5 -6.5q-26 0 -57.5 6.5t-52.5 13.5t-60 21q-41 15 -63 22.5t-57.5 15t-65.5 7.5 q-85 0 -160 -57q-7 -5 -15 -5q-6 0 -11 3q-14 7 -14 22v438q22 55 82 98.5t119 46.5q23 2 43 0.5t43 -7t32.5 -8.5t38 -13t32.5 -11q41 -14 63.5 -21t57 -14t63.5 -7q103 0 183 87q7 8 18 8z" />
<glyph unicode="&#xe035;" d="M600 1175q116 0 227 -49.5t192.5 -131t131 -192.5t49.5 -227v-300q0 -10 -7.5 -17.5t-17.5 -7.5h-50q-10 0 -17.5 7.5t-7.5 17.5v300q0 127 -70.5 231.5t-184.5 161.5t-245 57t-245 -57t-184.5 -161.5t-70.5 -231.5v-300q0 -10 -7.5 -17.5t-17.5 -7.5h-50 q-10 0 -17.5 7.5t-7.5 17.5v300q0 116 49.5 227t131 192.5t192.5 131t227 49.5zM220 500h160q8 0 14 -6t6 -14v-460q0 -8 -6 -14t-14 -6h-160q-8 0 -14 6t-6 14v460q0 8 6 14t14 6zM820 500h160q8 0 14 -6t6 -14v-460q0 -8 -6 -14t-14 -6h-160q-8 0 -14 6t-6 14v460 q0 8 6 14t14 6z" />
<glyph unicode="&#xe036;" d="M321 814l258 172q9 6 15 2.5t6 -13.5v-750q0 -10 -6 -13.5t-15 2.5l-258 172q-21 14 -46 14h-250q-10 0 -17.5 7.5t-7.5 17.5v350q0 10 7.5 17.5t17.5 7.5h250q25 0 46 14zM900 668l120 120q7 7 17 7t17 -7l34 -34q7 -7 7 -17t-7 -17l-120 -120l120 -120q7 -7 7 -17 t-7 -17l-34 -34q-7 -7 -17 -7t-17 7l-120 119l-120 -119q-7 -7 -17 -7t-17 7l-34 34q-7 7 -7 17t7 17l119 120l-119 120q-7 7 -7 17t7 17l34 34q7 8 17 8t17 -8z" />
<glyph unicode="&#xe037;" d="M321 814l258 172q9 6 15 2.5t6 -13.5v-750q0 -10 -6 -13.5t-15 2.5l-258 172q-21 14 -46 14h-250q-10 0 -17.5 7.5t-7.5 17.5v350q0 10 7.5 17.5t17.5 7.5h250q25 0 46 14zM766 900h4q10 -1 16 -10q96 -129 96 -290q0 -154 -90 -281q-6 -9 -17 -10l-3 -1q-9 0 -16 6 l-29 23q-7 7 -8.5 16.5t4.5 17.5q72 103 72 229q0 132 -78 238q-6 8 -4.5 18t9.5 17l29 22q7 5 15 5z" />
<glyph unicode="&#xe038;" d="M967 1004h3q11 -1 17 -10q135 -179 135 -396q0 -105 -34 -206.5t-98 -185.5q-7 -9 -17 -10h-3q-9 0 -16 6l-42 34q-8 6 -9 16t5 18q111 150 111 328q0 90 -29.5 176t-84.5 157q-6 9 -5 19t10 16l42 33q7 5 15 5zM321 814l258 172q9 6 15 2.5t6 -13.5v-750q0 -10 -6 -13.5 t-15 2.5l-258 172q-21 14 -46 14h-250q-10 0 -17.5 7.5t-7.5 17.5v350q0 10 7.5 17.5t17.5 7.5h250q25 0 46 14zM766 900h4q10 -1 16 -10q96 -129 96 -290q0 -154 -90 -281q-6 -9 -17 -10l-3 -1q-9 0 -16 6l-29 23q-7 7 -8.5 16.5t4.5 17.5q72 103 72 229q0 132 -78 238 q-6 8 -4.5 18.5t9.5 16.5l29 22q7 5 15 5z" />
<glyph unicode="&#xe039;" d="M500 900h100v-100h-100v-100h-400v-100h-100v600h500v-300zM1200 700h-200v-100h200v-200h-300v300h-200v300h-100v200h600v-500zM100 1100v-300h300v300h-300zM800 1100v-300h300v300h-300zM300 900h-100v100h100v-100zM1000 900h-100v100h100v-100zM300 500h200v-500 h-500v500h200v100h100v-100zM800 300h200v-100h-100v-100h-200v100h-100v100h100v200h-200v100h300v-300zM100 400v-300h300v300h-300zM300 200h-100v100h100v-100zM1200 200h-100v100h100v-100zM700 0h-100v100h100v-100zM1200 0h-300v100h300v-100z" />
<glyph unicode="&#xe040;" d="M100 200h-100v1000h100v-1000zM300 200h-100v1000h100v-1000zM700 200h-200v1000h200v-1000zM900 200h-100v1000h100v-1000zM1200 200h-200v1000h200v-1000zM400 0h-300v100h300v-100zM600 0h-100v91h100v-91zM800 0h-100v91h100v-91zM1100 0h-200v91h200v-91z" />
<glyph unicode="&#xe041;" d="M500 1200l682 -682q8 -8 8 -18t-8 -18l-464 -464q-8 -8 -18 -8t-18 8l-682 682l1 475q0 10 7.5 17.5t17.5 7.5h474zM319.5 1024.5q-29.5 29.5 -71 29.5t-71 -29.5t-29.5 -71.5t29.5 -71.5t71 -29.5t71 29.5t29.5 71.5t-29.5 71.5z" />
<glyph unicode="&#xe042;" d="M500 1200l682 -682q8 -8 8 -18t-8 -18l-464 -464q-8 -8 -18 -8t-18 8l-682 682l1 475q0 10 7.5 17.5t17.5 7.5h474zM800 1200l682 -682q8 -8 8 -18t-8 -18l-464 -464q-8 -8 -18 -8t-18 8l-56 56l424 426l-700 700h150zM319.5 1024.5q-29.5 29.5 -71 29.5t-71 -29.5 t-29.5 -71.5t29.5 -71.5t71 -29.5t71 29.5t29.5 71.5t-29.5 71.5z" />
<glyph unicode="&#xe043;" d="M300 1200h825q75 0 75 -75v-900q0 -25 -18 -43l-64 -64q-8 -8 -13 -5.5t-5 12.5v950q0 10 -7.5 17.5t-17.5 7.5h-700q-25 0 -43 -18l-64 -64q-8 -8 -5.5 -13t12.5 -5h700q10 0 17.5 -7.5t7.5 -17.5v-950q0 -10 -7.5 -17.5t-17.5 -7.5h-850q-10 0 -17.5 7.5t-7.5 17.5v975 q0 25 18 43l139 139q18 18 43 18z" />
<glyph unicode="&#xe044;" d="M250 1200h800q21 0 35.5 -14.5t14.5 -35.5v-1150l-450 444l-450 -445v1151q0 21 14.5 35.5t35.5 14.5z" />
<glyph unicode="&#xe045;" d="M822 1200h-444q-11 0 -19 -7.5t-9 -17.5l-78 -301q-7 -24 7 -45l57 -108q6 -9 17.5 -15t21.5 -6h450q10 0 21.5 6t17.5 15l62 108q14 21 7 45l-83 301q-1 10 -9 17.5t-19 7.5zM1175 800h-150q-10 0 -21 -6.5t-15 -15.5l-78 -156q-4 -9 -15 -15.5t-21 -6.5h-550 q-10 0 -21 6.5t-15 15.5l-78 156q-4 9 -15 15.5t-21 6.5h-150q-10 0 -17.5 -7.5t-7.5 -17.5v-650q0 -10 7.5 -17.5t17.5 -7.5h150q10 0 17.5 7.5t7.5 17.5v150q0 10 7.5 17.5t17.5 7.5h750q10 0 17.5 -7.5t7.5 -17.5v-150q0 -10 7.5 -17.5t17.5 -7.5h150q10 0 17.5 7.5 t7.5 17.5v650q0 10 -7.5 17.5t-17.5 7.5zM850 200h-500q-10 0 -19.5 -7t-11.5 -17l-38 -152q-2 -10 3.5 -17t15.5 -7h600q10 0 15.5 7t3.5 17l-38 152q-2 10 -11.5 17t-19.5 7z" />
<glyph unicode="&#xe046;" d="M500 1100h200q56 0 102.5 -20.5t72.5 -50t44 -59t25 -50.5l6 -20h150q41 0 70.5 -29.5t29.5 -70.5v-600q0 -41 -29.5 -70.5t-70.5 -29.5h-1000q-41 0 -70.5 29.5t-29.5 70.5v600q0 41 29.5 70.5t70.5 29.5h150q2 8 6.5 21.5t24 48t45 61t72 48t102.5 21.5zM900 800v-100 h100v100h-100zM600 730q-95 0 -162.5 -67.5t-67.5 -162.5t67.5 -162.5t162.5 -67.5t162.5 67.5t67.5 162.5t-67.5 162.5t-162.5 67.5zM600 603q43 0 73 -30t30 -73t-30 -73t-73 -30t-73 30t-30 73t30 73t73 30z" />
<glyph unicode="&#xe047;" d="M681 1199l385 -998q20 -50 60 -92q18 -19 36.5 -29.5t27.5 -11.5l10 -2v-66h-417v66q53 0 75 43.5t5 88.5l-82 222h-391q-58 -145 -92 -234q-11 -34 -6.5 -57t25.5 -37t46 -20t55 -6v-66h-365v66q56 24 84 52q12 12 25 30.5t20 31.5l7 13l399 1006h93zM416 521h340 l-162 457z" />
<glyph unicode="&#xe048;" d="M753 641q5 -1 14.5 -4.5t36 -15.5t50.5 -26.5t53.5 -40t50.5 -54.5t35.5 -70t14.5 -87q0 -67 -27.5 -125.5t-71.5 -97.5t-98.5 -66.5t-108.5 -40.5t-102 -13h-500v89q41 7 70.5 32.5t29.5 65.5v827q0 24 -0.5 34t-3.5 24t-8.5 19.5t-17 13.5t-28 12.5t-42.5 11.5v71 l471 -1q57 0 115.5 -20.5t108 -57t80.5 -94t31 -124.5q0 -51 -15.5 -96.5t-38 -74.5t-45 -50.5t-38.5 -30.5zM400 700h139q78 0 130.5 48.5t52.5 122.5q0 41 -8.5 70.5t-29.5 55.5t-62.5 39.5t-103.5 13.5h-118v-350zM400 200h216q80 0 121 50.5t41 130.5q0 90 -62.5 154.5 t-156.5 64.5h-159v-400z" />
<glyph unicode="&#xe049;" d="M877 1200l2 -57q-83 -19 -116 -45.5t-40 -66.5l-132 -839q-9 -49 13 -69t96 -26v-97h-500v97q186 16 200 98l173 832q3 17 3 30t-1.5 22.5t-9 17.5t-13.5 12.5t-21.5 10t-26 8.5t-33.5 10q-13 3 -19 5v57h425z" />
<glyph unicode="&#xe050;" d="M1300 900h-50q0 21 -4 37t-9.5 26.5t-18 17.5t-22 11t-28.5 5.5t-31 2t-37 0.5h-200v-850q0 -22 25 -34.5t50 -13.5l25 -2v-100h-400v100q4 0 11 0.5t24 3t30 7t24 15t11 24.5v850h-200q-25 0 -37 -0.5t-31 -2t-28.5 -5.5t-22 -11t-18 -17.5t-9.5 -26.5t-4 -37h-50v300 h1000v-300zM175 1000h-75v-800h75l-125 -167l-125 167h75v800h-75l125 167z" />
<glyph unicode="&#xe051;" d="M1100 900h-50q0 21 -4 37t-9.5 26.5t-18 17.5t-22 11t-28.5 5.5t-31 2t-37 0.5h-200v-650q0 -22 25 -34.5t50 -13.5l25 -2v-100h-400v100q4 0 11 0.5t24 3t30 7t24 15t11 24.5v650h-200q-25 0 -37 -0.5t-31 -2t-28.5 -5.5t-22 -11t-18 -17.5t-9.5 -26.5t-4 -37h-50v300 h1000v-300zM1167 50l-167 -125v75h-800v-75l-167 125l167 125v-75h800v75z" />
<glyph unicode="&#xe052;" d="M50 1100h600q21 0 35.5 -14.5t14.5 -35.5v-100q0 -21 -14.5 -35.5t-35.5 -14.5h-600q-21 0 -35.5 14.5t-14.5 35.5v100q0 21 14.5 35.5t35.5 14.5zM50 800h1000q21 0 35.5 -14.5t14.5 -35.5v-100q0 -21 -14.5 -35.5t-35.5 -14.5h-1000q-21 0 -35.5 14.5t-14.5 35.5v100 q0 21 14.5 35.5t35.5 14.5zM50 500h800q21 0 35.5 -14.5t14.5 -35.5v-100q0 -21 -14.5 -35.5t-35.5 -14.5h-800q-21 0 -35.5 14.5t-14.5 35.5v100q0 21 14.5 35.5t35.5 14.5zM50 200h1100q21 0 35.5 -14.5t14.5 -35.5v-100q0 -21 -14.5 -35.5t-35.5 -14.5h-1100 q-21 0 -35.5 14.5t-14.5 35.5v100q0 21 14.5 35.5t35.5 14.5z" />
<glyph unicode="&#xe053;" d="M250 1100h700q21 0 35.5 -14.5t14.5 -35.5v-100q0 -21 -14.5 -35.5t-35.5 -14.5h-700q-21 0 -35.5 14.5t-14.5 35.5v100q0 21 14.5 35.5t35.5 14.5zM50 800h1100q21 0 35.5 -14.5t14.5 -35.5v-100q0 -21 -14.5 -35.5t-35.5 -14.5h-1100q-21 0 -35.5 14.5t-14.5 35.5v100 q0 21 14.5 35.5t35.5 14.5zM250 500h700q21 0 35.5 -14.5t14.5 -35.5v-100q0 -21 -14.5 -35.5t-35.5 -14.5h-700q-21 0 -35.5 14.5t-14.5 35.5v100q0 21 14.5 35.5t35.5 14.5zM50 200h1100q21 0 35.5 -14.5t14.5 -35.5v-100q0 -21 -14.5 -35.5t-35.5 -14.5h-1100 q-21 0 -35.5 14.5t-14.5 35.5v100q0 21 14.5 35.5t35.5 14.5z" />
<glyph unicode="&#xe054;" d="M500 950v100q0 21 14.5 35.5t35.5 14.5h600q21 0 35.5 -14.5t14.5 -35.5v-100q0 -21 -14.5 -35.5t-35.5 -14.5h-600q-21 0 -35.5 14.5t-14.5 35.5zM100 650v100q0 21 14.5 35.5t35.5 14.5h1000q21 0 35.5 -14.5t14.5 -35.5v-100q0 -21 -14.5 -35.5t-35.5 -14.5h-1000 q-21 0 -35.5 14.5t-14.5 35.5zM300 350v100q0 21 14.5 35.5t35.5 14.5h800q21 0 35.5 -14.5t14.5 -35.5v-100q0 -21 -14.5 -35.5t-35.5 -14.5h-800q-21 0 -35.5 14.5t-14.5 35.5zM0 50v100q0 21 14.5 35.5t35.5 14.5h1100q21 0 35.5 -14.5t14.5 -35.5v-100 q0 -21 -14.5 -35.5t-35.5 -14.5h-1100q-21 0 -35.5 14.5t-14.5 35.5z" />
<glyph unicode="&#xe055;" d="M50 1100h1100q21 0 35.5 -14.5t14.5 -35.5v-100q0 -21 -14.5 -35.5t-35.5 -14.5h-1100q-21 0 -35.5 14.5t-14.5 35.5v100q0 21 14.5 35.5t35.5 14.5zM50 800h1100q21 0 35.5 -14.5t14.5 -35.5v-100q0 -21 -14.5 -35.5t-35.5 -14.5h-1100q-21 0 -35.5 14.5t-14.5 35.5v100 q0 21 14.5 35.5t35.5 14.5zM50 500h1100q21 0 35.5 -14.5t14.5 -35.5v-100q0 -21 -14.5 -35.5t-35.5 -14.5h-1100q-21 0 -35.5 14.5t-14.5 35.5v100q0 21 14.5 35.5t35.5 14.5zM50 200h1100q21 0 35.5 -14.5t14.5 -35.5v-100q0 -21 -14.5 -35.5t-35.5 -14.5h-1100 q-21 0 -35.5 14.5t-14.5 35.5v100q0 21 14.5 35.5t35.5 14.5z" />
<glyph unicode="&#xe056;" d="M50 1100h100q21 0 35.5 -14.5t14.5 -35.5v-100q0 -21 -14.5 -35.5t-35.5 -14.5h-100q-21 0 -35.5 14.5t-14.5 35.5v100q0 21 14.5 35.5t35.5 14.5zM350 1100h800q21 0 35.5 -14.5t14.5 -35.5v-100q0 -21 -14.5 -35.5t-35.5 -14.5h-800q-21 0 -35.5 14.5t-14.5 35.5v100 q0 21 14.5 35.5t35.5 14.5zM50 800h100q21 0 35.5 -14.5t14.5 -35.5v-100q0 -21 -14.5 -35.5t-35.5 -14.5h-100q-21 0 -35.5 14.5t-14.5 35.5v100q0 21 14.5 35.5t35.5 14.5zM350 800h800q21 0 35.5 -14.5t14.5 -35.5v-100q0 -21 -14.5 -35.5t-35.5 -14.5h-800 q-21 0 -35.5 14.5t-14.5 35.5v100q0 21 14.5 35.5t35.5 14.5zM50 500h100q21 0 35.5 -14.5t14.5 -35.5v-100q0 -21 -14.5 -35.5t-35.5 -14.5h-100q-21 0 -35.5 14.5t-14.5 35.5v100q0 21 14.5 35.5t35.5 14.5zM350 500h800q21 0 35.5 -14.5t14.5 -35.5v-100 q0 -21 -14.5 -35.5t-35.5 -14.5h-800q-21 0 -35.5 14.5t-14.5 35.5v100q0 21 14.5 35.5t35.5 14.5zM50 200h100q21 0 35.5 -14.5t14.5 -35.5v-100q0 -21 -14.5 -35.5t-35.5 -14.5h-100q-21 0 -35.5 14.5t-14.5 35.5v100q0 21 14.5 35.5t35.5 14.5zM350 200h800 q21 0 35.5 -14.5t14.5 -35.5v-100q0 -21 -14.5 -35.5t-35.5 -14.5h-800q-21 0 -35.5 14.5t-14.5 35.5v100q0 21 14.5 35.5t35.5 14.5z" />
<glyph unicode="&#xe057;" d="M400 0h-100v1100h100v-1100zM550 1100h100q21 0 35.5 -14.5t14.5 -35.5v-100q0 -21 -14.5 -35.5t-35.5 -14.5h-100q-21 0 -35.5 14.5t-14.5 35.5v100q0 21 14.5 35.5t35.5 14.5zM550 800h500q21 0 35.5 -14.5t14.5 -35.5v-100q0 -21 -14.5 -35.5t-35.5 -14.5h-500 q-21 0 -35.5 14.5t-14.5 35.5v100q0 21 14.5 35.5t35.5 14.5zM267 550l-167 -125v75h-200v100h200v75zM550 500h300q21 0 35.5 -14.5t14.5 -35.5v-100q0 -21 -14.5 -35.5t-35.5 -14.5h-300q-21 0 -35.5 14.5t-14.5 35.5v100q0 21 14.5 35.5t35.5 14.5zM550 200h600 q21 0 35.5 -14.5t14.5 -35.5v-100q0 -21 -14.5 -35.5t-35.5 -14.5h-600q-21 0 -35.5 14.5t-14.5 35.5v100q0 21 14.5 35.5t35.5 14.5z" />
<glyph unicode="&#xe058;" d="M50 1100h100q21 0 35.5 -14.5t14.5 -35.5v-100q0 -21 -14.5 -35.5t-35.5 -14.5h-100q-21 0 -35.5 14.5t-14.5 35.5v100q0 21 14.5 35.5t35.5 14.5zM900 0h-100v1100h100v-1100zM50 800h500q21 0 35.5 -14.5t14.5 -35.5v-100q0 -21 -14.5 -35.5t-35.5 -14.5h-500 q-21 0 -35.5 14.5t-14.5 35.5v100q0 21 14.5 35.5t35.5 14.5zM1100 600h200v-100h-200v-75l-167 125l167 125v-75zM50 500h300q21 0 35.5 -14.5t14.5 -35.5v-100q0 -21 -14.5 -35.5t-35.5 -14.5h-300q-21 0 -35.5 14.5t-14.5 35.5v100q0 21 14.5 35.5t35.5 14.5zM50 200h600 q21 0 35.5 -14.5t14.5 -35.5v-100q0 -21 -14.5 -35.5t-35.5 -14.5h-600q-21 0 -35.5 14.5t-14.5 35.5v100q0 21 14.5 35.5t35.5 14.5z" />
<glyph unicode="&#xe059;" d="M75 1000h750q31 0 53 -22t22 -53v-650q0 -31 -22 -53t-53 -22h-750q-31 0 -53 22t-22 53v650q0 31 22 53t53 22zM1200 300l-300 300l300 300v-600z" />
<glyph unicode="&#xe060;" d="M44 1100h1112q18 0 31 -13t13 -31v-1012q0 -18 -13 -31t-31 -13h-1112q-18 0 -31 13t-13 31v1012q0 18 13 31t31 13zM100 1000v-737l247 182l298 -131l-74 156l293 318l236 -288v500h-1000zM342 884q56 0 95 -39t39 -94.5t-39 -95t-95 -39.5t-95 39.5t-39 95t39 94.5 t95 39z" />
<glyph unicode="&#xe062;" d="M648 1169q117 0 216 -60t156.5 -161t57.5 -218q0 -115 -70 -258q-69 -109 -158 -225.5t-143 -179.5l-54 -62q-9 8 -25.5 24.5t-63.5 67.5t-91 103t-98.5 128t-95.5 148q-60 132 -60 249q0 88 34 169.5t91.5 142t137 96.5t166.5 36zM652.5 974q-91.5 0 -156.5 -65 t-65 -157t65 -156.5t156.5 -64.5t156.5 64.5t65 156.5t-65 157t-156.5 65z" />
<glyph unicode="&#xe063;" d="M600 1177q117 0 224 -45.5t184.5 -123t123 -184.5t45.5 -224t-45.5 -224t-123 -184.5t-184.5 -123t-224 -45.5t-224 45.5t-184.5 123t-123 184.5t-45.5 224t45.5 224t123 184.5t184.5 123t224 45.5zM600 173v854q-116 0 -214.5 -57t-155.5 -155.5t-57 -214.5t57 -214.5 t155.5 -155.5t214.5 -57z" />
<glyph unicode="&#xe064;" d="M554 1295q21 -72 57.5 -143.5t76 -130t83 -118t82.5 -117t70 -116t49.5 -126t18.5 -136.5q0 -71 -25.5 -135t-68.5 -111t-99 -82t-118.5 -54t-125.5 -23q-84 5 -161.5 34t-139.5 78.5t-99 125t-37 164.5q0 69 18 136.5t49.5 126.5t69.5 116.5t81.5 117.5t83.5 119 t76.5 131t58.5 143zM344 710q-23 -33 -43.5 -70.5t-40.5 -102.5t-17 -123q1 -37 14.5 -69.5t30 -52t41 -37t38.5 -24.5t33 -15q21 -7 32 -1t13 22l6 34q2 10 -2.5 22t-13.5 19q-5 4 -14 12t-29.5 40.5t-32.5 73.5q-26 89 6 271q2 11 -6 11q-8 1 -15 -10z" />
<glyph unicode="&#xe065;" d="M1000 1013l108 115q2 1 5 2t13 2t20.5 -1t25 -9.5t28.5 -21.5q22 -22 27 -43t0 -32l-6 -10l-108 -115zM350 1100h400q50 0 105 -13l-187 -187h-368q-41 0 -70.5 -29.5t-29.5 -70.5v-500q0 -41 29.5 -70.5t70.5 -29.5h500q41 0 70.5 29.5t29.5 70.5v182l200 200v-332 q0 -165 -93.5 -257.5t-256.5 -92.5h-400q-165 0 -257.5 92.5t-92.5 257.5v400q0 165 92.5 257.5t257.5 92.5zM1009 803l-362 -362l-161 -50l55 170l355 355z" />
<glyph unicode="&#xe066;" d="M350 1100h361q-164 -146 -216 -200h-195q-41 0 -70.5 -29.5t-29.5 -70.5v-500q0 -41 29.5 -70.5t70.5 -29.5h500q41 0 70.5 29.5t29.5 70.5l200 153v-103q0 -165 -92.5 -257.5t-257.5 -92.5h-400q-165 0 -257.5 92.5t-92.5 257.5v400q0 165 92.5 257.5t257.5 92.5z M824 1073l339 -301q8 -7 8 -17.5t-8 -17.5l-340 -306q-7 -6 -12.5 -4t-6.5 11v203q-26 1 -54.5 0t-78.5 -7.5t-92 -17.5t-86 -35t-70 -57q10 59 33 108t51.5 81.5t65 58.5t68.5 40.5t67 24.5t56 13.5t40 4.5v210q1 10 6.5 12.5t13.5 -4.5z" />
<glyph unicode="&#xe067;" d="M350 1100h350q60 0 127 -23l-178 -177h-349q-41 0 -70.5 -29.5t-29.5 -70.5v-500q0 -41 29.5 -70.5t70.5 -29.5h500q41 0 70.5 29.5t29.5 70.5v69l200 200v-219q0 -165 -92.5 -257.5t-257.5 -92.5h-400q-165 0 -257.5 92.5t-92.5 257.5v400q0 165 92.5 257.5t257.5 92.5z M643 639l395 395q7 7 17.5 7t17.5 -7l101 -101q7 -7 7 -17.5t-7 -17.5l-531 -532q-7 -7 -17.5 -7t-17.5 7l-248 248q-7 7 -7 17.5t7 17.5l101 101q7 7 17.5 7t17.5 -7l111 -111q8 -7 18 -7t18 7z" />
<glyph unicode="&#xe068;" d="M318 918l264 264q8 8 18 8t18 -8l260 -264q7 -8 4.5 -13t-12.5 -5h-170v-200h200v173q0 10 5 12t13 -5l264 -260q8 -7 8 -17.5t-8 -17.5l-264 -265q-8 -7 -13 -5t-5 12v173h-200v-200h170q10 0 12.5 -5t-4.5 -13l-260 -264q-8 -8 -18 -8t-18 8l-264 264q-8 8 -5.5 13 t12.5 5h175v200h-200v-173q0 -10 -5 -12t-13 5l-264 265q-8 7 -8 17.5t8 17.5l264 260q8 7 13 5t5 -12v-173h200v200h-175q-10 0 -12.5 5t5.5 13z" />
<glyph unicode="&#xe069;" d="M250 1100h100q21 0 35.5 -14.5t14.5 -35.5v-438l464 453q15 14 25.5 10t10.5 -25v-1000q0 -21 -10.5 -25t-25.5 10l-464 453v-438q0 -21 -14.5 -35.5t-35.5 -14.5h-100q-21 0 -35.5 14.5t-14.5 35.5v1000q0 21 14.5 35.5t35.5 14.5z" />
<glyph unicode="&#xe070;" d="M50 1100h100q21 0 35.5 -14.5t14.5 -35.5v-438l464 453q15 14 25.5 10t10.5 -25v-438l464 453q15 14 25.5 10t10.5 -25v-1000q0 -21 -10.5 -25t-25.5 10l-464 453v-438q0 -21 -10.5 -25t-25.5 10l-464 453v-438q0 -21 -14.5 -35.5t-35.5 -14.5h-100q-21 0 -35.5 14.5 t-14.5 35.5v1000q0 21 14.5 35.5t35.5 14.5z" />
<glyph unicode="&#xe071;" d="M1200 1050v-1000q0 -21 -10.5 -25t-25.5 10l-464 453v-438q0 -21 -10.5 -25t-25.5 10l-492 480q-15 14 -15 35t15 35l492 480q15 14 25.5 10t10.5 -25v-438l464 453q15 14 25.5 10t10.5 -25z" />
<glyph unicode="&#xe072;" d="M243 1074l814 -498q18 -11 18 -26t-18 -26l-814 -498q-18 -11 -30.5 -4t-12.5 28v1000q0 21 12.5 28t30.5 -4z" />
<glyph unicode="&#xe073;" d="M250 1000h200q21 0 35.5 -14.5t14.5 -35.5v-800q0 -21 -14.5 -35.5t-35.5 -14.5h-200q-21 0 -35.5 14.5t-14.5 35.5v800q0 21 14.5 35.5t35.5 14.5zM650 1000h200q21 0 35.5 -14.5t14.5 -35.5v-800q0 -21 -14.5 -35.5t-35.5 -14.5h-200q-21 0 -35.5 14.5t-14.5 35.5v800 q0 21 14.5 35.5t35.5 14.5z" />
<glyph unicode="&#xe074;" d="M1100 950v-800q0 -21 -14.5 -35.5t-35.5 -14.5h-800q-21 0 -35.5 14.5t-14.5 35.5v800q0 21 14.5 35.5t35.5 14.5h800q21 0 35.5 -14.5t14.5 -35.5z" />
<glyph unicode="&#xe075;" d="M500 612v438q0 21 10.5 25t25.5 -10l492 -480q15 -14 15 -35t-15 -35l-492 -480q-15 -14 -25.5 -10t-10.5 25v438l-464 -453q-15 -14 -25.5 -10t-10.5 25v1000q0 21 10.5 25t25.5 -10z" />
<glyph unicode="&#xe076;" d="M1048 1102l100 1q20 0 35 -14.5t15 -35.5l5 -1000q0 -21 -14.5 -35.5t-35.5 -14.5l-100 -1q-21 0 -35.5 14.5t-14.5 35.5l-2 437l-463 -454q-14 -15 -24.5 -10.5t-10.5 25.5l-2 437l-462 -455q-15 -14 -25.5 -9.5t-10.5 24.5l-5 1000q0 21 10.5 25.5t25.5 -10.5l466 -450 l-2 438q0 20 10.5 24.5t25.5 -9.5l466 -451l-2 438q0 21 14.5 35.5t35.5 14.5z" />
<glyph unicode="&#xe077;" d="M850 1100h100q21 0 35.5 -14.5t14.5 -35.5v-1000q0 -21 -14.5 -35.5t-35.5 -14.5h-100q-21 0 -35.5 14.5t-14.5 35.5v438l-464 -453q-15 -14 -25.5 -10t-10.5 25v1000q0 21 10.5 25t25.5 -10l464 -453v438q0 21 14.5 35.5t35.5 14.5z" />
<glyph unicode="&#xe078;" d="M686 1081l501 -540q15 -15 10.5 -26t-26.5 -11h-1042q-22 0 -26.5 11t10.5 26l501 540q15 15 36 15t36 -15zM150 400h1000q21 0 35.5 -14.5t14.5 -35.5v-100q0 -21 -14.5 -35.5t-35.5 -14.5h-1000q-21 0 -35.5 14.5t-14.5 35.5v100q0 21 14.5 35.5t35.5 14.5z" />
<glyph unicode="&#xe079;" d="M885 900l-352 -353l352 -353l-197 -198l-552 552l552 550z" />
<glyph unicode="&#xe080;" d="M1064 547l-551 -551l-198 198l353 353l-353 353l198 198z" />
<glyph unicode="&#xe081;" d="M600 1177q117 0 224 -45.5t184.5 -123t123 -184.5t45.5 -224t-45.5 -224t-123 -184.5t-184.5 -123t-224 -45.5t-224 45.5t-184.5 123t-123 184.5t-45.5 224t45.5 224t123 184.5t184.5 123t224 45.5zM650 900h-100q-21 0 -35.5 -14.5t-14.5 -35.5v-150h-150 q-21 0 -35.5 -14.5t-14.5 -35.5v-100q0 -21 14.5 -35.5t35.5 -14.5h150v-150q0 -21 14.5 -35.5t35.5 -14.5h100q21 0 35.5 14.5t14.5 35.5v150h150q21 0 35.5 14.5t14.5 35.5v100q0 21 -14.5 35.5t-35.5 14.5h-150v150q0 21 -14.5 35.5t-35.5 14.5z" />
<glyph unicode="&#xe082;" d="M600 1177q117 0 224 -45.5t184.5 -123t123 -184.5t45.5 -224t-45.5 -224t-123 -184.5t-184.5 -123t-224 -45.5t-224 45.5t-184.5 123t-123 184.5t-45.5 224t45.5 224t123 184.5t184.5 123t224 45.5zM850 700h-500q-21 0 -35.5 -14.5t-14.5 -35.5v-100q0 -21 14.5 -35.5 t35.5 -14.5h500q21 0 35.5 14.5t14.5 35.5v100q0 21 -14.5 35.5t-35.5 14.5z" />
<glyph unicode="&#xe083;" d="M600 1177q117 0 224 -45.5t184.5 -123t123 -184.5t45.5 -224t-45.5 -224t-123 -184.5t-184.5 -123t-224 -45.5t-224 45.5t-184.5 123t-123 184.5t-45.5 224t45.5 224t123 184.5t184.5 123t224 45.5zM741.5 913q-12.5 0 -21.5 -9l-120 -120l-120 120q-9 9 -21.5 9 t-21.5 -9l-141 -141q-9 -9 -9 -21.5t9 -21.5l120 -120l-120 -120q-9 -9 -9 -21.5t9 -21.5l141 -141q9 -9 21.5 -9t21.5 9l120 120l120 -120q9 -9 21.5 -9t21.5 9l141 141q9 9 9 21.5t-9 21.5l-120 120l120 120q9 9 9 21.5t-9 21.5l-141 141q-9 9 -21.5 9z" />
<glyph unicode="&#xe084;" d="M600 1177q117 0 224 -45.5t184.5 -123t123 -184.5t45.5 -224t-45.5 -224t-123 -184.5t-184.5 -123t-224 -45.5t-224 45.5t-184.5 123t-123 184.5t-45.5 224t45.5 224t123 184.5t184.5 123t224 45.5zM546 623l-84 85q-7 7 -17.5 7t-18.5 -7l-139 -139q-7 -8 -7 -18t7 -18 l242 -241q7 -8 17.5 -8t17.5 8l375 375q7 7 7 17.5t-7 18.5l-139 139q-7 7 -17.5 7t-17.5 -7z" />
<glyph unicode="&#xe085;" d="M600 1177q117 0 224 -45.5t184.5 -123t123 -184.5t45.5 -224t-45.5 -224t-123 -184.5t-184.5 -123t-224 -45.5t-224 45.5t-184.5 123t-123 184.5t-45.5 224t45.5 224t123 184.5t184.5 123t224 45.5zM588 941q-29 0 -59 -5.5t-63 -20.5t-58 -38.5t-41.5 -63t-16.5 -89.5 q0 -25 20 -25h131q30 -5 35 11q6 20 20.5 28t45.5 8q20 0 31.5 -10.5t11.5 -28.5q0 -23 -7 -34t-26 -18q-1 0 -13.5 -4t-19.5 -7.5t-20 -10.5t-22 -17t-18.5 -24t-15.5 -35t-8 -46q-1 -8 5.5 -16.5t20.5 -8.5h173q7 0 22 8t35 28t37.5 48t29.5 74t12 100q0 47 -17 83 t-42.5 57t-59.5 34.5t-64 18t-59 4.5zM675 400h-150q-10 0 -17.5 -7.5t-7.5 -17.5v-150q0 -10 7.5 -17.5t17.5 -7.5h150q10 0 17.5 7.5t7.5 17.5v150q0 10 -7.5 17.5t-17.5 7.5z" />
<glyph unicode="&#xe086;" d="M600 1177q117 0 224 -45.5t184.5 -123t123 -184.5t45.5 -224t-45.5 -224t-123 -184.5t-184.5 -123t-224 -45.5t-224 45.5t-184.5 123t-123 184.5t-45.5 224t45.5 224t123 184.5t184.5 123t224 45.5zM675 1000h-150q-10 0 -17.5 -7.5t-7.5 -17.5v-150q0 -10 7.5 -17.5 t17.5 -7.5h150q10 0 17.5 7.5t7.5 17.5v150q0 10 -7.5 17.5t-17.5 7.5zM675 700h-250q-10 0 -17.5 -7.5t-7.5 -17.5v-50q0 -10 7.5 -17.5t17.5 -7.5h75v-200h-75q-10 0 -17.5 -7.5t-7.5 -17.5v-50q0 -10 7.5 -17.5t17.5 -7.5h350q10 0 17.5 7.5t7.5 17.5v50q0 10 -7.5 17.5 t-17.5 7.5h-75v275q0 10 -7.5 17.5t-17.5 7.5z" />
<glyph unicode="&#xe087;" d="M525 1200h150q10 0 17.5 -7.5t7.5 -17.5v-194q103 -27 178.5 -102.5t102.5 -178.5h194q10 0 17.5 -7.5t7.5 -17.5v-150q0 -10 -7.5 -17.5t-17.5 -7.5h-194q-27 -103 -102.5 -178.5t-178.5 -102.5v-194q0 -10 -7.5 -17.5t-17.5 -7.5h-150q-10 0 -17.5 7.5t-7.5 17.5v194 q-103 27 -178.5 102.5t-102.5 178.5h-194q-10 0 -17.5 7.5t-7.5 17.5v150q0 10 7.5 17.5t17.5 7.5h194q27 103 102.5 178.5t178.5 102.5v194q0 10 7.5 17.5t17.5 7.5zM700 893v-168q0 -10 -7.5 -17.5t-17.5 -7.5h-150q-10 0 -17.5 7.5t-7.5 17.5v168q-68 -23 -119 -74 t-74 -119h168q10 0 17.5 -7.5t7.5 -17.5v-150q0 -10 -7.5 -17.5t-17.5 -7.5h-168q23 -68 74 -119t119 -74v168q0 10 7.5 17.5t17.5 7.5h150q10 0 17.5 -7.5t7.5 -17.5v-168q68 23 119 74t74 119h-168q-10 0 -17.5 7.5t-7.5 17.5v150q0 10 7.5 17.5t17.5 7.5h168 q-23 68 -74 119t-119 74z" />
<glyph unicode="&#xe088;" d="M600 1177q117 0 224 -45.5t184.5 -123t123 -184.5t45.5 -224t-45.5 -224t-123 -184.5t-184.5 -123t-224 -45.5t-224 45.5t-184.5 123t-123 184.5t-45.5 224t45.5 224t123 184.5t184.5 123t224 45.5zM600 1027q-116 0 -214.5 -57t-155.5 -155.5t-57 -214.5t57 -214.5 t155.5 -155.5t214.5 -57t214.5 57t155.5 155.5t57 214.5t-57 214.5t-155.5 155.5t-214.5 57zM759 823l64 -64q7 -7 7 -17.5t-7 -17.5l-124 -124l124 -124q7 -7 7 -17.5t-7 -17.5l-64 -64q-7 -7 -17.5 -7t-17.5 7l-124 124l-124 -124q-7 -7 -17.5 -7t-17.5 7l-64 64 q-7 7 -7 17.5t7 17.5l124 124l-124 124q-7 7 -7 17.5t7 17.5l64 64q7 7 17.5 7t17.5 -7l124 -124l124 124q7 7 17.5 7t17.5 -7z" />
<glyph unicode="&#xe089;" d="M600 1177q117 0 224 -45.5t184.5 -123t123 -184.5t45.5 -224t-45.5 -224t-123 -184.5t-184.5 -123t-224 -45.5t-224 45.5t-184.5 123t-123 184.5t-45.5 224t45.5 224t123 184.5t184.5 123t224 45.5zM600 1027q-116 0 -214.5 -57t-155.5 -155.5t-57 -214.5t57 -214.5 t155.5 -155.5t214.5 -57t214.5 57t155.5 155.5t57 214.5t-57 214.5t-155.5 155.5t-214.5 57zM782 788l106 -106q7 -7 7 -17.5t-7 -17.5l-320 -321q-8 -7 -18 -7t-18 7l-202 203q-8 7 -8 17.5t8 17.5l106 106q7 8 17.5 8t17.5 -8l79 -79l197 197q7 7 17.5 7t17.5 -7z" />
<glyph unicode="&#xe090;" d="M600 1177q117 0 224 -45.5t184.5 -123t123 -184.5t45.5 -224t-45.5 -224t-123 -184.5t-184.5 -123t-224 -45.5t-224 45.5t-184.5 123t-123 184.5t-45.5 224t45.5 224t123 184.5t184.5 123t224 45.5zM600 1027q-116 0 -214.5 -57t-155.5 -155.5t-57 -214.5q0 -120 65 -225 l587 587q-105 65 -225 65zM965 819l-584 -584q104 -62 219 -62q116 0 214.5 57t155.5 155.5t57 214.5q0 115 -62 219z" />
<glyph unicode="&#xe091;" d="M39 582l522 427q16 13 27.5 8t11.5 -26v-291h550q21 0 35.5 -14.5t14.5 -35.5v-200q0 -21 -14.5 -35.5t-35.5 -14.5h-550v-291q0 -21 -11.5 -26t-27.5 8l-522 427q-16 13 -16 32t16 32z" />
<glyph unicode="&#xe092;" d="M639 1009l522 -427q16 -13 16 -32t-16 -32l-522 -427q-16 -13 -27.5 -8t-11.5 26v291h-550q-21 0 -35.5 14.5t-14.5 35.5v200q0 21 14.5 35.5t35.5 14.5h550v291q0 21 11.5 26t27.5 -8z" />
<glyph unicode="&#xe093;" d="M682 1161l427 -522q13 -16 8 -27.5t-26 -11.5h-291v-550q0 -21 -14.5 -35.5t-35.5 -14.5h-200q-21 0 -35.5 14.5t-14.5 35.5v550h-291q-21 0 -26 11.5t8 27.5l427 522q13 16 32 16t32 -16z" />
<glyph unicode="&#xe094;" d="M550 1200h200q21 0 35.5 -14.5t14.5 -35.5v-550h291q21 0 26 -11.5t-8 -27.5l-427 -522q-13 -16 -32 -16t-32 16l-427 522q-13 16 -8 27.5t26 11.5h291v550q0 21 14.5 35.5t35.5 14.5z" />
<glyph unicode="&#xe095;" d="M639 1109l522 -427q16 -13 16 -32t-16 -32l-522 -427q-16 -13 -27.5 -8t-11.5 26v291q-94 -2 -182 -20t-170.5 -52t-147 -92.5t-100.5 -135.5q5 105 27 193.5t67.5 167t113 135t167 91.5t225.5 42v262q0 21 11.5 26t27.5 -8z" />
<glyph unicode="&#xe096;" d="M850 1200h300q21 0 35.5 -14.5t14.5 -35.5v-300q0 -21 -10.5 -25t-24.5 10l-94 94l-249 -249q-8 -7 -18 -7t-18 7l-106 106q-7 8 -7 18t7 18l249 249l-94 94q-14 14 -10 24.5t25 10.5zM350 0h-300q-21 0 -35.5 14.5t-14.5 35.5v300q0 21 10.5 25t24.5 -10l94 -94l249 249 q8 7 18 7t18 -7l106 -106q7 -8 7 -18t-7 -18l-249 -249l94 -94q14 -14 10 -24.5t-25 -10.5z" />
<glyph unicode="&#xe097;" d="M1014 1120l106 -106q7 -8 7 -18t-7 -18l-249 -249l94 -94q14 -14 10 -24.5t-25 -10.5h-300q-21 0 -35.5 14.5t-14.5 35.5v300q0 21 10.5 25t24.5 -10l94 -94l249 249q8 7 18 7t18 -7zM250 600h300q21 0 35.5 -14.5t14.5 -35.5v-300q0 -21 -10.5 -25t-24.5 10l-94 94 l-249 -249q-8 -7 -18 -7t-18 7l-106 106q-7 8 -7 18t7 18l249 249l-94 94q-14 14 -10 24.5t25 10.5z" />
<glyph unicode="&#xe101;" d="M600 1177q117 0 224 -45.5t184.5 -123t123 -184.5t45.5 -224t-45.5 -224t-123 -184.5t-184.5 -123t-224 -45.5t-224 45.5t-184.5 123t-123 184.5t-45.5 224t45.5 224t123 184.5t184.5 123t224 45.5zM704 900h-208q-20 0 -32 -14.5t-8 -34.5l58 -302q4 -20 21.5 -34.5 t37.5 -14.5h54q20 0 37.5 14.5t21.5 34.5l58 302q4 20 -8 34.5t-32 14.5zM675 400h-150q-10 0 -17.5 -7.5t-7.5 -17.5v-150q0 -10 7.5 -17.5t17.5 -7.5h150q10 0 17.5 7.5t7.5 17.5v150q0 10 -7.5 17.5t-17.5 7.5z" />
<glyph unicode="&#xe102;" d="M260 1200q9 0 19 -2t15 -4l5 -2q22 -10 44 -23l196 -118q21 -13 36 -24q29 -21 37 -12q11 13 49 35l196 118q22 13 45 23q17 7 38 7q23 0 47 -16.5t37 -33.5l13 -16q14 -21 18 -45l25 -123l8 -44q1 -9 8.5 -14.5t17.5 -5.5h61q10 0 17.5 -7.5t7.5 -17.5v-50 q0 -10 -7.5 -17.5t-17.5 -7.5h-50q-10 0 -17.5 -7.5t-7.5 -17.5v-175h-400v300h-200v-300h-400v175q0 10 -7.5 17.5t-17.5 7.5h-50q-10 0 -17.5 7.5t-7.5 17.5v50q0 10 7.5 17.5t17.5 7.5h61q11 0 18 3t7 8q0 4 9 52l25 128q5 25 19 45q2 3 5 7t13.5 15t21.5 19.5t26.5 15.5 t29.5 7zM915 1079l-166 -162q-7 -7 -5 -12t12 -5h219q10 0 15 7t2 17l-51 149q-3 10 -11 12t-15 -6zM463 917l-177 157q-8 7 -16 5t-11 -12l-51 -143q-3 -10 2 -17t15 -7h231q11 0 12.5 5t-5.5 12zM500 0h-375q-10 0 -17.5 7.5t-7.5 17.5v375h400v-400zM1100 400v-375 q0 -10 -7.5 -17.5t-17.5 -7.5h-375v400h400z" />
<glyph unicode="&#xe103;" d="M1165 1190q8 3 21 -6.5t13 -17.5q-2 -178 -24.5 -323.5t-55.5 -245.5t-87 -174.5t-102.5 -118.5t-118 -68.5t-118.5 -33t-120 -4.5t-105 9.5t-90 16.5q-61 12 -78 11q-4 1 -12.5 0t-34 -14.5t-52.5 -40.5l-153 -153q-26 -24 -37 -14.5t-11 43.5q0 64 42 102q8 8 50.5 45 t66.5 58q19 17 35 47t13 61q-9 55 -10 102.5t7 111t37 130t78 129.5q39 51 80 88t89.5 63.5t94.5 45t113.5 36t129 31t157.5 37t182 47.5zM1116 1098q-8 9 -22.5 -3t-45.5 -50q-38 -47 -119 -103.5t-142 -89.5l-62 -33q-56 -30 -102 -57t-104 -68t-102.5 -80.5t-85.5 -91 t-64 -104.5q-24 -56 -31 -86t2 -32t31.5 17.5t55.5 59.5q25 30 94 75.5t125.5 77.5t147.5 81q70 37 118.5 69t102 79.5t99 111t86.5 148.5q22 50 24 60t-6 19z" />
<glyph unicode="&#xe104;" d="M653 1231q-39 -67 -54.5 -131t-10.5 -114.5t24.5 -96.5t47.5 -80t63.5 -62.5t68.5 -46.5t65 -30q-4 7 -17.5 35t-18.5 39.5t-17 39.5t-17 43t-13 42t-9.5 44.5t-2 42t4 43t13.5 39t23 38.5q96 -42 165 -107.5t105 -138t52 -156t13 -159t-19 -149.5q-13 -55 -44 -106.5 t-68 -87t-78.5 -64.5t-72.5 -45t-53 -22q-72 -22 -127 -11q-31 6 -13 19q6 3 17 7q13 5 32.5 21t41 44t38.5 63.5t21.5 81.5t-6.5 94.5t-50 107t-104 115.5q10 -104 -0.5 -189t-37 -140.5t-65 -93t-84 -52t-93.5 -11t-95 24.5q-80 36 -131.5 114t-53.5 171q-2 23 0 49.5 t4.5 52.5t13.5 56t27.5 60t46 64.5t69.5 68.5q-8 -53 -5 -102.5t17.5 -90t34 -68.5t44.5 -39t49 -2q31 13 38.5 36t-4.5 55t-29 64.5t-36 75t-26 75.5q-15 85 2 161.5t53.5 128.5t85.5 92.5t93.5 61t81.5 25.5z" />
<glyph unicode="&#xe105;" d="M600 1094q82 0 160.5 -22.5t140 -59t116.5 -82.5t94.5 -95t68 -95t42.5 -82.5t14 -57.5t-14 -57.5t-43 -82.5t-68.5 -95t-94.5 -95t-116.5 -82.5t-140 -59t-159.5 -22.5t-159.5 22.5t-140 59t-116.5 82.5t-94.5 95t-68.5 95t-43 82.5t-14 57.5t14 57.5t42.5 82.5t68 95 t94.5 95t116.5 82.5t140 59t160.5 22.5zM888 829q-15 15 -18 12t5 -22q25 -57 25 -119q0 -124 -88 -212t-212 -88t-212 88t-88 212q0 59 23 114q8 19 4.5 22t-17.5 -12q-70 -69 -160 -184q-13 -16 -15 -40.5t9 -42.5q22 -36 47 -71t70 -82t92.5 -81t113 -58.5t133.5 -24.5 t133.5 24t113 58.5t92.5 81.5t70 81.5t47 70.5q11 18 9 42.5t-14 41.5q-90 117 -163 189zM448 727l-35 -36q-15 -15 -19.5 -38.5t4.5 -41.5q37 -68 93 -116q16 -13 38.5 -11t36.5 17l35 34q14 15 12.5 33.5t-16.5 33.5q-44 44 -89 117q-11 18 -28 20t-32 -12z" />
<glyph unicode="&#xe106;" d="M592 0h-148l31 120q-91 20 -175.5 68.5t-143.5 106.5t-103.5 119t-66.5 110t-22 76q0 21 14 57.5t42.5 82.5t68 95t94.5 95t116.5 82.5t140 59t160.5 22.5q61 0 126 -15l32 121h148zM944 770l47 181q108 -85 176.5 -192t68.5 -159q0 -26 -19.5 -71t-59.5 -102t-93 -112 t-129 -104.5t-158 -75.5l46 173q77 49 136 117t97 131q11 18 9 42.5t-14 41.5q-54 70 -107 130zM310 824q-70 -69 -160 -184q-13 -16 -15 -40.5t9 -42.5q18 -30 39 -60t57 -70.5t74 -73t90 -61t105 -41.5l41 154q-107 18 -178.5 101.5t-71.5 193.5q0 59 23 114q8 19 4.5 22 t-17.5 -12zM448 727l-35 -36q-15 -15 -19.5 -38.5t4.5 -41.5q37 -68 93 -116q16 -13 38.5 -11t36.5 17l12 11l22 86l-3 4q-44 44 -89 117q-11 18 -28 20t-32 -12z" />
<glyph unicode="&#xe107;" d="M-90 100l642 1066q20 31 48 28.5t48 -35.5l642 -1056q21 -32 7.5 -67.5t-50.5 -35.5h-1294q-37 0 -50.5 34t7.5 66zM155 200h345v75q0 10 7.5 17.5t17.5 7.5h150q10 0 17.5 -7.5t7.5 -17.5v-75h345l-445 723zM496 700h208q20 0 32 -14.5t8 -34.5l-58 -252 q-4 -20 -21.5 -34.5t-37.5 -14.5h-54q-20 0 -37.5 14.5t-21.5 34.5l-58 252q-4 20 8 34.5t32 14.5z" />
<glyph unicode="&#xe108;" d="M650 1200q62 0 106 -44t44 -106v-339l363 -325q15 -14 26 -38.5t11 -44.5v-41q0 -20 -12 -26.5t-29 5.5l-359 249v-263q100 -93 100 -113v-64q0 -21 -13 -29t-32 1l-205 128l-205 -128q-19 -9 -32 -1t-13 29v64q0 20 100 113v263l-359 -249q-17 -12 -29 -5.5t-12 26.5v41 q0 20 11 44.5t26 38.5l363 325v339q0 62 44 106t106 44z" />
<glyph unicode="&#xe109;" d="M850 1200h100q21 0 35.5 -14.5t14.5 -35.5v-50h50q21 0 35.5 -14.5t14.5 -35.5v-150h-1100v150q0 21 14.5 35.5t35.5 14.5h50v50q0 21 14.5 35.5t35.5 14.5h100q21 0 35.5 -14.5t14.5 -35.5v-50h500v50q0 21 14.5 35.5t35.5 14.5zM1100 800v-750q0 -21 -14.5 -35.5 t-35.5 -14.5h-1000q-21 0 -35.5 14.5t-14.5 35.5v750h1100zM100 600v-100h100v100h-100zM300 600v-100h100v100h-100zM500 600v-100h100v100h-100zM700 600v-100h100v100h-100zM900 600v-100h100v100h-100zM100 400v-100h100v100h-100zM300 400v-100h100v100h-100zM500 400 v-100h100v100h-100zM700 400v-100h100v100h-100zM900 400v-100h100v100h-100zM100 200v-100h100v100h-100zM300 200v-100h100v100h-100zM500 200v-100h100v100h-100zM700 200v-100h100v100h-100zM900 200v-100h100v100h-100z" />
<glyph unicode="&#xe110;" d="M1135 1165l249 -230q15 -14 15 -35t-15 -35l-249 -230q-14 -14 -24.5 -10t-10.5 25v150h-159l-600 -600h-291q-21 0 -35.5 14.5t-14.5 35.5v100q0 21 14.5 35.5t35.5 14.5h209l600 600h241v150q0 21 10.5 25t24.5 -10zM522 819l-141 -141l-122 122h-209q-21 0 -35.5 14.5 t-14.5 35.5v100q0 21 14.5 35.5t35.5 14.5h291zM1135 565l249 -230q15 -14 15 -35t-15 -35l-249 -230q-14 -14 -24.5 -10t-10.5 25v150h-241l-181 181l141 141l122 -122h159v150q0 21 10.5 25t24.5 -10z" />
<glyph unicode="&#xe111;" d="M100 1100h1000q41 0 70.5 -29.5t29.5 -70.5v-600q0 -41 -29.5 -70.5t-70.5 -29.5h-596l-304 -300v300h-100q-41 0 -70.5 29.5t-29.5 70.5v600q0 41 29.5 70.5t70.5 29.5z" />
<glyph unicode="&#xe112;" d="M150 1200h200q21 0 35.5 -14.5t14.5 -35.5v-250h-300v250q0 21 14.5 35.5t35.5 14.5zM850 1200h200q21 0 35.5 -14.5t14.5 -35.5v-250h-300v250q0 21 14.5 35.5t35.5 14.5zM1100 800v-300q0 -41 -3 -77.5t-15 -89.5t-32 -96t-58 -89t-89 -77t-129 -51t-174 -20t-174 20 t-129 51t-89 77t-58 89t-32 96t-15 89.5t-3 77.5v300h300v-250v-27v-42.5t1.5 -41t5 -38t10 -35t16.5 -30t25.5 -24.5t35 -19t46.5 -12t60 -4t60 4.5t46.5 12.5t35 19.5t25 25.5t17 30.5t10 35t5 38t2 40.5t-0.5 42v25v250h300z" />
<glyph unicode="&#xe113;" d="M1100 411l-198 -199l-353 353l-353 -353l-197 199l551 551z" />
<glyph unicode="&#xe114;" d="M1101 789l-550 -551l-551 551l198 199l353 -353l353 353z" />
<glyph unicode="&#xe115;" d="M404 1000h746q21 0 35.5 -14.5t14.5 -35.5v-551h150q21 0 25 -10.5t-10 -24.5l-230 -249q-14 -15 -35 -15t-35 15l-230 249q-14 14 -10 24.5t25 10.5h150v401h-381zM135 984l230 -249q14 -14 10 -24.5t-25 -10.5h-150v-400h385l215 -200h-750q-21 0 -35.5 14.5 t-14.5 35.5v550h-150q-21 0 -25 10.5t10 24.5l230 249q14 15 35 15t35 -15z" />
<glyph unicode="&#xe116;" d="M56 1200h94q17 0 31 -11t18 -27l38 -162h896q24 0 39 -18.5t10 -42.5l-100 -475q-5 -21 -27 -42.5t-55 -21.5h-633l48 -200h535q21 0 35.5 -14.5t14.5 -35.5t-14.5 -35.5t-35.5 -14.5h-50v-50q0 -21 -14.5 -35.5t-35.5 -14.5t-35.5 14.5t-14.5 35.5v50h-300v-50 q0 -21 -14.5 -35.5t-35.5 -14.5t-35.5 14.5t-14.5 35.5v50h-31q-18 0 -32.5 10t-20.5 19l-5 10l-201 961h-54q-20 0 -35 14.5t-15 35.5t15 35.5t35 14.5z" />
<glyph unicode="&#xe117;" d="M1200 1000v-100h-1200v100h200q0 41 29.5 70.5t70.5 29.5h300q41 0 70.5 -29.5t29.5 -70.5h500zM0 800h1200v-800h-1200v800z" />
<glyph unicode="&#xe118;" d="M200 800l-200 -400v600h200q0 41 29.5 70.5t70.5 29.5h300q42 0 71 -29.5t29 -70.5h500v-200h-1000zM1500 700l-300 -700h-1200l300 700h1200z" />
<glyph unicode="&#xe119;" d="M635 1184l230 -249q14 -14 10 -24.5t-25 -10.5h-150v-601h150q21 0 25 -10.5t-10 -24.5l-230 -249q-14 -15 -35 -15t-35 15l-230 249q-14 14 -10 24.5t25 10.5h150v601h-150q-21 0 -25 10.5t10 24.5l230 249q14 15 35 15t35 -15z" />
<glyph unicode="&#xe120;" d="M936 864l249 -229q14 -15 14 -35.5t-14 -35.5l-249 -229q-15 -15 -25.5 -10.5t-10.5 24.5v151h-600v-151q0 -20 -10.5 -24.5t-25.5 10.5l-249 229q-14 15 -14 35.5t14 35.5l249 229q15 15 25.5 10.5t10.5 -25.5v-149h600v149q0 21 10.5 25.5t25.5 -10.5z" />
<glyph unicode="&#xe121;" d="M1169 400l-172 732q-5 23 -23 45.5t-38 22.5h-672q-20 0 -38 -20t-23 -41l-172 -739h1138zM1100 300h-1000q-41 0 -70.5 -29.5t-29.5 -70.5v-100q0 -41 29.5 -70.5t70.5 -29.5h1000q41 0 70.5 29.5t29.5 70.5v100q0 41 -29.5 70.5t-70.5 29.5zM800 100v100h100v-100h-100 zM1000 100v100h100v-100h-100z" />
<glyph unicode="&#xe122;" d="M1150 1100q21 0 35.5 -14.5t14.5 -35.5v-850q0 -21 -14.5 -35.5t-35.5 -14.5t-35.5 14.5t-14.5 35.5v850q0 21 14.5 35.5t35.5 14.5zM1000 200l-675 200h-38l47 -276q3 -16 -5.5 -20t-29.5 -4h-7h-84q-20 0 -34.5 14t-18.5 35q-55 337 -55 351v250v6q0 16 1 23.5t6.5 14 t17.5 6.5h200l675 250v-850zM0 750v-250q-4 0 -11 0.5t-24 6t-30 15t-24 30t-11 48.5v50q0 26 10.5 46t25 30t29 16t25.5 7z" />
<glyph unicode="&#xe123;" d="M553 1200h94q20 0 29 -10.5t3 -29.5l-18 -37q83 -19 144 -82.5t76 -140.5l63 -327l118 -173h17q19 0 33 -14.5t14 -35t-13 -40.5t-31 -27q-8 -4 -23 -9.5t-65 -19.5t-103 -25t-132.5 -20t-158.5 -9q-57 0 -115 5t-104 12t-88.5 15.5t-73.5 17.5t-54.5 16t-35.5 12l-11 4 q-18 8 -31 28t-13 40.5t14 35t33 14.5h17l118 173l63 327q15 77 76 140t144 83l-18 32q-6 19 3.5 32t28.5 13zM498 110q50 -6 102 -6q53 0 102 6q-12 -49 -39.5 -79.5t-62.5 -30.5t-63 30.5t-39 79.5z" />
<glyph unicode="&#xe124;" d="M800 946l224 78l-78 -224l234 -45l-180 -155l180 -155l-234 -45l78 -224l-224 78l-45 -234l-155 180l-155 -180l-45 234l-224 -78l78 224l-234 45l180 155l-180 155l234 45l-78 224l224 -78l45 234l155 -180l155 180z" />
<glyph unicode="&#xe125;" d="M650 1200h50q40 0 70 -40.5t30 -84.5v-150l-28 -125h328q40 0 70 -40.5t30 -84.5v-100q0 -45 -29 -74l-238 -344q-16 -24 -38 -40.5t-45 -16.5h-250q-7 0 -42 25t-66 50l-31 25h-61q-45 0 -72.5 18t-27.5 57v400q0 36 20 63l145 196l96 198q13 28 37.5 48t51.5 20z M650 1100l-100 -212l-150 -213v-375h100l136 -100h214l250 375v125h-450l50 225v175h-50zM50 800h100q21 0 35.5 -14.5t14.5 -35.5v-500q0 -21 -14.5 -35.5t-35.5 -14.5h-100q-21 0 -35.5 14.5t-14.5 35.5v500q0 21 14.5 35.5t35.5 14.5z" />
<glyph unicode="&#xe126;" d="M600 1100h250q23 0 45 -16.5t38 -40.5l238 -344q29 -29 29 -74v-100q0 -44 -30 -84.5t-70 -40.5h-328q28 -118 28 -125v-150q0 -44 -30 -84.5t-70 -40.5h-50q-27 0 -51.5 20t-37.5 48l-96 198l-145 196q-20 27 -20 63v400q0 39 27.5 57t72.5 18h61q124 100 139 100z M50 1000h100q21 0 35.5 -14.5t14.5 -35.5v-500q0 -21 -14.5 -35.5t-35.5 -14.5h-100q-21 0 -35.5 14.5t-14.5 35.5v500q0 21 14.5 35.5t35.5 14.5zM636 1000l-136 -100h-100v-375l150 -213l100 -212h50v175l-50 225h450v125l-250 375h-214z" />
<glyph unicode="&#xe127;" d="M356 873l363 230q31 16 53 -6l110 -112q13 -13 13.5 -32t-11.5 -34l-84 -121h302q84 0 138 -38t54 -110t-55 -111t-139 -39h-106l-131 -339q-6 -21 -19.5 -41t-28.5 -20h-342q-7 0 -90 81t-83 94v525q0 17 14 35.5t28 28.5zM400 792v-503l100 -89h293l131 339 q6 21 19.5 41t28.5 20h203q21 0 30.5 25t0.5 50t-31 25h-456h-7h-6h-5.5t-6 0.5t-5 1.5t-5 2t-4 2.5t-4 4t-2.5 4.5q-12 25 5 47l146 183l-86 83zM50 800h100q21 0 35.5 -14.5t14.5 -35.5v-500q0 -21 -14.5 -35.5t-35.5 -14.5h-100q-21 0 -35.5 14.5t-14.5 35.5v500 q0 21 14.5 35.5t35.5 14.5z" />
<glyph unicode="&#xe128;" d="M475 1103l366 -230q2 -1 6 -3.5t14 -10.5t18 -16.5t14.5 -20t6.5 -22.5v-525q0 -13 -86 -94t-93 -81h-342q-15 0 -28.5 20t-19.5 41l-131 339h-106q-85 0 -139.5 39t-54.5 111t54 110t138 38h302l-85 121q-11 15 -10.5 34t13.5 32l110 112q22 22 53 6zM370 945l146 -183 q17 -22 5 -47q-2 -2 -3.5 -4.5t-4 -4t-4 -2.5t-5 -2t-5 -1.5t-6 -0.5h-6h-6.5h-6h-475v-100h221q15 0 29 -20t20 -41l130 -339h294l106 89v503l-342 236zM1050 800h100q21 0 35.5 -14.5t14.5 -35.5v-500q0 -21 -14.5 -35.5t-35.5 -14.5h-100q-21 0 -35.5 14.5t-14.5 35.5 v500q0 21 14.5 35.5t35.5 14.5z" />
<glyph unicode="&#xe129;" d="M550 1294q72 0 111 -55t39 -139v-106l339 -131q21 -6 41 -19.5t20 -28.5v-342q0 -7 -81 -90t-94 -83h-525q-17 0 -35.5 14t-28.5 28l-9 14l-230 363q-16 31 6 53l112 110q13 13 32 13.5t34 -11.5l121 -84v302q0 84 38 138t110 54zM600 972v203q0 21 -25 30.5t-50 0.5 t-25 -31v-456v-7v-6v-5.5t-0.5 -6t-1.5 -5t-2 -5t-2.5 -4t-4 -4t-4.5 -2.5q-25 -12 -47 5l-183 146l-83 -86l236 -339h503l89 100v293l-339 131q-21 6 -41 19.5t-20 28.5zM450 200h500q21 0 35.5 -14.5t14.5 -35.5v-100q0 -21 -14.5 -35.5t-35.5 -14.5h-500 q-21 0 -35.5 14.5t-14.5 35.5v100q0 21 14.5 35.5t35.5 14.5z" />
<glyph unicode="&#xe130;" d="M350 1100h500q21 0 35.5 14.5t14.5 35.5v100q0 21 -14.5 35.5t-35.5 14.5h-500q-21 0 -35.5 -14.5t-14.5 -35.5v-100q0 -21 14.5 -35.5t35.5 -14.5zM600 306v-106q0 -84 -39 -139t-111 -55t-110 54t-38 138v302l-121 -84q-15 -12 -34 -11.5t-32 13.5l-112 110 q-22 22 -6 53l230 363q1 2 3.5 6t10.5 13.5t16.5 17t20 13.5t22.5 6h525q13 0 94 -83t81 -90v-342q0 -15 -20 -28.5t-41 -19.5zM308 900l-236 -339l83 -86l183 146q22 17 47 5q2 -1 4.5 -2.5t4 -4t2.5 -4t2 -5t1.5 -5t0.5 -6v-5.5v-6v-7v-456q0 -22 25 -31t50 0.5t25 30.5 v203q0 15 20 28.5t41 19.5l339 131v293l-89 100h-503z" />
<glyph unicode="&#xe131;" d="M600 1178q118 0 225 -45.5t184.5 -123t123 -184.5t45.5 -225t-45.5 -225t-123 -184.5t-184.5 -123t-225 -45.5t-225 45.5t-184.5 123t-123 184.5t-45.5 225t45.5 225t123 184.5t184.5 123t225 45.5zM914 632l-275 223q-16 13 -27.5 8t-11.5 -26v-137h-275 q-10 0 -17.5 -7.5t-7.5 -17.5v-150q0 -10 7.5 -17.5t17.5 -7.5h275v-137q0 -21 11.5 -26t27.5 8l275 223q16 13 16 32t-16 32z" />
<glyph unicode="&#xe132;" d="M600 1178q118 0 225 -45.5t184.5 -123t123 -184.5t45.5 -225t-45.5 -225t-123 -184.5t-184.5 -123t-225 -45.5t-225 45.5t-184.5 123t-123 184.5t-45.5 225t45.5 225t123 184.5t184.5 123t225 45.5zM561 855l-275 -223q-16 -13 -16 -32t16 -32l275 -223q16 -13 27.5 -8 t11.5 26v137h275q10 0 17.5 7.5t7.5 17.5v150q0 10 -7.5 17.5t-17.5 7.5h-275v137q0 21 -11.5 26t-27.5 -8z" />
<glyph unicode="&#xe133;" d="M600 1178q118 0 225 -45.5t184.5 -123t123 -184.5t45.5 -225t-45.5 -225t-123 -184.5t-184.5 -123t-225 -45.5t-225 45.5t-184.5 123t-123 184.5t-45.5 225t45.5 225t123 184.5t184.5 123t225 45.5zM855 639l-223 275q-13 16 -32 16t-32 -16l-223 -275q-13 -16 -8 -27.5 t26 -11.5h137v-275q0 -10 7.5 -17.5t17.5 -7.5h150q10 0 17.5 7.5t7.5 17.5v275h137q21 0 26 11.5t-8 27.5z" />
<glyph unicode="&#xe134;" d="M600 1178q118 0 225 -45.5t184.5 -123t123 -184.5t45.5 -225t-45.5 -225t-123 -184.5t-184.5 -123t-225 -45.5t-225 45.5t-184.5 123t-123 184.5t-45.5 225t45.5 225t123 184.5t184.5 123t225 45.5zM675 900h-150q-10 0 -17.5 -7.5t-7.5 -17.5v-275h-137q-21 0 -26 -11.5 t8 -27.5l223 -275q13 -16 32 -16t32 16l223 275q13 16 8 27.5t-26 11.5h-137v275q0 10 -7.5 17.5t-17.5 7.5z" />
<glyph unicode="&#xe135;" d="M600 1176q116 0 222.5 -46t184 -123.5t123.5 -184t46 -222.5t-46 -222.5t-123.5 -184t-184 -123.5t-222.5 -46t-222.5 46t-184 123.5t-123.5 184t-46 222.5t46 222.5t123.5 184t184 123.5t222.5 46zM627 1101q-15 -12 -36.5 -20.5t-35.5 -12t-43 -8t-39 -6.5 q-15 -3 -45.5 0t-45.5 -2q-20 -7 -51.5 -26.5t-34.5 -34.5q-3 -11 6.5 -22.5t8.5 -18.5q-3 -34 -27.5 -91t-29.5 -79q-9 -34 5 -93t8 -87q0 -9 17 -44.5t16 -59.5q12 0 23 -5t23.5 -15t19.5 -14q16 -8 33 -15t40.5 -15t34.5 -12q21 -9 52.5 -32t60 -38t57.5 -11 q7 -15 -3 -34t-22.5 -40t-9.5 -38q13 -21 23 -34.5t27.5 -27.5t36.5 -18q0 -7 -3.5 -16t-3.5 -14t5 -17q104 -2 221 112q30 29 46.5 47t34.5 49t21 63q-13 8 -37 8.5t-36 7.5q-15 7 -49.5 15t-51.5 19q-18 0 -41 -0.5t-43 -1.5t-42 -6.5t-38 -16.5q-51 -35 -66 -12 q-4 1 -3.5 25.5t0.5 25.5q-6 13 -26.5 17.5t-24.5 6.5q1 15 -0.5 30.5t-7 28t-18.5 11.5t-31 -21q-23 -25 -42 4q-19 28 -8 58q6 16 22 22q6 -1 26 -1.5t33.5 -4t19.5 -13.5q7 -12 18 -24t21.5 -20.5t20 -15t15.5 -10.5l5 -3q2 12 7.5 30.5t8 34.5t-0.5 32q-3 18 3.5 29 t18 22.5t15.5 24.5q6 14 10.5 35t8 31t15.5 22.5t34 22.5q-6 18 10 36q8 0 24 -1.5t24.5 -1.5t20 4.5t20.5 15.5q-10 23 -31 42.5t-37.5 29.5t-49 27t-43.5 23q0 1 2 8t3 11.5t1.5 10.5t-1 9.5t-4.5 4.5q31 -13 58.5 -14.5t38.5 2.5l12 5q5 28 -9.5 46t-36.5 24t-50 15 t-41 20q-18 -4 -37 0zM613 994q0 -17 8 -42t17 -45t9 -23q-8 1 -39.5 5.5t-52.5 10t-37 16.5q3 11 16 29.5t16 25.5q10 -10 19 -10t14 6t13.5 14.5t16.5 12.5z" />
<glyph unicode="&#xe136;" d="M756 1157q164 92 306 -9l-259 -138l145 -232l251 126q6 -89 -34 -156.5t-117 -110.5q-60 -34 -127 -39.5t-126 16.5l-596 -596q-15 -16 -36.5 -16t-36.5 16l-111 110q-15 15 -15 36.5t15 37.5l600 599q-34 101 5.5 201.5t135.5 154.5z" />
<glyph unicode="&#xe137;" horiz-adv-x="1220" d="M100 1196h1000q41 0 70.5 -29.5t29.5 -70.5v-100q0 -41 -29.5 -70.5t-70.5 -29.5h-1000q-41 0 -70.5 29.5t-29.5 70.5v100q0 41 29.5 70.5t70.5 29.5zM1100 1096h-200v-100h200v100zM100 796h1000q41 0 70.5 -29.5t29.5 -70.5v-100q0 -41 -29.5 -70.5t-70.5 -29.5h-1000 q-41 0 -70.5 29.5t-29.5 70.5v100q0 41 29.5 70.5t70.5 29.5zM1100 696h-500v-100h500v100zM100 396h1000q41 0 70.5 -29.5t29.5 -70.5v-100q0 -41 -29.5 -70.5t-70.5 -29.5h-1000q-41 0 -70.5 29.5t-29.5 70.5v100q0 41 29.5 70.5t70.5 29.5zM1100 296h-300v-100h300v100z " />
<glyph unicode="&#xe138;" d="M150 1200h900q21 0 35.5 -14.5t14.5 -35.5t-14.5 -35.5t-35.5 -14.5h-900q-21 0 -35.5 14.5t-14.5 35.5t14.5 35.5t35.5 14.5zM700 500v-300l-200 -200v500l-350 500h900z" />
<glyph unicode="&#xe139;" d="M500 1200h200q41 0 70.5 -29.5t29.5 -70.5v-100h300q41 0 70.5 -29.5t29.5 -70.5v-400h-500v100h-200v-100h-500v400q0 41 29.5 70.5t70.5 29.5h300v100q0 41 29.5 70.5t70.5 29.5zM500 1100v-100h200v100h-200zM1200 400v-200q0 -41 -29.5 -70.5t-70.5 -29.5h-1000 q-41 0 -70.5 29.5t-29.5 70.5v200h1200z" />
<glyph unicode="&#xe140;" d="M50 1200h300q21 0 25 -10.5t-10 -24.5l-94 -94l199 -199q7 -8 7 -18t-7 -18l-106 -106q-8 -7 -18 -7t-18 7l-199 199l-94 -94q-14 -14 -24.5 -10t-10.5 25v300q0 21 14.5 35.5t35.5 14.5zM850 1200h300q21 0 35.5 -14.5t14.5 -35.5v-300q0 -21 -10.5 -25t-24.5 10l-94 94 l-199 -199q-8 -7 -18 -7t-18 7l-106 106q-7 8 -7 18t7 18l199 199l-94 94q-14 14 -10 24.5t25 10.5zM364 470l106 -106q7 -8 7 -18t-7 -18l-199 -199l94 -94q14 -14 10 -24.5t-25 -10.5h-300q-21 0 -35.5 14.5t-14.5 35.5v300q0 21 10.5 25t24.5 -10l94 -94l199 199 q8 7 18 7t18 -7zM1071 271l94 94q14 14 24.5 10t10.5 -25v-300q0 -21 -14.5 -35.5t-35.5 -14.5h-300q-21 0 -25 10.5t10 24.5l94 94l-199 199q-7 8 -7 18t7 18l106 106q8 7 18 7t18 -7z" />
<glyph unicode="&#xe141;" d="M596 1192q121 0 231.5 -47.5t190 -127t127 -190t47.5 -231.5t-47.5 -231.5t-127 -190.5t-190 -127t-231.5 -47t-231.5 47t-190.5 127t-127 190.5t-47 231.5t47 231.5t127 190t190.5 127t231.5 47.5zM596 1010q-112 0 -207.5 -55.5t-151 -151t-55.5 -207.5t55.5 -207.5 t151 -151t207.5 -55.5t207.5 55.5t151 151t55.5 207.5t-55.5 207.5t-151 151t-207.5 55.5zM454.5 905q22.5 0 38.5 -16t16 -38.5t-16 -39t-38.5 -16.5t-38.5 16.5t-16 39t16 38.5t38.5 16zM754.5 905q22.5 0 38.5 -16t16 -38.5t-16 -39t-38 -16.5q-14 0 -29 10l-55 -145 q17 -23 17 -51q0 -36 -25.5 -61.5t-61.5 -25.5t-61.5 25.5t-25.5 61.5q0 32 20.5 56.5t51.5 29.5l122 126l1 1q-9 14 -9 28q0 23 16 39t38.5 16zM345.5 709q22.5 0 38.5 -16t16 -38.5t-16 -38.5t-38.5 -16t-38.5 16t-16 38.5t16 38.5t38.5 16zM854.5 709q22.5 0 38.5 -16 t16 -38.5t-16 -38.5t-38.5 -16t-38.5 16t-16 38.5t16 38.5t38.5 16z" />
<glyph unicode="&#xe142;" d="M546 173l469 470q91 91 99 192q7 98 -52 175.5t-154 94.5q-22 4 -47 4q-34 0 -66.5 -10t-56.5 -23t-55.5 -38t-48 -41.5t-48.5 -47.5q-376 -375 -391 -390q-30 -27 -45 -41.5t-37.5 -41t-32 -46.5t-16 -47.5t-1.5 -56.5q9 -62 53.5 -95t99.5 -33q74 0 125 51l548 548 q36 36 20 75q-7 16 -21.5 26t-32.5 10q-26 0 -50 -23q-13 -12 -39 -38l-341 -338q-15 -15 -35.5 -15.5t-34.5 13.5t-14 34.5t14 34.5q327 333 361 367q35 35 67.5 51.5t78.5 16.5q14 0 29 -1q44 -8 74.5 -35.5t43.5 -68.5q14 -47 2 -96.5t-47 -84.5q-12 -11 -32 -32 t-79.5 -81t-114.5 -115t-124.5 -123.5t-123 -119.5t-96.5 -89t-57 -45q-56 -27 -120 -27q-70 0 -129 32t-93 89q-48 78 -35 173t81 163l511 511q71 72 111 96q91 55 198 55q80 0 152 -33q78 -36 129.5 -103t66.5 -154q17 -93 -11 -183.5t-94 -156.5l-482 -476 q-15 -15 -36 -16t-37 14t-17.5 34t14.5 35z" />
<glyph unicode="&#xe143;" d="M649 949q48 68 109.5 104t121.5 38.5t118.5 -20t102.5 -64t71 -100.5t27 -123q0 -57 -33.5 -117.5t-94 -124.5t-126.5 -127.5t-150 -152.5t-146 -174q-62 85 -145.5 174t-150 152.5t-126.5 127.5t-93.5 124.5t-33.5 117.5q0 64 28 123t73 100.5t104 64t119 20 t120.5 -38.5t104.5 -104zM896 972q-33 0 -64.5 -19t-56.5 -46t-47.5 -53.5t-43.5 -45.5t-37.5 -19t-36 19t-40 45.5t-43 53.5t-54 46t-65.5 19q-67 0 -122.5 -55.5t-55.5 -132.5q0 -23 13.5 -51t46 -65t57.5 -63t76 -75l22 -22q15 -14 44 -44t50.5 -51t46 -44t41 -35t23 -12 t23.5 12t42.5 36t46 44t52.5 52t44 43q4 4 12 13q43 41 63.5 62t52 55t46 55t26 46t11.5 44q0 79 -53 133.5t-120 54.5z" />
<glyph unicode="&#xe144;" d="M776.5 1214q93.5 0 159.5 -66l141 -141q66 -66 66 -160q0 -42 -28 -95.5t-62 -87.5l-29 -29q-31 53 -77 99l-18 18l95 95l-247 248l-389 -389l212 -212l-105 -106l-19 18l-141 141q-66 66 -66 159t66 159l283 283q65 66 158.5 66zM600 706l105 105q10 -8 19 -17l141 -141 q66 -66 66 -159t-66 -159l-283 -283q-66 -66 -159 -66t-159 66l-141 141q-66 66 -66 159.5t66 159.5l55 55q29 -55 75 -102l18 -17l-95 -95l247 -248l389 389z" />
<glyph unicode="&#xe145;" d="M603 1200q85 0 162 -15t127 -38t79 -48t29 -46v-953q0 -41 -29.5 -70.5t-70.5 -29.5h-600q-41 0 -70.5 29.5t-29.5 70.5v953q0 21 30 46.5t81 48t129 37.5t163 15zM300 1000v-700h600v700h-600zM600 254q-43 0 -73.5 -30.5t-30.5 -73.5t30.5 -73.5t73.5 -30.5t73.5 30.5 t30.5 73.5t-30.5 73.5t-73.5 30.5z" />
<glyph unicode="&#xe146;" d="M902 1185l283 -282q15 -15 15 -36t-14.5 -35.5t-35.5 -14.5t-35 15l-36 35l-279 -267v-300l-212 210l-308 -307l-280 -203l203 280l307 308l-210 212h300l267 279l-35 36q-15 14 -15 35t14.5 35.5t35.5 14.5t35 -15z" />
<glyph unicode="&#xe148;" d="M700 1248v-78q38 -5 72.5 -14.5t75.5 -31.5t71 -53.5t52 -84t24 -118.5h-159q-4 36 -10.5 59t-21 45t-40 35.5t-64.5 20.5v-307l64 -13q34 -7 64 -16.5t70 -32t67.5 -52.5t47.5 -80t20 -112q0 -139 -89 -224t-244 -97v-77h-100v79q-150 16 -237 103q-40 40 -52.5 93.5 t-15.5 139.5h139q5 -77 48.5 -126t117.5 -65v335l-27 8q-46 14 -79 26.5t-72 36t-63 52t-40 72.5t-16 98q0 70 25 126t67.5 92t94.5 57t110 27v77h100zM600 754v274q-29 -4 -50 -11t-42 -21.5t-31.5 -41.5t-10.5 -65q0 -29 7 -50.5t16.5 -34t28.5 -22.5t31.5 -14t37.5 -10 q9 -3 13 -4zM700 547v-310q22 2 42.5 6.5t45 15.5t41.5 27t29 42t12 59.5t-12.5 59.5t-38 44.5t-53 31t-66.5 24.5z" />
<glyph unicode="&#xe149;" d="M561 1197q84 0 160.5 -40t123.5 -109.5t47 -147.5h-153q0 40 -19.5 71.5t-49.5 48.5t-59.5 26t-55.5 9q-37 0 -79 -14.5t-62 -35.5q-41 -44 -41 -101q0 -26 13.5 -63t26.5 -61t37 -66q6 -9 9 -14h241v-100h-197q8 -50 -2.5 -115t-31.5 -95q-45 -62 -99 -112 q34 10 83 17.5t71 7.5q32 1 102 -16t104 -17q83 0 136 30l50 -147q-31 -19 -58 -30.5t-55 -15.5t-42 -4.5t-46 -0.5q-23 0 -76 17t-111 32.5t-96 11.5q-39 -3 -82 -16t-67 -25l-23 -11l-55 145q4 3 16 11t15.5 10.5t13 9t15.5 12t14.5 14t17.5 18.5q48 55 54 126.5 t-30 142.5h-221v100h166q-23 47 -44 104q-7 20 -12 41.5t-6 55.5t6 66.5t29.5 70.5t58.5 71q97 88 263 88z" />
<glyph unicode="&#xe150;" d="M400 300h150q21 0 25 -11t-10 -25l-230 -250q-14 -15 -35 -15t-35 15l-230 250q-14 14 -10 25t25 11h150v900h200v-900zM935 1184l230 -249q14 -14 10 -24.5t-25 -10.5h-150v-900h-200v900h-150q-21 0 -25 10.5t10 24.5l230 249q14 15 35 15t35 -15z" />
<glyph unicode="&#xe151;" d="M1000 700h-100v100h-100v-100h-100v500h300v-500zM400 300h150q21 0 25 -11t-10 -25l-230 -250q-14 -15 -35 -15t-35 15l-230 250q-14 14 -10 25t25 11h150v900h200v-900zM801 1100v-200h100v200h-100zM1000 350l-200 -250h200v-100h-300v150l200 250h-200v100h300v-150z " />
<glyph unicode="&#xe152;" d="M400 300h150q21 0 25 -11t-10 -25l-230 -250q-14 -15 -35 -15t-35 15l-230 250q-14 14 -10 25t25 11h150v900h200v-900zM1000 1050l-200 -250h200v-100h-300v150l200 250h-200v100h300v-150zM1000 0h-100v100h-100v-100h-100v500h300v-500zM801 400v-200h100v200h-100z " />
<glyph unicode="&#xe153;" d="M400 300h150q21 0 25 -11t-10 -25l-230 -250q-14 -15 -35 -15t-35 15l-230 250q-14 14 -10 25t25 11h150v900h200v-900zM1000 700h-100v400h-100v100h200v-500zM1100 0h-100v100h-200v400h300v-500zM901 400v-200h100v200h-100z" />
<glyph unicode="&#xe154;" d="M400 300h150q21 0 25 -11t-10 -25l-230 -250q-14 -15 -35 -15t-35 15l-230 250q-14 14 -10 25t25 11h150v900h200v-900zM1100 700h-100v100h-200v400h300v-500zM901 1100v-200h100v200h-100zM1000 0h-100v400h-100v100h200v-500z" />
<glyph unicode="&#xe155;" d="M400 300h150q21 0 25 -11t-10 -25l-230 -250q-14 -15 -35 -15t-35 15l-230 250q-14 14 -10 25t25 11h150v900h200v-900zM900 1000h-200v200h200v-200zM1000 700h-300v200h300v-200zM1100 400h-400v200h400v-200zM1200 100h-500v200h500v-200z" />
<glyph unicode="&#xe156;" d="M400 300h150q21 0 25 -11t-10 -25l-230 -250q-14 -15 -35 -15t-35 15l-230 250q-14 14 -10 25t25 11h150v900h200v-900zM1200 1000h-500v200h500v-200zM1100 700h-400v200h400v-200zM1000 400h-300v200h300v-200zM900 100h-200v200h200v-200z" />
<glyph unicode="&#xe157;" d="M350 1100h400q162 0 256 -93.5t94 -256.5v-400q0 -165 -93.5 -257.5t-256.5 -92.5h-400q-165 0 -257.5 92.5t-92.5 257.5v400q0 165 92.5 257.5t257.5 92.5zM800 900h-500q-41 0 -70.5 -29.5t-29.5 -70.5v-500q0 -41 29.5 -70.5t70.5 -29.5h500q41 0 70.5 29.5t29.5 70.5 v500q0 41 -29.5 70.5t-70.5 29.5z" />
<glyph unicode="&#xe158;" d="M350 1100h400q165 0 257.5 -92.5t92.5 -257.5v-400q0 -165 -92.5 -257.5t-257.5 -92.5h-400q-163 0 -256.5 92.5t-93.5 257.5v400q0 163 94 256.5t256 93.5zM800 900h-500q-41 0 -70.5 -29.5t-29.5 -70.5v-500q0 -41 29.5 -70.5t70.5 -29.5h500q41 0 70.5 29.5t29.5 70.5 v500q0 41 -29.5 70.5t-70.5 29.5zM440 770l253 -190q17 -12 17 -30t-17 -30l-253 -190q-16 -12 -28 -6.5t-12 26.5v400q0 21 12 26.5t28 -6.5z" />
<glyph unicode="&#xe159;" d="M350 1100h400q163 0 256.5 -94t93.5 -256v-400q0 -165 -92.5 -257.5t-257.5 -92.5h-400q-165 0 -257.5 92.5t-92.5 257.5v400q0 163 92.5 256.5t257.5 93.5zM800 900h-500q-41 0 -70.5 -29.5t-29.5 -70.5v-500q0 -41 29.5 -70.5t70.5 -29.5h500q41 0 70.5 29.5t29.5 70.5 v500q0 41 -29.5 70.5t-70.5 29.5zM350 700h400q21 0 26.5 -12t-6.5 -28l-190 -253q-12 -17 -30 -17t-30 17l-190 253q-12 16 -6.5 28t26.5 12z" />
<glyph unicode="&#xe160;" d="M350 1100h400q165 0 257.5 -92.5t92.5 -257.5v-400q0 -163 -92.5 -256.5t-257.5 -93.5h-400q-163 0 -256.5 94t-93.5 256v400q0 165 92.5 257.5t257.5 92.5zM800 900h-500q-41 0 -70.5 -29.5t-29.5 -70.5v-500q0 -41 29.5 -70.5t70.5 -29.5h500q41 0 70.5 29.5t29.5 70.5 v500q0 41 -29.5 70.5t-70.5 29.5zM580 693l190 -253q12 -16 6.5 -28t-26.5 -12h-400q-21 0 -26.5 12t6.5 28l190 253q12 17 30 17t30 -17z" />
<glyph unicode="&#xe161;" d="M550 1100h400q165 0 257.5 -92.5t92.5 -257.5v-400q0 -165 -92.5 -257.5t-257.5 -92.5h-400q-21 0 -35.5 14.5t-14.5 35.5v100q0 21 14.5 35.5t35.5 14.5h450q41 0 70.5 29.5t29.5 70.5v500q0 41 -29.5 70.5t-70.5 29.5h-450q-21 0 -35.5 14.5t-14.5 35.5v100 q0 21 14.5 35.5t35.5 14.5zM338 867l324 -284q16 -14 16 -33t-16 -33l-324 -284q-16 -14 -27 -9t-11 26v150h-250q-21 0 -35.5 14.5t-14.5 35.5v200q0 21 14.5 35.5t35.5 14.5h250v150q0 21 11 26t27 -9z" />
<glyph unicode="&#xe162;" d="M793 1182l9 -9q8 -10 5 -27q-3 -11 -79 -225.5t-78 -221.5l300 1q24 0 32.5 -17.5t-5.5 -35.5q-1 0 -133.5 -155t-267 -312.5t-138.5 -162.5q-12 -15 -26 -15h-9l-9 8q-9 11 -4 32q2 9 42 123.5t79 224.5l39 110h-302q-23 0 -31 19q-10 21 6 41q75 86 209.5 237.5 t228 257t98.5 111.5q9 16 25 16h9z" />
<glyph unicode="&#xe163;" d="M350 1100h400q21 0 35.5 -14.5t14.5 -35.5v-100q0 -21 -14.5 -35.5t-35.5 -14.5h-450q-41 0 -70.5 -29.5t-29.5 -70.5v-500q0 -41 29.5 -70.5t70.5 -29.5h450q21 0 35.5 -14.5t14.5 -35.5v-100q0 -21 -14.5 -35.5t-35.5 -14.5h-400q-165 0 -257.5 92.5t-92.5 257.5v400 q0 165 92.5 257.5t257.5 92.5zM938 867l324 -284q16 -14 16 -33t-16 -33l-324 -284q-16 -14 -27 -9t-11 26v150h-250q-21 0 -35.5 14.5t-14.5 35.5v200q0 21 14.5 35.5t35.5 14.5h250v150q0 21 11 26t27 -9z" />
<glyph unicode="&#xe164;" d="M750 1200h400q21 0 35.5 -14.5t14.5 -35.5v-400q0 -21 -10.5 -25t-24.5 10l-109 109l-312 -312q-15 -15 -35.5 -15t-35.5 15l-141 141q-15 15 -15 35.5t15 35.5l312 312l-109 109q-14 14 -10 24.5t25 10.5zM456 900h-156q-41 0 -70.5 -29.5t-29.5 -70.5v-500 q0 -41 29.5 -70.5t70.5 -29.5h500q41 0 70.5 29.5t29.5 70.5v148l200 200v-298q0 -165 -93.5 -257.5t-256.5 -92.5h-400q-165 0 -257.5 92.5t-92.5 257.5v400q0 165 92.5 257.5t257.5 92.5h300z" />
<glyph unicode="&#xe165;" d="M600 1186q119 0 227.5 -46.5t187 -125t125 -187t46.5 -227.5t-46.5 -227.5t-125 -187t-187 -125t-227.5 -46.5t-227.5 46.5t-187 125t-125 187t-46.5 227.5t46.5 227.5t125 187t187 125t227.5 46.5zM600 1022q-115 0 -212 -56.5t-153.5 -153.5t-56.5 -212t56.5 -212 t153.5 -153.5t212 -56.5t212 56.5t153.5 153.5t56.5 212t-56.5 212t-153.5 153.5t-212 56.5zM600 794q80 0 137 -57t57 -137t-57 -137t-137 -57t-137 57t-57 137t57 137t137 57z" />
<glyph unicode="&#xe166;" d="M450 1200h200q21 0 35.5 -14.5t14.5 -35.5v-350h245q20 0 25 -11t-9 -26l-383 -426q-14 -15 -33.5 -15t-32.5 15l-379 426q-13 15 -8.5 26t25.5 11h250v350q0 21 14.5 35.5t35.5 14.5zM50 300h1000q21 0 35.5 -14.5t14.5 -35.5v-250h-1100v250q0 21 14.5 35.5t35.5 14.5z M900 200v-50h100v50h-100z" />
<glyph unicode="&#xe167;" d="M583 1182l378 -435q14 -15 9 -31t-26 -16h-244v-250q0 -20 -17 -35t-39 -15h-200q-20 0 -32 14.5t-12 35.5v250h-250q-20 0 -25.5 16.5t8.5 31.5l383 431q14 16 33.5 17t33.5 -14zM50 300h1000q21 0 35.5 -14.5t14.5 -35.5v-250h-1100v250q0 21 14.5 35.5t35.5 14.5z M900 200v-50h100v50h-100z" />
<glyph unicode="&#xe168;" d="M396 723l369 369q7 7 17.5 7t17.5 -7l139 -139q7 -8 7 -18.5t-7 -17.5l-525 -525q-7 -8 -17.5 -8t-17.5 8l-292 291q-7 8 -7 18t7 18l139 139q8 7 18.5 7t17.5 -7zM50 300h1000q21 0 35.5 -14.5t14.5 -35.5v-250h-1100v250q0 21 14.5 35.5t35.5 14.5zM900 200v-50h100v50 h-100z" />
<glyph unicode="&#xe169;" d="M135 1023l142 142q14 14 35 14t35 -14l77 -77l-212 -212l-77 76q-14 15 -14 36t14 35zM655 855l210 210q14 14 24.5 10t10.5 -25l-2 -599q-1 -20 -15.5 -35t-35.5 -15l-597 -1q-21 0 -25 10.5t10 24.5l208 208l-154 155l212 212zM50 300h1000q21 0 35.5 -14.5t14.5 -35.5 v-250h-1100v250q0 21 14.5 35.5t35.5 14.5zM900 200v-50h100v50h-100z" />
<glyph unicode="&#xe170;" d="M350 1200l599 -2q20 -1 35 -15.5t15 -35.5l1 -597q0 -21 -10.5 -25t-24.5 10l-208 208l-155 -154l-212 212l155 154l-210 210q-14 14 -10 24.5t25 10.5zM524 512l-76 -77q-15 -14 -36 -14t-35 14l-142 142q-14 14 -14 35t14 35l77 77zM50 300h1000q21 0 35.5 -14.5 t14.5 -35.5v-250h-1100v250q0 21 14.5 35.5t35.5 14.5zM900 200v-50h100v50h-100z" />
<glyph unicode="&#xe171;" d="M1200 103l-483 276l-314 -399v423h-399l1196 796v-1096zM483 424v-230l683 953z" />
<glyph unicode="&#xe172;" d="M1100 1000v-850q0 -21 -14.5 -35.5t-35.5 -14.5h-150v400h-700v-400h-150q-21 0 -35.5 14.5t-14.5 35.5v1000q0 20 14.5 35t35.5 15h250v-300h500v300h100zM700 1000h-100v200h100v-200z" />
<glyph unicode="&#xe173;" d="M1100 1000l-2 -149l-299 -299l-95 95q-9 9 -21.5 9t-21.5 -9l-149 -147h-312v-400h-150q-21 0 -35.5 14.5t-14.5 35.5v1000q0 20 14.5 35t35.5 15h250v-300h500v300h100zM700 1000h-100v200h100v-200zM1132 638l106 -106q7 -7 7 -17.5t-7 -17.5l-420 -421q-8 -7 -18 -7 t-18 7l-202 203q-8 7 -8 17.5t8 17.5l106 106q7 8 17.5 8t17.5 -8l79 -79l297 297q7 7 17.5 7t17.5 -7z" />
<glyph unicode="&#xe174;" d="M1100 1000v-269l-103 -103l-134 134q-15 15 -33.5 16.5t-34.5 -12.5l-266 -266h-329v-400h-150q-21 0 -35.5 14.5t-14.5 35.5v1000q0 20 14.5 35t35.5 15h250v-300h500v300h100zM700 1000h-100v200h100v-200zM1202 572l70 -70q15 -15 15 -35.5t-15 -35.5l-131 -131 l131 -131q15 -15 15 -35.5t-15 -35.5l-70 -70q-15 -15 -35.5 -15t-35.5 15l-131 131l-131 -131q-15 -15 -35.5 -15t-35.5 15l-70 70q-15 15 -15 35.5t15 35.5l131 131l-131 131q-15 15 -15 35.5t15 35.5l70 70q15 15 35.5 15t35.5 -15l131 -131l131 131q15 15 35.5 15 t35.5 -15z" />
<glyph unicode="&#xe175;" d="M1100 1000v-300h-350q-21 0 -35.5 -14.5t-14.5 -35.5v-150h-500v-400h-150q-21 0 -35.5 14.5t-14.5 35.5v1000q0 20 14.5 35t35.5 15h250v-300h500v300h100zM700 1000h-100v200h100v-200zM850 600h100q21 0 35.5 -14.5t14.5 -35.5v-250h150q21 0 25 -10.5t-10 -24.5 l-230 -230q-14 -14 -35 -14t-35 14l-230 230q-14 14 -10 24.5t25 10.5h150v250q0 21 14.5 35.5t35.5 14.5z" />
<glyph unicode="&#xe176;" d="M1100 1000v-400l-165 165q-14 15 -35 15t-35 -15l-263 -265h-402v-400h-150q-21 0 -35.5 14.5t-14.5 35.5v1000q0 20 14.5 35t35.5 15h250v-300h500v300h100zM700 1000h-100v200h100v-200zM935 565l230 -229q14 -15 10 -25.5t-25 -10.5h-150v-250q0 -20 -14.5 -35 t-35.5 -15h-100q-21 0 -35.5 15t-14.5 35v250h-150q-21 0 -25 10.5t10 25.5l230 229q14 15 35 15t35 -15z" />
<glyph unicode="&#xe177;" d="M50 1100h1100q21 0 35.5 -14.5t14.5 -35.5v-150h-1200v150q0 21 14.5 35.5t35.5 14.5zM1200 800v-550q0 -21 -14.5 -35.5t-35.5 -14.5h-1100q-21 0 -35.5 14.5t-14.5 35.5v550h1200zM100 500v-200h400v200h-400z" />
<glyph unicode="&#xe178;" d="M935 1165l248 -230q14 -14 14 -35t-14 -35l-248 -230q-14 -14 -24.5 -10t-10.5 25v150h-400v200h400v150q0 21 10.5 25t24.5 -10zM200 800h-50q-21 0 -35.5 14.5t-14.5 35.5v100q0 21 14.5 35.5t35.5 14.5h50v-200zM400 800h-100v200h100v-200zM18 435l247 230 q14 14 24.5 10t10.5 -25v-150h400v-200h-400v-150q0 -21 -10.5 -25t-24.5 10l-247 230q-15 14 -15 35t15 35zM900 300h-100v200h100v-200zM1000 500h51q20 0 34.5 -14.5t14.5 -35.5v-100q0 -21 -14.5 -35.5t-34.5 -14.5h-51v200z" />
<glyph unicode="&#xe179;" d="M862 1073l276 116q25 18 43.5 8t18.5 -41v-1106q0 -21 -14.5 -35.5t-35.5 -14.5h-200q-21 0 -35.5 14.5t-14.5 35.5v397q-4 1 -11 5t-24 17.5t-30 29t-24 42t-11 56.5v359q0 31 18.5 65t43.5 52zM550 1200q22 0 34.5 -12.5t14.5 -24.5l1 -13v-450q0 -28 -10.5 -59.5 t-25 -56t-29 -45t-25.5 -31.5l-10 -11v-447q0 -21 -14.5 -35.5t-35.5 -14.5h-200q-21 0 -35.5 14.5t-14.5 35.5v447q-4 4 -11 11.5t-24 30.5t-30 46t-24 55t-11 60v450q0 2 0.5 5.5t4 12t8.5 15t14.5 12t22.5 5.5q20 0 32.5 -12.5t14.5 -24.5l3 -13v-350h100v350v5.5t2.5 12 t7 15t15 12t25.5 5.5q23 0 35.5 -12.5t13.5 -24.5l1 -13v-350h100v350q0 2 0.5 5.5t3 12t7 15t15 12t24.5 5.5z" />
<glyph unicode="&#xe180;" d="M1200 1100v-56q-4 0 -11 -0.5t-24 -3t-30 -7.5t-24 -15t-11 -24v-888q0 -22 25 -34.5t50 -13.5l25 -2v-56h-400v56q75 0 87.5 6.5t12.5 43.5v394h-500v-394q0 -37 12.5 -43.5t87.5 -6.5v-56h-400v56q4 0 11 0.5t24 3t30 7.5t24 15t11 24v888q0 22 -25 34.5t-50 13.5 l-25 2v56h400v-56q-75 0 -87.5 -6.5t-12.5 -43.5v-394h500v394q0 37 -12.5 43.5t-87.5 6.5v56h400z" />
<glyph unicode="&#xe181;" d="M675 1000h375q21 0 35.5 -14.5t14.5 -35.5v-150h-105l-295 -98v98l-200 200h-400l100 100h375zM100 900h300q41 0 70.5 -29.5t29.5 -70.5v-500q0 -41 -29.5 -70.5t-70.5 -29.5h-300q-41 0 -70.5 29.5t-29.5 70.5v500q0 41 29.5 70.5t70.5 29.5zM100 800v-200h300v200 h-300zM1100 535l-400 -133v163l400 133v-163zM100 500v-200h300v200h-300zM1100 398v-248q0 -21 -14.5 -35.5t-35.5 -14.5h-375l-100 -100h-375l-100 100h400l200 200h105z" />
<glyph unicode="&#xe182;" d="M17 1007l162 162q17 17 40 14t37 -22l139 -194q14 -20 11 -44.5t-20 -41.5l-119 -118q102 -142 228 -268t267 -227l119 118q17 17 42.5 19t44.5 -12l192 -136q19 -14 22.5 -37.5t-13.5 -40.5l-163 -162q-3 -1 -9.5 -1t-29.5 2t-47.5 6t-62.5 14.5t-77.5 26.5t-90 42.5 t-101.5 60t-111 83t-119 108.5q-74 74 -133.5 150.5t-94.5 138.5t-60 119.5t-34.5 100t-15 74.5t-4.5 48z" />
<glyph unicode="&#xe183;" d="M600 1100q92 0 175 -10.5t141.5 -27t108.5 -36.5t81.5 -40t53.5 -37t31 -27l9 -10v-200q0 -21 -14.5 -33t-34.5 -9l-202 34q-20 3 -34.5 20t-14.5 38v146q-141 24 -300 24t-300 -24v-146q0 -21 -14.5 -38t-34.5 -20l-202 -34q-20 -3 -34.5 9t-14.5 33v200q3 4 9.5 10.5 t31 26t54 37.5t80.5 39.5t109 37.5t141 26.5t175 10.5zM600 795q56 0 97 -9.5t60 -23.5t30 -28t12 -24l1 -10v-50l365 -303q14 -15 24.5 -40t10.5 -45v-212q0 -21 -14.5 -35.5t-35.5 -14.5h-1100q-21 0 -35.5 14.5t-14.5 35.5v212q0 20 10.5 45t24.5 40l365 303v50 q0 4 1 10.5t12 23t30 29t60 22.5t97 10z" />
<glyph unicode="&#xe184;" d="M1100 700l-200 -200h-600l-200 200v500h200v-200h200v200h200v-200h200v200h200v-500zM250 400h700q21 0 35.5 -14.5t14.5 -35.5t-14.5 -35.5t-35.5 -14.5h-12l137 -100h-950l137 100h-12q-21 0 -35.5 14.5t-14.5 35.5t14.5 35.5t35.5 14.5zM50 100h1100q21 0 35.5 -14.5 t14.5 -35.5v-50h-1200v50q0 21 14.5 35.5t35.5 14.5z" />
<glyph unicode="&#xe185;" d="M700 1100h-100q-41 0 -70.5 -29.5t-29.5 -70.5v-1000h300v1000q0 41 -29.5 70.5t-70.5 29.5zM1100 800h-100q-41 0 -70.5 -29.5t-29.5 -70.5v-700h300v700q0 41 -29.5 70.5t-70.5 29.5zM400 0h-300v400q0 41 29.5 70.5t70.5 29.5h100q41 0 70.5 -29.5t29.5 -70.5v-400z " />
<glyph unicode="&#xe186;" d="M200 1100h700q124 0 212 -88t88 -212v-500q0 -124 -88 -212t-212 -88h-700q-124 0 -212 88t-88 212v500q0 124 88 212t212 88zM100 900v-700h900v700h-900zM500 700h-200v-100h200v-300h-300v100h200v100h-200v300h300v-100zM900 700v-300l-100 -100h-200v500h200z M700 700v-300h100v300h-100z" />
<glyph unicode="&#xe187;" d="M200 1100h700q124 0 212 -88t88 -212v-500q0 -124 -88 -212t-212 -88h-700q-124 0 -212 88t-88 212v500q0 124 88 212t212 88zM100 900v-700h900v700h-900zM500 300h-100v200h-100v-200h-100v500h100v-200h100v200h100v-500zM900 700v-300l-100 -100h-200v500h200z M700 700v-300h100v300h-100z" />
<glyph unicode="&#xe188;" d="M200 1100h700q124 0 212 -88t88 -212v-500q0 -124 -88 -212t-212 -88h-700q-124 0 -212 88t-88 212v500q0 124 88 212t212 88zM100 900v-700h900v700h-900zM500 700h-200v-300h200v-100h-300v500h300v-100zM900 700h-200v-300h200v-100h-300v500h300v-100z" />
<glyph unicode="&#xe189;" d="M200 1100h700q124 0 212 -88t88 -212v-500q0 -124 -88 -212t-212 -88h-700q-124 0 -212 88t-88 212v500q0 124 88 212t212 88zM100 900v-700h900v700h-900zM500 400l-300 150l300 150v-300zM900 550l-300 -150v300z" />
<glyph unicode="&#xe190;" d="M200 1100h700q124 0 212 -88t88 -212v-500q0 -124 -88 -212t-212 -88h-700q-124 0 -212 88t-88 212v500q0 124 88 212t212 88zM100 900v-700h900v700h-900zM900 300h-700v500h700v-500zM800 700h-130q-38 0 -66.5 -43t-28.5 -108t27 -107t68 -42h130v300zM300 700v-300 h130q41 0 68 42t27 107t-28.5 108t-66.5 43h-130z" />
<glyph unicode="&#xe191;" d="M200 1100h700q124 0 212 -88t88 -212v-500q0 -124 -88 -212t-212 -88h-700q-124 0 -212 88t-88 212v500q0 124 88 212t212 88zM100 900v-700h900v700h-900zM500 700h-200v-100h200v-300h-300v100h200v100h-200v300h300v-100zM900 300h-100v400h-100v100h200v-500z M700 300h-100v100h100v-100z" />
<glyph unicode="&#xe192;" d="M200 1100h700q124 0 212 -88t88 -212v-500q0 -124 -88 -212t-212 -88h-700q-124 0 -212 88t-88 212v500q0 124 88 212t212 88zM100 900v-700h900v700h-900zM300 700h200v-400h-300v500h100v-100zM900 300h-100v400h-100v100h200v-500zM300 600v-200h100v200h-100z M700 300h-100v100h100v-100z" />
<glyph unicode="&#xe193;" d="M200 1100h700q124 0 212 -88t88 -212v-500q0 -124 -88 -212t-212 -88h-700q-124 0 -212 88t-88 212v500q0 124 88 212t212 88zM100 900v-700h900v700h-900zM500 500l-199 -200h-100v50l199 200v150h-200v100h300v-300zM900 300h-100v400h-100v100h200v-500zM701 300h-100 v100h100v-100z" />
<glyph unicode="&#xe194;" d="M600 1191q120 0 229.5 -47t188.5 -126t126 -188.5t47 -229.5t-47 -229.5t-126 -188.5t-188.5 -126t-229.5 -47t-229.5 47t-188.5 126t-126 188.5t-47 229.5t47 229.5t126 188.5t188.5 126t229.5 47zM600 1021q-114 0 -211 -56.5t-153.5 -153.5t-56.5 -211t56.5 -211 t153.5 -153.5t211 -56.5t211 56.5t153.5 153.5t56.5 211t-56.5 211t-153.5 153.5t-211 56.5zM800 700h-300v-200h300v-100h-300l-100 100v200l100 100h300v-100z" />
<glyph unicode="&#xe195;" d="M600 1191q120 0 229.5 -47t188.5 -126t126 -188.5t47 -229.5t-47 -229.5t-126 -188.5t-188.5 -126t-229.5 -47t-229.5 47t-188.5 126t-126 188.5t-47 229.5t47 229.5t126 188.5t188.5 126t229.5 47zM600 1021q-114 0 -211 -56.5t-153.5 -153.5t-56.5 -211t56.5 -211 t153.5 -153.5t211 -56.5t211 56.5t153.5 153.5t56.5 211t-56.5 211t-153.5 153.5t-211 56.5zM800 700v-100l-50 -50l100 -100v-50h-100l-100 100h-150v-100h-100v400h300zM500 700v-100h200v100h-200z" />
<glyph unicode="&#xe197;" d="M503 1089q110 0 200.5 -59.5t134.5 -156.5q44 14 90 14q120 0 205 -86.5t85 -207t-85 -207t-205 -86.5h-128v250q0 21 -14.5 35.5t-35.5 14.5h-300q-21 0 -35.5 -14.5t-14.5 -35.5v-250h-222q-80 0 -136 57.5t-56 136.5q0 69 43 122.5t108 67.5q-2 19 -2 37q0 100 49 185 t134 134t185 49zM525 500h150q10 0 17.5 -7.5t7.5 -17.5v-275h137q21 0 26 -11.5t-8 -27.5l-223 -244q-13 -16 -32 -16t-32 16l-223 244q-13 16 -8 27.5t26 11.5h137v275q0 10 7.5 17.5t17.5 7.5z" />
<glyph unicode="&#xe198;" d="M502 1089q110 0 201 -59.5t135 -156.5q43 15 89 15q121 0 206 -86.5t86 -206.5q0 -99 -60 -181t-150 -110l-378 360q-13 16 -31.5 16t-31.5 -16l-381 -365h-9q-79 0 -135.5 57.5t-56.5 136.5q0 69 43 122.5t108 67.5q-2 19 -2 38q0 100 49 184.5t133.5 134t184.5 49.5z M632 467l223 -228q13 -16 8 -27.5t-26 -11.5h-137v-275q0 -10 -7.5 -17.5t-17.5 -7.5h-150q-10 0 -17.5 7.5t-7.5 17.5v275h-137q-21 0 -26 11.5t8 27.5q199 204 223 228q19 19 31.5 19t32.5 -19z" />
<glyph unicode="&#xe199;" d="M700 100v100h400l-270 300h170l-270 300h170l-300 333l-300 -333h170l-270 -300h170l-270 -300h400v-100h-50q-21 0 -35.5 -14.5t-14.5 -35.5v-50h400v50q0 21 -14.5 35.5t-35.5 14.5h-50z" />
<glyph unicode="&#xe200;" d="M600 1179q94 0 167.5 -56.5t99.5 -145.5q89 -6 150.5 -71.5t61.5 -155.5q0 -61 -29.5 -112.5t-79.5 -82.5q9 -29 9 -55q0 -74 -52.5 -126.5t-126.5 -52.5q-55 0 -100 30v-251q21 0 35.5 -14.5t14.5 -35.5v-50h-300v50q0 21 14.5 35.5t35.5 14.5v251q-45 -30 -100 -30 q-74 0 -126.5 52.5t-52.5 126.5q0 18 4 38q-47 21 -75.5 65t-28.5 97q0 74 52.5 126.5t126.5 52.5q5 0 23 -2q0 2 -1 10t-1 13q0 116 81.5 197.5t197.5 81.5z" />
<glyph unicode="&#xe201;" d="M1010 1010q111 -111 150.5 -260.5t0 -299t-150.5 -260.5q-83 -83 -191.5 -126.5t-218.5 -43.5t-218.5 43.5t-191.5 126.5q-111 111 -150.5 260.5t0 299t150.5 260.5q83 83 191.5 126.5t218.5 43.5t218.5 -43.5t191.5 -126.5zM476 1065q-4 0 -8 -1q-121 -34 -209.5 -122.5 t-122.5 -209.5q-4 -12 2.5 -23t18.5 -14l36 -9q3 -1 7 -1q23 0 29 22q27 96 98 166q70 71 166 98q11 3 17.5 13.5t3.5 22.5l-9 35q-3 13 -14 19q-7 4 -15 4zM512 920q-4 0 -9 -2q-80 -24 -138.5 -82.5t-82.5 -138.5q-4 -13 2 -24t19 -14l34 -9q4 -1 8 -1q22 0 28 21 q18 58 58.5 98.5t97.5 58.5q12 3 18 13.5t3 21.5l-9 35q-3 12 -14 19q-7 4 -15 4zM719.5 719.5q-49.5 49.5 -119.5 49.5t-119.5 -49.5t-49.5 -119.5t49.5 -119.5t119.5 -49.5t119.5 49.5t49.5 119.5t-49.5 119.5zM855 551q-22 0 -28 -21q-18 -58 -58.5 -98.5t-98.5 -57.5 q-11 -4 -17 -14.5t-3 -21.5l9 -35q3 -12 14 -19q7 -4 15 -4q4 0 9 2q80 24 138.5 82.5t82.5 138.5q4 13 -2.5 24t-18.5 14l-34 9q-4 1 -8 1zM1000 515q-23 0 -29 -22q-27 -96 -98 -166q-70 -71 -166 -98q-11 -3 -17.5 -13.5t-3.5 -22.5l9 -35q3 -13 14 -19q7 -4 15 -4 q4 0 8 1q121 34 209.5 122.5t122.5 209.5q4 12 -2.5 23t-18.5 14l-36 9q-3 1 -7 1z" />
<glyph unicode="&#xe202;" d="M700 800h300v-380h-180v200h-340v-200h-380v755q0 10 7.5 17.5t17.5 7.5h575v-400zM1000 900h-200v200zM700 300h162l-212 -212l-212 212h162v200h100v-200zM520 0h-395q-10 0 -17.5 7.5t-7.5 17.5v395zM1000 220v-195q0 -10 -7.5 -17.5t-17.5 -7.5h-195z" />
<glyph unicode="&#xe203;" d="M700 800h300v-520l-350 350l-550 -550v1095q0 10 7.5 17.5t17.5 7.5h575v-400zM1000 900h-200v200zM862 200h-162v-200h-100v200h-162l212 212zM480 0h-355q-10 0 -17.5 7.5t-7.5 17.5v55h380v-80zM1000 80v-55q0 -10 -7.5 -17.5t-17.5 -7.5h-155v80h180z" />
<glyph unicode="&#xe204;" d="M1162 800h-162v-200h100l100 -100h-300v300h-162l212 212zM200 800h200q27 0 40 -2t29.5 -10.5t23.5 -30t7 -57.5h300v-100h-600l-200 -350v450h100q0 36 7 57.5t23.5 30t29.5 10.5t40 2zM800 400h240l-240 -400h-800l300 500h500v-100z" />
<glyph unicode="&#xe205;" d="M650 1100h100q21 0 35.5 -14.5t14.5 -35.5v-50h50q21 0 35.5 -14.5t14.5 -35.5v-100q0 -21 -14.5 -35.5t-35.5 -14.5h-300q-21 0 -35.5 14.5t-14.5 35.5v100q0 21 14.5 35.5t35.5 14.5h50v50q0 21 14.5 35.5t35.5 14.5zM1000 850v150q41 0 70.5 -29.5t29.5 -70.5v-800 q0 -41 -29.5 -70.5t-70.5 -29.5h-600q-1 0 -20 4l246 246l-326 326v324q0 41 29.5 70.5t70.5 29.5v-150q0 -62 44 -106t106 -44h300q62 0 106 44t44 106zM412 250l-212 -212v162h-200v100h200v162z" />
<glyph unicode="&#xe206;" d="M450 1100h100q21 0 35.5 -14.5t14.5 -35.5v-50h50q21 0 35.5 -14.5t14.5 -35.5v-100q0 -21 -14.5 -35.5t-35.5 -14.5h-300q-21 0 -35.5 14.5t-14.5 35.5v100q0 21 14.5 35.5t35.5 14.5h50v50q0 21 14.5 35.5t35.5 14.5zM800 850v150q41 0 70.5 -29.5t29.5 -70.5v-500 h-200v-300h200q0 -36 -7 -57.5t-23.5 -30t-29.5 -10.5t-40 -2h-600q-41 0 -70.5 29.5t-29.5 70.5v800q0 41 29.5 70.5t70.5 29.5v-150q0 -62 44 -106t106 -44h300q62 0 106 44t44 106zM1212 250l-212 -212v162h-200v100h200v162z" />
<glyph unicode="&#xe209;" d="M658 1197l637 -1104q23 -38 7 -65.5t-60 -27.5h-1276q-44 0 -60 27.5t7 65.5l637 1104q22 39 54 39t54 -39zM704 800h-208q-20 0 -32 -14.5t-8 -34.5l58 -302q4 -20 21.5 -34.5t37.5 -14.5h54q20 0 37.5 14.5t21.5 34.5l58 302q4 20 -8 34.5t-32 14.5zM500 300v-100h200 v100h-200z" />
<glyph unicode="&#xe210;" d="M425 1100h250q10 0 17.5 -7.5t7.5 -17.5v-150q0 -10 -7.5 -17.5t-17.5 -7.5h-250q-10 0 -17.5 7.5t-7.5 17.5v150q0 10 7.5 17.5t17.5 7.5zM425 800h250q10 0 17.5 -7.5t7.5 -17.5v-150q0 -10 -7.5 -17.5t-17.5 -7.5h-250q-10 0 -17.5 7.5t-7.5 17.5v150q0 10 7.5 17.5 t17.5 7.5zM825 800h250q10 0 17.5 -7.5t7.5 -17.5v-150q0 -10 -7.5 -17.5t-17.5 -7.5h-250q-10 0 -17.5 7.5t-7.5 17.5v150q0 10 7.5 17.5t17.5 7.5zM25 500h250q10 0 17.5 -7.5t7.5 -17.5v-150q0 -10 -7.5 -17.5t-17.5 -7.5h-250q-10 0 -17.5 7.5t-7.5 17.5v150 q0 10 7.5 17.5t17.5 7.5zM425 500h250q10 0 17.5 -7.5t7.5 -17.5v-150q0 -10 -7.5 -17.5t-17.5 -7.5h-250q-10 0 -17.5 7.5t-7.5 17.5v150q0 10 7.5 17.5t17.5 7.5zM825 500h250q10 0 17.5 -7.5t7.5 -17.5v-150q0 -10 -7.5 -17.5t-17.5 -7.5h-250q-10 0 -17.5 7.5t-7.5 17.5 v150q0 10 7.5 17.5t17.5 7.5zM25 200h250q10 0 17.5 -7.5t7.5 -17.5v-150q0 -10 -7.5 -17.5t-17.5 -7.5h-250q-10 0 -17.5 7.5t-7.5 17.5v150q0 10 7.5 17.5t17.5 7.5zM425 200h250q10 0 17.5 -7.5t7.5 -17.5v-150q0 -10 -7.5 -17.5t-17.5 -7.5h-250q-10 0 -17.5 7.5 t-7.5 17.5v150q0 10 7.5 17.5t17.5 7.5zM825 200h250q10 0 17.5 -7.5t7.5 -17.5v-150q0 -10 -7.5 -17.5t-17.5 -7.5h-250q-10 0 -17.5 7.5t-7.5 17.5v150q0 10 7.5 17.5t17.5 7.5z" />
<glyph unicode="&#xe211;" d="M700 1200h100v-200h-100v-100h350q62 0 86.5 -39.5t-3.5 -94.5l-66 -132q-41 -83 -81 -134h-772q-40 51 -81 134l-66 132q-28 55 -3.5 94.5t86.5 39.5h350v100h-100v200h100v100h200v-100zM250 400h700q21 0 35.5 -14.5t14.5 -35.5t-14.5 -35.5t-35.5 -14.5h-12l137 -100 h-950l138 100h-13q-21 0 -35.5 14.5t-14.5 35.5t14.5 35.5t35.5 14.5zM50 100h1100q21 0 35.5 -14.5t14.5 -35.5v-50h-1200v50q0 21 14.5 35.5t35.5 14.5z" />
<glyph unicode="&#xe212;" d="M600 1300q40 0 68.5 -29.5t28.5 -70.5h-194q0 41 28.5 70.5t68.5 29.5zM443 1100h314q18 -37 18 -75q0 -8 -3 -25h328q41 0 44.5 -16.5t-30.5 -38.5l-175 -145h-678l-178 145q-34 22 -29 38.5t46 16.5h328q-3 17 -3 25q0 38 18 75zM250 700h700q21 0 35.5 -14.5 t14.5 -35.5t-14.5 -35.5t-35.5 -14.5h-150v-200l275 -200h-950l275 200v200h-150q-21 0 -35.5 14.5t-14.5 35.5t14.5 35.5t35.5 14.5zM50 100h1100q21 0 35.5 -14.5t14.5 -35.5v-50h-1200v50q0 21 14.5 35.5t35.5 14.5z" />
<glyph unicode="&#xe213;" d="M600 1181q75 0 128 -53t53 -128t-53 -128t-128 -53t-128 53t-53 128t53 128t128 53zM602 798h46q34 0 55.5 -28.5t21.5 -86.5q0 -76 39 -183h-324q39 107 39 183q0 58 21.5 86.5t56.5 28.5h45zM250 400h700q21 0 35.5 -14.5t14.5 -35.5t-14.5 -35.5t-35.5 -14.5h-13 l138 -100h-950l137 100h-12q-21 0 -35.5 14.5t-14.5 35.5t14.5 35.5t35.5 14.5zM50 100h1100q21 0 35.5 -14.5t14.5 -35.5v-50h-1200v50q0 21 14.5 35.5t35.5 14.5z" />
<glyph unicode="&#xe214;" d="M600 1300q47 0 92.5 -53.5t71 -123t25.5 -123.5q0 -78 -55.5 -133.5t-133.5 -55.5t-133.5 55.5t-55.5 133.5q0 62 34 143l144 -143l111 111l-163 163q34 26 63 26zM602 798h46q34 0 55.5 -28.5t21.5 -86.5q0 -76 39 -183h-324q39 107 39 183q0 58 21.5 86.5t56.5 28.5h45 zM250 400h700q21 0 35.5 -14.5t14.5 -35.5t-14.5 -35.5t-35.5 -14.5h-13l138 -100h-950l137 100h-12q-21 0 -35.5 14.5t-14.5 35.5t14.5 35.5t35.5 14.5zM50 100h1100q21 0 35.5 -14.5t14.5 -35.5v-50h-1200v50q0 21 14.5 35.5t35.5 14.5z" />
<glyph unicode="&#xe215;" d="M600 1200l300 -161v-139h-300q0 -57 18.5 -108t50 -91.5t63 -72t70 -67.5t57.5 -61h-530q-60 83 -90.5 177.5t-30.5 178.5t33 164.5t87.5 139.5t126 96.5t145.5 41.5v-98zM250 400h700q21 0 35.5 -14.5t14.5 -35.5t-14.5 -35.5t-35.5 -14.5h-13l138 -100h-950l137 100 h-12q-21 0 -35.5 14.5t-14.5 35.5t14.5 35.5t35.5 14.5zM50 100h1100q21 0 35.5 -14.5t14.5 -35.5v-50h-1200v50q0 21 14.5 35.5t35.5 14.5z" />
<glyph unicode="&#xe216;" d="M600 1300q41 0 70.5 -29.5t29.5 -70.5v-78q46 -26 73 -72t27 -100v-50h-400v50q0 54 27 100t73 72v78q0 41 29.5 70.5t70.5 29.5zM400 800h400q54 0 100 -27t72 -73h-172v-100h200v-100h-200v-100h200v-100h-200v-100h200q0 -83 -58.5 -141.5t-141.5 -58.5h-400 q-83 0 -141.5 58.5t-58.5 141.5v400q0 83 58.5 141.5t141.5 58.5z" />
<glyph unicode="&#xe218;" d="M150 1100h900q21 0 35.5 -14.5t14.5 -35.5v-500q0 -21 -14.5 -35.5t-35.5 -14.5h-900q-21 0 -35.5 14.5t-14.5 35.5v500q0 21 14.5 35.5t35.5 14.5zM125 400h950q10 0 17.5 -7.5t7.5 -17.5v-50q0 -10 -7.5 -17.5t-17.5 -7.5h-283l224 -224q13 -13 13 -31.5t-13 -32 t-31.5 -13.5t-31.5 13l-88 88h-524l-87 -88q-13 -13 -32 -13t-32 13.5t-13 32t13 31.5l224 224h-289q-10 0 -17.5 7.5t-7.5 17.5v50q0 10 7.5 17.5t17.5 7.5zM541 300l-100 -100h324l-100 100h-124z" />
<glyph unicode="&#xe219;" d="M200 1100h800q83 0 141.5 -58.5t58.5 -141.5v-200h-100q0 41 -29.5 70.5t-70.5 29.5h-250q-41 0 -70.5 -29.5t-29.5 -70.5h-100q0 41 -29.5 70.5t-70.5 29.5h-250q-41 0 -70.5 -29.5t-29.5 -70.5h-100v200q0 83 58.5 141.5t141.5 58.5zM100 600h1000q41 0 70.5 -29.5 t29.5 -70.5v-300h-1200v300q0 41 29.5 70.5t70.5 29.5zM300 100v-50q0 -21 -14.5 -35.5t-35.5 -14.5h-100q-21 0 -35.5 14.5t-14.5 35.5v50h200zM1100 100v-50q0 -21 -14.5 -35.5t-35.5 -14.5h-100q-21 0 -35.5 14.5t-14.5 35.5v50h200z" />
<glyph unicode="&#xe221;" d="M480 1165l682 -683q31 -31 31 -75.5t-31 -75.5l-131 -131h-481l-517 518q-32 31 -32 75.5t32 75.5l295 296q31 31 75.5 31t76.5 -31zM108 794l342 -342l303 304l-341 341zM250 100h800q21 0 35.5 -14.5t14.5 -35.5v-50h-900v50q0 21 14.5 35.5t35.5 14.5z" />
<glyph unicode="&#xe223;" d="M1057 647l-189 506q-8 19 -27.5 33t-40.5 14h-400q-21 0 -40.5 -14t-27.5 -33l-189 -506q-8 -19 1.5 -33t30.5 -14h625v-150q0 -21 14.5 -35.5t35.5 -14.5t35.5 14.5t14.5 35.5v150h125q21 0 30.5 14t1.5 33zM897 0h-595v50q0 21 14.5 35.5t35.5 14.5h50v50 q0 21 14.5 35.5t35.5 14.5h48v300h200v-300h47q21 0 35.5 -14.5t14.5 -35.5v-50h50q21 0 35.5 -14.5t14.5 -35.5v-50z" />
<glyph unicode="&#xe224;" d="M900 800h300v-575q0 -10 -7.5 -17.5t-17.5 -7.5h-375v591l-300 300v84q0 10 7.5 17.5t17.5 7.5h375v-400zM1200 900h-200v200zM400 600h300v-575q0 -10 -7.5 -17.5t-17.5 -7.5h-650q-10 0 -17.5 7.5t-7.5 17.5v950q0 10 7.5 17.5t17.5 7.5h375v-400zM700 700h-200v200z " />
<glyph unicode="&#xe225;" d="M484 1095h195q75 0 146 -32.5t124 -86t89.5 -122.5t48.5 -142q18 -14 35 -20q31 -10 64.5 6.5t43.5 48.5q10 34 -15 71q-19 27 -9 43q5 8 12.5 11t19 -1t23.5 -16q41 -44 39 -105q-3 -63 -46 -106.5t-104 -43.5h-62q-7 -55 -35 -117t-56 -100l-39 -234q-3 -20 -20 -34.5 t-38 -14.5h-100q-21 0 -33 14.5t-9 34.5l12 70q-49 -14 -91 -14h-195q-24 0 -65 8l-11 -64q-3 -20 -20 -34.5t-38 -14.5h-100q-21 0 -33 14.5t-9 34.5l26 157q-84 74 -128 175l-159 53q-19 7 -33 26t-14 40v50q0 21 14.5 35.5t35.5 14.5h124q11 87 56 166l-111 95 q-16 14 -12.5 23.5t24.5 9.5h203q116 101 250 101zM675 1000h-250q-10 0 -17.5 -7.5t-7.5 -17.5v-50q0 -10 7.5 -17.5t17.5 -7.5h250q10 0 17.5 7.5t7.5 17.5v50q0 10 -7.5 17.5t-17.5 7.5z" />
<glyph unicode="&#xe226;" d="M641 900l423 247q19 8 42 2.5t37 -21.5l32 -38q14 -15 12.5 -36t-17.5 -34l-139 -120h-390zM50 1100h106q67 0 103 -17t66 -71l102 -212h823q21 0 35.5 -14.5t14.5 -35.5v-50q0 -21 -14 -40t-33 -26l-737 -132q-23 -4 -40 6t-26 25q-42 67 -100 67h-300q-62 0 -106 44 t-44 106v200q0 62 44 106t106 44zM173 928h-80q-19 0 -28 -14t-9 -35v-56q0 -51 42 -51h134q16 0 21.5 8t5.5 24q0 11 -16 45t-27 51q-18 28 -43 28zM550 727q-32 0 -54.5 -22.5t-22.5 -54.5t22.5 -54.5t54.5 -22.5t54.5 22.5t22.5 54.5t-22.5 54.5t-54.5 22.5zM130 389 l152 130q18 19 34 24t31 -3.5t24.5 -17.5t25.5 -28q28 -35 50.5 -51t48.5 -13l63 5l48 -179q13 -61 -3.5 -97.5t-67.5 -79.5l-80 -69q-47 -40 -109 -35.5t-103 51.5l-130 151q-40 47 -35.5 109.5t51.5 102.5zM380 377l-102 -88q-31 -27 2 -65l37 -43q13 -15 27.5 -19.5 t31.5 6.5l61 53q19 16 14 49q-2 20 -12 56t-17 45q-11 12 -19 14t-23 -8z" />
<glyph unicode="&#xe227;" d="M625 1200h150q10 0 17.5 -7.5t7.5 -17.5v-109q79 -33 131 -87.5t53 -128.5q1 -46 -15 -84.5t-39 -61t-46 -38t-39 -21.5l-17 -6q6 0 15 -1.5t35 -9t50 -17.5t53 -30t50 -45t35.5 -64t14.5 -84q0 -59 -11.5 -105.5t-28.5 -76.5t-44 -51t-49.5 -31.5t-54.5 -16t-49.5 -6.5 t-43.5 -1v-75q0 -10 -7.5 -17.5t-17.5 -7.5h-150q-10 0 -17.5 7.5t-7.5 17.5v75h-100v-75q0 -10 -7.5 -17.5t-17.5 -7.5h-150q-10 0 -17.5 7.5t-7.5 17.5v75h-175q-10 0 -17.5 7.5t-7.5 17.5v150q0 10 7.5 17.5t17.5 7.5h75v600h-75q-10 0 -17.5 7.5t-7.5 17.5v150 q0 10 7.5 17.5t17.5 7.5h175v75q0 10 7.5 17.5t17.5 7.5h150q10 0 17.5 -7.5t7.5 -17.5v-75h100v75q0 10 7.5 17.5t17.5 7.5zM400 900v-200h263q28 0 48.5 10.5t30 25t15 29t5.5 25.5l1 10q0 4 -0.5 11t-6 24t-15 30t-30 24t-48.5 11h-263zM400 500v-200h363q28 0 48.5 10.5 t30 25t15 29t5.5 25.5l1 10q0 4 -0.5 11t-6 24t-15 30t-30 24t-48.5 11h-363z" />
<glyph unicode="&#xe230;" d="M212 1198h780q86 0 147 -61t61 -147v-416q0 -51 -18 -142.5t-36 -157.5l-18 -66q-29 -87 -93.5 -146.5t-146.5 -59.5h-572q-82 0 -147 59t-93 147q-8 28 -20 73t-32 143.5t-20 149.5v416q0 86 61 147t147 61zM600 1045q-70 0 -132.5 -11.5t-105.5 -30.5t-78.5 -41.5 t-57 -45t-36 -41t-20.5 -30.5l-6 -12l156 -243h560l156 243q-2 5 -6 12.5t-20 29.5t-36.5 42t-57 44.5t-79 42t-105 29.5t-132.5 12zM762 703h-157l195 261z" />
<glyph unicode="&#xe231;" d="M475 1300h150q103 0 189 -86t86 -189v-500q0 -41 -42 -83t-83 -42h-450q-41 0 -83 42t-42 83v500q0 103 86 189t189 86zM700 300v-225q0 -21 -27 -48t-48 -27h-150q-21 0 -48 27t-27 48v225h300z" />
<glyph unicode="&#xe232;" d="M475 1300h96q0 -150 89.5 -239.5t239.5 -89.5v-446q0 -41 -42 -83t-83 -42h-450q-41 0 -83 42t-42 83v500q0 103 86 189t189 86zM700 300v-225q0 -21 -27 -48t-48 -27h-150q-21 0 -48 27t-27 48v225h300z" />
<glyph unicode="&#xe233;" d="M1294 767l-638 -283l-378 170l-78 -60v-224l100 -150v-199l-150 148l-150 -149v200l100 150v250q0 4 -0.5 10.5t0 9.5t1 8t3 8t6.5 6l47 40l-147 65l642 283zM1000 380l-350 -166l-350 166v147l350 -165l350 165v-147z" />
<glyph unicode="&#xe234;" d="M250 800q62 0 106 -44t44 -106t-44 -106t-106 -44t-106 44t-44 106t44 106t106 44zM650 800q62 0 106 -44t44 -106t-44 -106t-106 -44t-106 44t-44 106t44 106t106 44zM1050 800q62 0 106 -44t44 -106t-44 -106t-106 -44t-106 44t-44 106t44 106t106 44z" />
<glyph unicode="&#xe235;" d="M550 1100q62 0 106 -44t44 -106t-44 -106t-106 -44t-106 44t-44 106t44 106t106 44zM550 700q62 0 106 -44t44 -106t-44 -106t-106 -44t-106 44t-44 106t44 106t106 44zM550 300q62 0 106 -44t44 -106t-44 -106t-106 -44t-106 44t-44 106t44 106t106 44z" />
<glyph unicode="&#xe236;" d="M125 1100h950q10 0 17.5 -7.5t7.5 -17.5v-150q0 -10 -7.5 -17.5t-17.5 -7.5h-950q-10 0 -17.5 7.5t-7.5 17.5v150q0 10 7.5 17.5t17.5 7.5zM125 700h950q10 0 17.5 -7.5t7.5 -17.5v-150q0 -10 -7.5 -17.5t-17.5 -7.5h-950q-10 0 -17.5 7.5t-7.5 17.5v150q0 10 7.5 17.5 t17.5 7.5zM125 300h950q10 0 17.5 -7.5t7.5 -17.5v-150q0 -10 -7.5 -17.5t-17.5 -7.5h-950q-10 0 -17.5 7.5t-7.5 17.5v150q0 10 7.5 17.5t17.5 7.5z" />
<glyph unicode="&#xe237;" d="M350 1200h500q162 0 256 -93.5t94 -256.5v-500q0 -165 -93.5 -257.5t-256.5 -92.5h-500q-165 0 -257.5 92.5t-92.5 257.5v500q0 165 92.5 257.5t257.5 92.5zM900 1000h-600q-41 0 -70.5 -29.5t-29.5 -70.5v-600q0 -41 29.5 -70.5t70.5 -29.5h600q41 0 70.5 29.5 t29.5 70.5v600q0 41 -29.5 70.5t-70.5 29.5zM350 900h500q21 0 35.5 -14.5t14.5 -35.5v-300q0 -21 -14.5 -35.5t-35.5 -14.5h-500q-21 0 -35.5 14.5t-14.5 35.5v300q0 21 14.5 35.5t35.5 14.5zM400 800v-200h400v200h-400z" />
<glyph unicode="&#xe238;" d="M150 1100h1000q21 0 35.5 -14.5t14.5 -35.5t-14.5 -35.5t-35.5 -14.5h-50v-200h50q21 0 35.5 -14.5t14.5 -35.5t-14.5 -35.5t-35.5 -14.5h-50v-200h50q21 0 35.5 -14.5t14.5 -35.5t-14.5 -35.5t-35.5 -14.5h-50v-200h50q21 0 35.5 -14.5t14.5 -35.5t-14.5 -35.5 t-35.5 -14.5h-1000q-21 0 -35.5 14.5t-14.5 35.5t14.5 35.5t35.5 14.5h50v200h-50q-21 0 -35.5 14.5t-14.5 35.5t14.5 35.5t35.5 14.5h50v200h-50q-21 0 -35.5 14.5t-14.5 35.5t14.5 35.5t35.5 14.5h50v200h-50q-21 0 -35.5 14.5t-14.5 35.5t14.5 35.5t35.5 14.5z" />
<glyph unicode="&#xe239;" d="M650 1187q87 -67 118.5 -156t0 -178t-118.5 -155q-87 66 -118.5 155t0 178t118.5 156zM300 800q124 0 212 -88t88 -212q-124 0 -212 88t-88 212zM1000 800q0 -124 -88 -212t-212 -88q0 124 88 212t212 88zM300 500q124 0 212 -88t88 -212q-124 0 -212 88t-88 212z M1000 500q0 -124 -88 -212t-212 -88q0 124 88 212t212 88zM700 199v-144q0 -21 -14.5 -35.5t-35.5 -14.5t-35.5 14.5t-14.5 35.5v142q40 -4 43 -4q17 0 57 6z" />
<glyph unicode="&#xe240;" d="M745 878l69 19q25 6 45 -12l298 -295q11 -11 15 -26.5t-2 -30.5q-5 -14 -18 -23.5t-28 -9.5h-8q1 0 1 -13q0 -29 -2 -56t-8.5 -62t-20 -63t-33 -53t-51 -39t-72.5 -14h-146q-184 0 -184 288q0 24 10 47q-20 4 -62 4t-63 -4q11 -24 11 -47q0 -288 -184 -288h-142 q-48 0 -84.5 21t-56 51t-32 71.5t-16 75t-3.5 68.5q0 13 2 13h-7q-15 0 -27.5 9.5t-18.5 23.5q-6 15 -2 30.5t15 25.5l298 296q20 18 46 11l76 -19q20 -5 30.5 -22.5t5.5 -37.5t-22.5 -31t-37.5 -5l-51 12l-182 -193h891l-182 193l-44 -12q-20 -5 -37.5 6t-22.5 31t6 37.5 t31 22.5z" />
<glyph unicode="&#xe241;" d="M1200 900h-50q0 21 -4 37t-9.5 26.5t-18 17.5t-22 11t-28.5 5.5t-31 2t-37 0.5h-200v-850q0 -22 25 -34.5t50 -13.5l25 -2v-100h-400v100q4 0 11 0.5t24 3t30 7t24 15t11 24.5v850h-200q-25 0 -37 -0.5t-31 -2t-28.5 -5.5t-22 -11t-18 -17.5t-9.5 -26.5t-4 -37h-50v300 h1000v-300zM500 450h-25q0 15 -4 24.5t-9 14.5t-17 7.5t-20 3t-25 0.5h-100v-425q0 -11 12.5 -17.5t25.5 -7.5h12v-50h-200v50q50 0 50 25v425h-100q-17 0 -25 -0.5t-20 -3t-17 -7.5t-9 -14.5t-4 -24.5h-25v150h500v-150z" />
<glyph unicode="&#xe242;" d="M1000 300v50q-25 0 -55 32q-14 14 -25 31t-16 27l-4 11l-289 747h-69l-300 -754q-18 -35 -39 -56q-9 -9 -24.5 -18.5t-26.5 -14.5l-11 -5v-50h273v50q-49 0 -78.5 21.5t-11.5 67.5l69 176h293l61 -166q13 -34 -3.5 -66.5t-55.5 -32.5v-50h312zM412 691l134 342l121 -342 h-255zM1100 150v-100q0 -21 -14.5 -35.5t-35.5 -14.5h-1000q-21 0 -35.5 14.5t-14.5 35.5v100q0 21 14.5 35.5t35.5 14.5h1000q21 0 35.5 -14.5t14.5 -35.5z" />
<glyph unicode="&#xe243;" d="M50 1200h1100q21 0 35.5 -14.5t14.5 -35.5v-1100q0 -21 -14.5 -35.5t-35.5 -14.5h-1100q-21 0 -35.5 14.5t-14.5 35.5v1100q0 21 14.5 35.5t35.5 14.5zM611 1118h-70q-13 0 -18 -12l-299 -753q-17 -32 -35 -51q-18 -18 -56 -34q-12 -5 -12 -18v-50q0 -8 5.5 -14t14.5 -6 h273q8 0 14 6t6 14v50q0 8 -6 14t-14 6q-55 0 -71 23q-10 14 0 39l63 163h266l57 -153q11 -31 -6 -55q-12 -17 -36 -17q-8 0 -14 -6t-6 -14v-50q0 -8 6 -14t14 -6h313q8 0 14 6t6 14v50q0 7 -5.5 13t-13.5 7q-17 0 -42 25q-25 27 -40 63h-1l-288 748q-5 12 -19 12zM639 611 h-197l103 264z" />
<glyph unicode="&#xe244;" d="M1200 1100h-1200v100h1200v-100zM50 1000h400q21 0 35.5 -14.5t14.5 -35.5v-900q0 -21 -14.5 -35.5t-35.5 -14.5h-400q-21 0 -35.5 14.5t-14.5 35.5v900q0 21 14.5 35.5t35.5 14.5zM650 1000h400q21 0 35.5 -14.5t14.5 -35.5v-400q0 -21 -14.5 -35.5t-35.5 -14.5h-400 q-21 0 -35.5 14.5t-14.5 35.5v400q0 21 14.5 35.5t35.5 14.5zM700 900v-300h300v300h-300z" />
<glyph unicode="&#xe245;" d="M50 1200h400q21 0 35.5 -14.5t14.5 -35.5v-900q0 -21 -14.5 -35.5t-35.5 -14.5h-400q-21 0 -35.5 14.5t-14.5 35.5v900q0 21 14.5 35.5t35.5 14.5zM650 700h400q21 0 35.5 -14.5t14.5 -35.5v-400q0 -21 -14.5 -35.5t-35.5 -14.5h-400q-21 0 -35.5 14.5t-14.5 35.5v400 q0 21 14.5 35.5t35.5 14.5zM700 600v-300h300v300h-300zM1200 0h-1200v100h1200v-100z" />
<glyph unicode="&#xe246;" d="M50 1000h400q21 0 35.5 -14.5t14.5 -35.5v-350h100v150q0 21 14.5 35.5t35.5 14.5h400q21 0 35.5 -14.5t14.5 -35.5v-150h100v-100h-100v-150q0 -21 -14.5 -35.5t-35.5 -14.5h-400q-21 0 -35.5 14.5t-14.5 35.5v150h-100v-350q0 -21 -14.5 -35.5t-35.5 -14.5h-400 q-21 0 -35.5 14.5t-14.5 35.5v800q0 21 14.5 35.5t35.5 14.5zM700 700v-300h300v300h-300z" />
<glyph unicode="&#xe247;" d="M100 0h-100v1200h100v-1200zM250 1100h400q21 0 35.5 -14.5t14.5 -35.5v-400q0 -21 -14.5 -35.5t-35.5 -14.5h-400q-21 0 -35.5 14.5t-14.5 35.5v400q0 21 14.5 35.5t35.5 14.5zM300 1000v-300h300v300h-300zM250 500h900q21 0 35.5 -14.5t14.5 -35.5v-400 q0 -21 -14.5 -35.5t-35.5 -14.5h-900q-21 0 -35.5 14.5t-14.5 35.5v400q0 21 14.5 35.5t35.5 14.5z" />
<glyph unicode="&#xe248;" d="M600 1100h150q21 0 35.5 -14.5t14.5 -35.5v-400q0 -21 -14.5 -35.5t-35.5 -14.5h-150v-100h450q21 0 35.5 -14.5t14.5 -35.5v-400q0 -21 -14.5 -35.5t-35.5 -14.5h-900q-21 0 -35.5 14.5t-14.5 35.5v400q0 21 14.5 35.5t35.5 14.5h350v100h-150q-21 0 -35.5 14.5 t-14.5 35.5v400q0 21 14.5 35.5t35.5 14.5h150v100h100v-100zM400 1000v-300h300v300h-300z" />
<glyph unicode="&#xe249;" d="M1200 0h-100v1200h100v-1200zM550 1100h400q21 0 35.5 -14.5t14.5 -35.5v-400q0 -21 -14.5 -35.5t-35.5 -14.5h-400q-21 0 -35.5 14.5t-14.5 35.5v400q0 21 14.5 35.5t35.5 14.5zM600 1000v-300h300v300h-300zM50 500h900q21 0 35.5 -14.5t14.5 -35.5v-400 q0 -21 -14.5 -35.5t-35.5 -14.5h-900q-21 0 -35.5 14.5t-14.5 35.5v400q0 21 14.5 35.5t35.5 14.5z" />
<glyph unicode="&#xe250;" d="M865 565l-494 -494q-23 -23 -41 -23q-14 0 -22 13.5t-8 38.5v1000q0 25 8 38.5t22 13.5q18 0 41 -23l494 -494q14 -14 14 -35t-14 -35z" />
<glyph unicode="&#xe251;" d="M335 635l494 494q29 29 50 20.5t21 -49.5v-1000q0 -41 -21 -49.5t-50 20.5l-494 494q-14 14 -14 35t14 35z" />
<glyph unicode="&#xe252;" d="M100 900h1000q41 0 49.5 -21t-20.5 -50l-494 -494q-14 -14 -35 -14t-35 14l-494 494q-29 29 -20.5 50t49.5 21z" />
<glyph unicode="&#xe253;" d="M635 865l494 -494q29 -29 20.5 -50t-49.5 -21h-1000q-41 0 -49.5 21t20.5 50l494 494q14 14 35 14t35 -14z" />
<glyph unicode="&#xe254;" d="M700 741v-182l-692 -323v221l413 193l-413 193v221zM1200 0h-800v200h800v-200z" />
<glyph unicode="&#xe255;" d="M1200 900h-200v-100h200v-100h-300v300h200v100h-200v100h300v-300zM0 700h50q0 21 4 37t9.5 26.5t18 17.5t22 11t28.5 5.5t31 2t37 0.5h100v-550q0 -22 -25 -34.5t-50 -13.5l-25 -2v-100h400v100q-4 0 -11 0.5t-24 3t-30 7t-24 15t-11 24.5v550h100q25 0 37 -0.5t31 -2 t28.5 -5.5t22 -11t18 -17.5t9.5 -26.5t4 -37h50v300h-800v-300z" />
<glyph unicode="&#xe256;" d="M800 700h-50q0 21 -4 37t-9.5 26.5t-18 17.5t-22 11t-28.5 5.5t-31 2t-37 0.5h-100v-550q0 -22 25 -34.5t50 -14.5l25 -1v-100h-400v100q4 0 11 0.5t24 3t30 7t24 15t11 24.5v550h-100q-25 0 -37 -0.5t-31 -2t-28.5 -5.5t-22 -11t-18 -17.5t-9.5 -26.5t-4 -37h-50v300 h800v-300zM1100 200h-200v-100h200v-100h-300v300h200v100h-200v100h300v-300z" />
<glyph unicode="&#xe257;" d="M701 1098h160q16 0 21 -11t-7 -23l-464 -464l464 -464q12 -12 7 -23t-21 -11h-160q-13 0 -23 9l-471 471q-7 8 -7 18t7 18l471 471q10 9 23 9z" />
<glyph unicode="&#xe258;" d="M339 1098h160q13 0 23 -9l471 -471q7 -8 7 -18t-7 -18l-471 -471q-10 -9 -23 -9h-160q-16 0 -21 11t7 23l464 464l-464 464q-12 12 -7 23t21 11z" />
<glyph unicode="&#xe259;" d="M1087 882q11 -5 11 -21v-160q0 -13 -9 -23l-471 -471q-8 -7 -18 -7t-18 7l-471 471q-9 10 -9 23v160q0 16 11 21t23 -7l464 -464l464 464q12 12 23 7z" />
<glyph unicode="&#xe260;" d="M618 993l471 -471q9 -10 9 -23v-160q0 -16 -11 -21t-23 7l-464 464l-464 -464q-12 -12 -23 -7t-11 21v160q0 13 9 23l471 471q8 7 18 7t18 -7z" />
<glyph unicode="&#xf8ff;" d="M1000 1200q0 -124 -88 -212t-212 -88q0 124 88 212t212 88zM450 1000h100q21 0 40 -14t26 -33l79 -194q5 1 16 3q34 6 54 9.5t60 7t65.5 1t61 -10t56.5 -23t42.5 -42t29 -64t5 -92t-19.5 -121.5q-1 -7 -3 -19.5t-11 -50t-20.5 -73t-32.5 -81.5t-46.5 -83t-64 -70 t-82.5 -50q-13 -5 -42 -5t-65.5 2.5t-47.5 2.5q-14 0 -49.5 -3.5t-63 -3.5t-43.5 7q-57 25 -104.5 78.5t-75 111.5t-46.5 112t-26 90l-7 35q-15 63 -18 115t4.5 88.5t26 64t39.5 43.5t52 25.5t58.5 13t62.5 2t59.5 -4.5t55.5 -8l-147 192q-12 18 -5.5 30t27.5 12z" />
<glyph unicode="&#x1f511;" d="M250 1200h600q21 0 35.5 -14.5t14.5 -35.5v-400q0 -21 -14.5 -35.5t-35.5 -14.5h-150v-500l-255 -178q-19 -9 -32 -1t-13 29v650h-150q-21 0 -35.5 14.5t-14.5 35.5v400q0 21 14.5 35.5t35.5 14.5zM400 1100v-100h300v100h-300z" />
<glyph unicode="&#x1f6aa;" d="M250 1200h750q39 0 69.5 -40.5t30.5 -84.5v-933l-700 -117v950l600 125h-700v-1000h-100v1025q0 23 15.5 49t34.5 26zM500 525v-100l100 20v100z" />
</font>
</defs></svg>
Side by Side

After

Width:  |  Height:  |  Size: 106 KiB

BIN
public_html/bootstrap/fonts/glyphicons-halflings-regular.ttf Normal file
View File

Binary file not shown.

BIN
public_html/bootstrap/fonts/glyphicons-halflings-regular.woff Normal file
View File

Binary file not shown.

BIN
public_html/bootstrap/fonts/glyphicons-halflings-regular.woff2 Normal file
View File

Binary file not shown.

2377
public_html/bootstrap/js/bootstrap.js vendored Normal file
View File

File diff suppressed because it is too large Load Diff

7
public_html/bootstrap/js/bootstrap.min.js vendored Normal file
View File

File diff suppressed because one or more lines are too long

13
public_html/bootstrap/js/npm.js Normal file
View File

@@ -0,0 +1,13 @@
// This file is autogenerated via the `commonjs` Grunt task. You can require() this file in a CommonJS environment.
require('../../js/transition.js')
require('../../js/alert.js')
require('../../js/button.js')
require('../../js/carousel.js')
require('../../js/collapse.js')
require('../../js/dropdown.js')
require('../../js/modal.js')
require('../../js/tooltip.js')
require('../../js/popover.js')
require('../../js/scrollspy.js')
require('../../js/tab.js')
require('../../js/affix.js')

415
public_html/extra.js Normal file
View File

@@ -0,0 +1,415 @@
/*
##
## Copyright 2013-2017 Opera Software AS
##
## Licensed under the Apache License, Version 2.0 (the "License");
## you may not use this file except in compliance with the License.
## You may obtain a copy of the License at
##
## http://www.apache.org/licenses/LICENSE-2.0
##
## Unless required by applicable law or agreed to in writing, software
## distributed under the License is distributed on an "AS IS" BASIS,
## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
## See the License for the specific language governing permissions and
## limitations under the License.
##
*/
// Handle 'navigate-back' links
$(function() {
$('a.navigate-back').on('click', function(e) {
window.history.back();
event.stopPropagation();
});
});
// Remember the last-selected tab in a tab group
$(function() {
if(sessionStorage) {
$('a[data-toggle="tab"]').on('shown.bs.tab', function (e) {
//save the latest tab
sessionStorage.setItem('lastTab' + location.pathname, $(e.target).attr('href'));
});
//go to the latest tab, if it exists:
var lastTab = sessionStorage.getItem('lastTab' + location.pathname);
if (lastTab) {
$('a[href="' + lastTab + '"]').tab('show');
} else {
$('a[data-toggle="tab"]:first').tab('show');
}
}
get_tab_from_location();
window.onpopstate = function(event) {
get_tab_from_location();
}
function get_tab_from_location() {
// Javascript to enable link to tab
var url = document.location.toString();
if(url.match('#')) {
$('.nav-tabs a[href=#'+url.split('#')[1]+']').tab('show');
}
}
// Do the location modifying code after all other setup, since we don't want the initial loading to trigger this
$('a[data-toggle="tab"]').on('shown.bs.tab', function (e) {
if(history) {
history.replaceState(null, null, e.target.href);
} else {
window.location.hash = e.target.hash;
}
});
});
// Remember the expanded-state of a collapsible section
$(function() {
get_section_from_location();
window.onpopstate = function(event) {
get_section_from_location();
}
function get_section_from_location() {
// Javascript to enable link to section
var url = document.location.toString();
if(url.match('#')) {
var fragment = url.split('#')[1];
} else {
var fragment = '';
}
$(".collapse").each(function(){
if(this.id == fragment) $(this).addClass("in");
else $(this).removeClass("in");
});
}
// Do the location modifying code after all other setup, since we don't want the initial loading to trigger this
$('.panel-collapse').on('show.bs.collapse', function (e) {
if(history) {
history.replaceState(null, null, '#' + e.target.id);
} else {
window.location.hash = e.target.id;
}
});
});
// Show only chosen fingerprint hash format in list views
$(function() {
$('table th.fingerprint').first().each(function() {
$(this).append(' ');
var select = $('<select>');
var options = ['MD5', 'SHA256'];
for(var i = 0, option; option = options[i]; i++) {
select.append($('<option>').text(option).val(option));
}
if(localStorage) {
var fingerprint_hash = localStorage.getItem('preferred_fingerprint_hash');
if(fingerprint_hash) {
select.val(fingerprint_hash);
}
}
$(this).append(select);
select.on('change', function() {
if(this.value == 'SHA256') {
$('span.fingerprint_md5').hide();
$('span.fingerprint_sha256').show();
} else {
$('span.fingerprint_sha256').hide();
$('span.fingerprint_md5').show();
}
if(localStorage) {
localStorage.setItem('preferred_fingerprint_hash', this.value);
}
});
});
});
// Add confirmation dialog to all submit buttons with data-confirm attribute
$(function() {
$('button[type="submit"][data-confirm]').each(function() {
$(this).on('click', function() { return confirm($(this).data('confirm')); });
});
});
// Add "clear field" button functionality
$(function() {
$('button[data-clear]').each(function() {
$(this).on('click', function() { this.form[$(this).data('clear')].value = ''; });
});
});
// Home page dynamic add pubkey form
$(function() {
$('#add_key_button').on('click', function() {
$('#add_key_form').removeClass('hidden');
$('#add_key_button').addClass('hidden');
$('#public_key').focus();
});
$('#add_key_form button[type=button].btn-info').on('click', function() {
$('#help').toggleClass('hidden');
});
$('#add_key_form button[type=button].btn-default').on('click', function() {
$('#add_key_form').addClass('hidden');
$('#add_key_button').removeClass('hidden');
});
});
// Show/hide appropriate sections of the server settings form
$(function() {
var form = $('#server_settings');
form.each(function() {
$('#authorization.hide').hide().removeClass('hide');
$('#ldap_access_options.hide').hide().removeClass('hide');
$("input[name='key_management']", form).on('click', function() {display_relevant_options()});
$("input[name='authorization']", form).on('click', function() {display_relevant_options()});
function display_relevant_options() {
if($("input[name='key_management']:checked").val() == 'keys') {
$('#authorization').show('fast');
if($("input[name='authorization']:checked").val() == 'manual') {
$('#ldap_access_options').hide('fast');
} else {
$('#ldap_access_options').show('fast');
}
} else {
$('#authorization').hide('fast');
$('#ldap_access_options').hide('fast');
}
}
var ao_command_enabled = $("input[name='access_option[command][enabled]']", form);
var ao_command_value = $("input[name='access_option[command][value]']", form);
var ao_from_enabled = $("input[name='access_option[from][enabled]']", form);
var ao_from_value = $("input[name='access_option[from][value]']", form);
ao_command_enabled.on('click', function() {ao_update_disabled()});
ao_from_enabled.on('click', function() {ao_update_disabled()});
ao_update_disabled();
function ao_update_disabled() {
ao_command_value.prop('disabled', !ao_command_enabled.prop('checked'));
ao_command_value.prop('required', ao_command_enabled.prop('checked'));
ao_from_value.prop('disabled', !ao_from_enabled.prop('checked'));
ao_from_value.prop('required', ao_from_enabled.prop('checked'));
}
});
});
// Enable/disable relevant sections of the access options form
$(function() {
var form = $('#access_options');
form.each(function() {
var ao_command_enabled = $("input[name='access_option[command][enabled]']", form);
var ao_command_value = $("input[name='access_option[command][value]']", form);
var ao_from_enabled = $("input[name='access_option[from][enabled]']", form);
var ao_from_value = $("input[name='access_option[from][value]']", form);
var ao_noportfwd_enabled = $("input[name='access_option[no-port-forwarding][enabled]']", form);
var ao_nox11fwd_enabled = $("input[name='access_option[no-X11-forwarding][enabled]']", form);
var ao_nopty_enabled = $("input[name='access_option[no-pty][enabled]']", form);
ao_command_enabled.on('click', function() {ao_update_disabled()});
ao_from_enabled.on('click', function() {ao_update_disabled()});
$("button[type='button']", form).on('click', function(e) {
var preset
if(preset = $(e.target).attr('data-preset')) {
$('input:checkbox', form).val([]);
ao_command_value.val('');
ao_from_value.val('');
if(preset == 'command' || preset == 'dbbackup') {
ao_command_enabled.prop('checked', true);
ao_command_value.focus();
ao_noportfwd_enabled.prop('checked', true);
ao_nox11fwd_enabled.prop('checked', true);
ao_nopty_enabled.prop('checked', true);
}
if(preset == 'dbbackup') {
ao_command_value.val('/usr/bin/innobackupex --slave-info --defaults-file=/etc/mysql/my.cnf /var/tmp');
}
}
ao_update_disabled();
});
ao_update_disabled();
function ao_update_disabled() {
ao_command_value.prop('disabled', !ao_command_enabled.prop('checked'));
ao_command_value.prop('required', ao_command_enabled.prop('checked'));
ao_from_value.prop('disabled', !ao_from_enabled.prop('checked'));
ao_from_value.prop('required', ao_from_enabled.prop('checked'));
}
});
});
// Provide dynamic reassign form on user page
$(function() {
$('button[data-reassign]').on('click', function() {
var id = $(this).data('reassign');
var table = $('#' + id);
var cell = document.createElement('th');
var checkbox = document.createElement('input');
checkbox.type = 'checkbox';
$(checkbox).on('click', function() {$("input[type='checkbox']", table).prop('checked', this.checked)});
cell.appendChild(checkbox);
table.children('thead').children('tr').prepend(cell);
table.children('tbody').children('tr').each(function() {
var hostname = $(this).children('td:first-child').text().trim();
var cell = document.createElement('td');
var checkbox = document.createElement('input');
checkbox.type = 'checkbox';
checkbox.name = 'servers[]';
checkbox.value = hostname;
cell.appendChild(checkbox);
$(this).prepend(cell);
});
$(this).parent().append('<div class="form-group"><label>Reassign to <input type="text" name="reassign_to" class="form-control"></label></div>');
$(this).parent().append('<div class="form-group"><button type="submit" name="reassign_servers" class="btn btn-primary">Reassign selected servers</button></div>');
$(this).remove();
});
});
// Server sync status
$(function() {
var status_div = $('#server_sync_status');
status_div.each(function() {
if(status_div.data('class')) {
update_server_sync_status(status_div.data('class'), status_div.data('message'));
$('span.server_account_sync_status').each(function() {
update_server_account_sync_status(this.id, $(this).data('class'), $(this).data('message'));
});
} else {
$('span', status_div).addClass('text-warning');
$('span', status_div).text('Pending');
$('span.server_account_sync_status').addClass('text-warning');
$('span.server_account_sync_status').text('Pending');
var timeout = 1000;
var max_timeout = 10000;
get_server_sync_status();
}
function get_server_sync_status() {
var xhr = $.ajax({
url: window.location.pathname + '/sync_status',
dataType: 'json'
});
xhr.done(function(status) {
if(status.pending) {
timeout = Math.min(timeout * 1.5, max_timeout);
setTimeout(get_server_sync_status, timeout);
} else {
var classname;
if(status.sync_status == 'sync success') classname = 'success';
if(status.sync_status == 'sync failure') classname = 'danger';
if(status.sync_status == 'sync warning') classname = 'warning';
update_server_sync_status(classname, status.last_sync.details);
}
$.each(status.accounts, function(index, item) {
if(!item.pending) {
var classname;
var message;
if(item.sync_status == 'proposed') { classname = 'info'; message = 'Requested'; }
if(item.sync_status == 'sync success') { classname = 'success'; message = 'Synced'; }
if(item.sync_status == 'sync failure') { classname = 'danger'; message = 'Failed'; }
if(item.sync_status == 'sync warning') { classname = 'warning'; message = 'Not synced'; }
update_server_account_sync_status('server_account_sync_status_' + item.name, classname, message);
}
});
});
}
function update_server_sync_status(classname, message) {
$('span', status_div).removeClass('text-success text-warning text-danger');
$('span', status_div).addClass('text-' + classname);
$('span', status_div).text(message);
if(classname == 'success') {
$('a', status_div).addClass('hidden');
} else {
$('a', status_div).removeClass('hidden');
if(classname == 'warning') $('a', status_div).prop('href', '/help#sync_warning');
if(classname == 'danger') $('a', status_div).prop('href', '/help#sync_error');
}
$('div.spinner', status_div).remove();
$('button[name=sync]', status_div).removeClass('invisible');
}
function update_server_account_sync_status(id, classname, message) {
$('#' + id).removeClass('text-success text-warning text-danger');
$('#' + id).addClass('text-' + classname);
$('#' + id).text(message);
}
});
});
// Server account sync status
$(function() {
var status_div = $('#server_account_sync_status');
status_div.each(function() {
if(status_div.data('class')) {
update_server_account_sync_status(status_div.data('class'), status_div.data('message'));
} else {
$('span', status_div).addClass('text-warning');
$('span', status_div).text('Pending');
var timeout = 1000;
var max_timeout = 10000;
get_server_account_sync_status();
}
function get_server_account_sync_status() {
var xhr = $.ajax({
url: window.location.pathname + '/sync_status',
dataType: 'json'
});
xhr.done(function(status) {
console.debug(status);
if(status.pending) {
timeout = Math.min(timeout * 1.5, max_timeout);
setTimeout(get_server_account_sync_status, timeout);
} else {
var classname;
if(status.sync_status == 'sync success') { classname = 'success'; message = 'Synced'; }
if(status.sync_status == 'sync failure') { classname = 'danger'; message = 'Failed'; }
if(status.sync_status == 'sync warning') { classname = 'warning'; message = 'Not synced'; }
update_server_account_sync_status(classname, message);
}
});
}
function update_server_account_sync_status(classname, message) {
$('span', status_div).removeClass('text-success text-warning text-danger');
$('span', status_div).addClass('text-' + classname);
$('span', status_div).text(message);
$('div.spinner', status_div).remove();
}
});
});
// Server add form - multiple admin autocomplete
$(function() {
var server_admin = $('input#server_admin');
server_admin.each(function() {
server_admin.on('keydown', function(event) {
var keycode = (event.keyCode ? event.keyCode : event.which);
if((keycode == 13 || keycode == 32 || keycode == 188) && $("#server_admin").val() != '') { // Enter, space, comma
appendAdmin();
// Reset focus to remove <datalist> autocomplete dialog
$("#server_admin").blur();
$("#server_admin").focus();
return false;
}
});
server_admin.on('blur', function(event) {
if($("#server_admin").val()) {
appendAdmin();
}
});
function appendAdmin() {
if($("#server_admins").val()) {
$("#server_admins").val($("#server_admins").val() + ', ' + $("#server_admin").val());
} else {
$("#server_admins").val($("#server_admin").val());
}
$("#server_admin").val("");
$("#server_admins").removeClass('hidden');
}
$('input#server_admins').on('blur', function(event) {
if(!$("#server_admins").val()) {
$("#server_admins").addClass('hidden');
}
});
if($("#server_admins").val()) {
$("#server_admins").removeClass('hidden');
}
});
});

31
public_html/header.js Normal file
View File

@@ -0,0 +1,31 @@
/*
##
## Copyright 2013-2017 Opera Software AS
##
## Licensed under the Apache License, Version 2.0 (the "License");
## you may not use this file except in compliance with the License.
## You may obtain a copy of the License at
##
## http://www.apache.org/licenses/LICENSE-2.0
##
## Unless required by applicable law or agreed to in writing, software
## distributed under the License is distributed on an "AS IS" BASIS,
## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
## See the License for the specific language governing permissions and
## limitations under the License.
##
*/
// Lightweight things to do before the page is displayed
// This should not rely on any JQuery or other libraries
// Hide the key fingerprints that we are not interested in
var sheet = document.styleSheets[0];
var fingerprint_hash;
if(localStorage && localStorage.getItem('preferred_fingerprint_hash') == 'SHA256') {
sheet.insertRule('span.fingerprint_md5 {display:none}', 0)
} else {
sheet.insertRule('span.fingerprint_sha256 {display:none}', 0)
}

18
public_html/init.php Normal file
View File

@@ -0,0 +1,18 @@
<?php
##
## Copyright 2013-2017 Opera Software AS
##
## Licensed under the Apache License, Version 2.0 (the "License");
## you may not use this file except in compliance with the License.
## You may obtain a copy of the License at
##
## http://www.apache.org/licenses/LICENSE-2.0
##
## Unless required by applicable law or agreed to in writing, software
## distributed under the License is distributed on an "AS IS" BASIS,
## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
## See the License for the specific language governing permissions and
## limitations under the License.
##
require('../requesthandler.php');

4
public_html/jquery/jquery-3.2.1.min.js vendored Normal file
View File

File diff suppressed because one or more lines are too long

1
public_html/jquery/jquery-3.2.1.min.map Normal file
View File

File diff suppressed because one or more lines are too long

BIN
public_html/key.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 612 B

BIN
public_html/logo-header-opera.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 3.3 KiB

BIN
public_html/putty-key-generator.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 61 KiB

190
public_html/style.css Normal file
View File

@@ -0,0 +1,190 @@
/*
##
## Copyright 2013-2017 Opera Software AS
##
## Licensed under the Apache License, Version 2.0 (the "License");
## you may not use this file except in compliance with the License.
## You may obtain a copy of the License at
##
## http://www.apache.org/licenses/LICENSE-2.0
##
## Unless required by applicable law or agreed to in writing, software
## distributed under the License is distributed on an "AS IS" BASIS,
## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
## See the License for the specific language governing permissions and
## limitations under the License.
##
*/
html,
body {
height: 100%;
/* The html and body elements cannot have any padding or margin. */
}
/* Wrapper for page content to push down footer */
#wrap {
min-height: 100%;
height: auto;
/* Negative indent footer by its height */
margin: 0 auto -60px;
/* Pad bottom by footer height */
padding: 0 0 60px;
}
#wrap > .container {
padding: 60px 15px 0;
}
#content *:first-child {
margin-top: 0;
}
.nav-tabs {
margin-bottom: 20px;
}
#footer {
height: 60px;
background-color: #f5f5f5;
}
#footer > .container {
padding: 20px 15px 0 15px;
}
.navbar-brand img {
height: 100%;
float: left;
margin-right: 1em;
}
.panel-group + p {
margin-top: 1em;
}
a.group, a.server, a.serveraccount, a.user {
white-space: nowrap;
}
a.group::before {
content: "\e032";
/*content: "\e056";*/
display: inline-block;
font-family: "Glyphicons Halflings";
font-style: normal;
font-weight: 400;
line-height: 1;
position: relative;
top: 1px;
padding-right: 0.4em;
}
a.server::before {
content: "\e121";
display: inline-block;
font-family: "Glyphicons Halflings";
font-style: normal;
font-weight: 400;
line-height: 1;
position: relative;
top: 1px;
padding-right: 0.4em;
}
a.serveraccount::before {
content: "\e161";
display: inline-block;
font-family: "Glyphicons Halflings";
font-style: normal;
font-weight: 400;
line-height: 1;
position: relative;
top: 1px;
padding-right: 0.4em;
}
a.user::before {
content: "\e008";
display: inline-block;
font-family: "Glyphicons Halflings";
font-style: normal;
font-weight: 400;
line-height: 1;
position: relative;
top: 1px;
padding-right: 0.4em;
}
.input-group-addon label {
margin: 0;
}
.indented {
padding-left: 2em !important;
}
dl.oneline dt::before {
content: '\A';
white-space: pre;
}
dl.oneline dt:first-child::before {
white-space: normal;
}
dl.oneline dt {
display: inline;
}
dl.oneline dd {
display: inline;
padding-left: 0.5em;
}
dl.spaced dd {
margin-bottom: 1em;
}
ul.compact {
margin: 0;
padding: 0;
list-style-type: none;
}
pre {
white-space: pre-wrap;
}
pre.ascii-art {
line-height: 1;
}
.pre-formatted {
word-break: break-all;
word-wrap: break-word;
white-space: pre-wrap;
}
span.date {
white-space: nowrap;
}
.nowrap {
white-space: nowrap;
}
.spinner {
display: inline-block;
width: 12px;
height: 12px;
-webkit-animation: spinner 1s infinite linear;
animation: spinner 1s infinite linear;
border-radius:7px;
border-left:2px solid gray;
border-bottom:2px solid gray;
}
@-webkit-keyframes spinner {
to {
-webkit-transform: rotate(360deg);
}
}
@keyframes spinner {
to {
transform: rotate(360deg);
}
}
.monospace {
font-family: monospace;
}
td.date {
width: 11em;
}
/* Now with 100% more pink! */
div.navbar-default {
background-color: #fff1f9;
border-color: #f7e7f6;
}
.navbar-default .navbar-nav>.active>a, .navbar-default .navbar-nav>.active>a:focus, .navbar-default .navbar-nav>.active>a:hover {
background-color: #f7e7e7;
}
a {
color: #af3578;
}
a:focus, a:hover {
color: #611d42;
}

81
requesthandler.php Normal file
View File

@@ -0,0 +1,81 @@
<?php
##
## Copyright 2013-2017 Opera Software AS
##
## Licensed under the Apache License, Version 2.0 (the "License");
## you may not use this file except in compliance with the License.
## You may obtain a copy of the License at
##
## http://www.apache.org/licenses/LICENSE-2.0
##
## Unless required by applicable law or agreed to in writing, software
## distributed under the License is distributed on an "AS IS" BASIS,
## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
## See the License for the specific language governing permissions and
## limitations under the License.
##
chdir(dirname(__FILE__));
require('core.php');
ob_start();
set_exception_handler('exception_handler');
if(isset($_SERVER['PHP_AUTH_USER'])) {
$active_user = $user_dir->get_user_by_uid($_SERVER['PHP_AUTH_USER']);
} else {
throw new Exception("Not logged in.");
}
// Work out where we are on the server
$base_path = dirname(__FILE__);
$base_url = dirname($_SERVER['SCRIPT_NAME']);
$request_url = $_SERVER['REQUEST_URI'];
$relative_request_url = preg_replace('/^'.preg_quote($base_url, '/').'/', '/', $request_url);
$absolute_request_url = 'http'.(isset($_SERVER['HTTPS']) ? 's' : '').'://'.$_SERVER['HTTP_HOST'].$request_url;
if(empty($config['web']['enabled'])) {
require('views/error503.php');
die;
}
if(!empty($_POST)) {
// Check CSRF token
if(isset($_SERVER['HTTP_X_BYPASS_CSRF_PROTECTION']) && $_SERVER['HTTP_X_BYPASS_CSRF_PROTECTION'] == 1) {
// This is being called from script, not a web browser
} elseif(!$active_user->check_csrf_token($_POST['csrf_token'])) {
require('views/csrf.php');
die;
}
}
// Route request to the correct view
$router = new Router;
foreach($routes as $path => $service) {
$public = array_key_exists($path, $public_routes);
$router->add_route($path, $service, $public);
}
$router->handle_request($relative_request_url);
if(isset($router->view)) {
$view = path_join($base_path, 'views', $router->view.'.php');
if(file_exists($view)) {
if($active_user->auth_realm == 'LDAP' || $router->public) {
require($view);
} else {
require('views/error403.php');
}
} else {
throw new Exception("View file $view missing.");
}
}
// Handler for uncaught exceptions
function exception_handler($e) {
global $active_user;
$error_number = time();
error_log("$error_number: ".str_replace("\n", "\n$error_number: ", $e));
while(ob_get_length()) {
ob_end_clean();
}
require('views/error500.php');
die;
}

59
router.php Normal file
View File

@@ -0,0 +1,59 @@
<?php
##
## Copyright 2013-2017 Opera Software AS
##
## Licensed under the Apache License, Version 2.0 (the "License");
## you may not use this file except in compliance with the License.
## You may obtain a copy of the License at
##
## http://www.apache.org/licenses/LICENSE-2.0
##
## Unless required by applicable law or agreed to in writing, software
## distributed under the License is distributed on an "AS IS" BASIS,
## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
## See the License for the specific language governing permissions and
## limitations under the License.
##
class Router {
private $routes = array();
private $route_vars;
public $view = null;
public $public = null;
public $vars = array();
public function add_route($path, $view, $public) {
$this->route_vars = array();
$path = preg_replace_callback('|\\\{([a-z]+)\\\}|', array($this, 'parse_route_variable'), preg_quote($path, '|'));
$route = new StdClass;
$route->view = $view;
$route->vars = $this->route_vars;
$route->public = $public;
$this->routes[$path] = $route;
}
private function parse_route_variable($matches) {
$this->route_vars[] = $matches[1];
return '([^/]*)';
}
public function handle_request($request_path) {
$request_path = preg_replace('|\?.*$|', '', $request_path);
foreach($this->routes as $path => $route) {
if(preg_match('|^'.$path.'$|', $request_path, $matches)) {
$this->view = $route->view;
$this->public = $route->public;
$i = 0;
foreach($route->vars as $var) {
$i++;
if(isset($matches[$i])) {
$this->vars[$var] = urldecode($matches[$i]);
}
}
}
}
if(is_null($this->view)) {
$this->view = 'error404';
}
}
}

55
routes.php Normal file
View File

@@ -0,0 +1,55 @@
<?php
##
## Copyright 2013-2017 Opera Software AS
##
## Licensed under the Apache License, Version 2.0 (the "License");
## you may not use this file except in compliance with the License.
## You may obtain a copy of the License at
##
## http://www.apache.org/licenses/LICENSE-2.0
##
## Unless required by applicable law or agreed to in writing, software
## distributed under the License is distributed on an "AS IS" BASIS,
## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
## See the License for the specific language governing permissions and
## limitations under the License.
##
$routes = array(
'/' => 'home',
'/activity' => 'activity',
'/bulk_mail' => 'bulk_mail',
'/bulk_mail/{recipients}' => 'bulk_mail',
'/groups' => 'groups',
'/groups/{group}' => 'group',
'/groups/{group}/members.{format}' => 'group',
'/groups/{group}/access_rules/{access}' => 'access_options',
'/help' => 'help',
'/pubkeys' => 'pubkeys',
'/pubkeys.{format}' => 'pubkeys',
'/pubkeys/{key}' => 'pubkey',
'/pubkeys/{key}.{format}' => 'pubkey',
'/servers' => 'servers',
'/servers.{format}' => 'servers',
'/servers/{hostname}' => 'server',
'/servers/{hostname}/accounts/{account}' => 'serveraccount',
'/servers/{hostname}/accounts/{account}/access_rules/{access}' => 'access_options',
'/servers/{hostname}/accounts/{account}/sync_status' => 'serveraccount_sync_status',
'/servers/{hostname}/status.{format}' => 'server',
'/servers/{hostname}/sync_status' => 'server_sync_status',
'/tools' => 'tools',
'/users' => 'users',
'/users/{username}' => 'user',
'/users/{username}/pubkeys' => 'user_pubkeys',
'/users/{username}/pubkeys.{format}' => 'user_pubkeys',
'/users/{username}/pubkeys/{key}' => 'pubkey',
'/users/{username}/pubkeys/{key}.{format}' => 'pubkey',
);
$public_routes = array(
'/groups/{group}/members.{format}' => true,
'/pubkeys/{key}.{format}' => true,
'/users/{username}' => true,
'/users/{username}/pubkeys.{format}' => true,
'/users/{username}/pubkeys/{key}.{format}' => true,
);

360
schema.sql Normal file
View File

@@ -0,0 +1,360 @@
/*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;
/*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */;
/*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */;
/*!40101 SET NAMES utf8 */;
/*!40103 SET @OLD_TIME_ZONE=@@TIME_ZONE */;
/*!40103 SET TIME_ZONE='+00:00' */;
/*!40014 SET @OLD_UNIQUE_CHECKS=@@UNIQUE_CHECKS, UNIQUE_CHECKS=0 */;
/*!40014 SET @OLD_FOREIGN_KEY_CHECKS=@@FOREIGN_KEY_CHECKS, FOREIGN_KEY_CHECKS=0 */;
/*!40101 SET @OLD_SQL_MODE=@@SQL_MODE, SQL_MODE='NO_AUTO_VALUE_ON_ZERO' */;
/*!40111 SET @OLD_SQL_NOTES=@@SQL_NOTES, SQL_NOTES=0 */;
--
-- Table structure for table `access`
--
CREATE TABLE `access` (
`id` int(10) unsigned NOT NULL AUTO_INCREMENT,
`source_entity_id` int(10) unsigned NOT NULL,
`dest_entity_id` int(10) unsigned NOT NULL,
`grant_date` datetime NOT NULL,
`granted_by` int(10) unsigned NOT NULL,
PRIMARY KEY (`id`),
UNIQUE KEY `source_entity_id_dest_entity_id` (`source_entity_id`,`dest_entity_id`),
KEY `FK_access_entity_2` (`dest_entity_id`),
KEY `FK_access_entity_3` (`granted_by`),
CONSTRAINT `FK_access_entity` FOREIGN KEY (`source_entity_id`) REFERENCES `entity` (`id`) ON DELETE CASCADE,
CONSTRAINT `FK_access_entity_2` FOREIGN KEY (`dest_entity_id`) REFERENCES `entity` (`id`) ON DELETE CASCADE,
CONSTRAINT `FK_access_entity_3` FOREIGN KEY (`granted_by`) REFERENCES `entity` (`id`) ON DELETE CASCADE
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=COMPACT;
--
-- Table structure for table `access_option`
--
CREATE TABLE `access_option` (
`id` int(10) unsigned NOT NULL AUTO_INCREMENT,
`access_id` int(10) unsigned NOT NULL,
`option` enum('command','from','no-agent-forwarding','no-port-forwarding','no-pty','no-X11-forwarding') NOT NULL,
`value` text,
PRIMARY KEY (`id`),
UNIQUE KEY `access_id_option` (`access_id`,`option`),
CONSTRAINT `FK_access_option_access` FOREIGN KEY (`access_id`) REFERENCES `access` (`id`) ON DELETE CASCADE
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
--
-- Table structure for table `access_request`
--
CREATE TABLE `access_request` (
`id` int(10) unsigned NOT NULL AUTO_INCREMENT,
`source_entity_id` int(10) unsigned NOT NULL,
`dest_entity_id` int(10) unsigned NOT NULL,
`request_date` datetime NOT NULL,
`requested_by` int(10) unsigned NOT NULL,
PRIMARY KEY (`id`),
UNIQUE KEY `source_entity_id_dest_entity_id` (`source_entity_id`,`dest_entity_id`),
KEY `FK_access_request_entity_2` (`dest_entity_id`),
KEY `FK_access_request_entity_3` (`requested_by`),
CONSTRAINT `FK_access_request_entity` FOREIGN KEY (`source_entity_id`) REFERENCES `entity` (`id`) ON DELETE CASCADE,
CONSTRAINT `FK_access_request_entity_2` FOREIGN KEY (`dest_entity_id`) REFERENCES `entity` (`id`) ON DELETE CASCADE,
CONSTRAINT `FK_access_request_entity_3` FOREIGN KEY (`requested_by`) REFERENCES `entity` (`id`) ON DELETE CASCADE
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=COMPACT;
--
-- Table structure for table `entity`
--
CREATE TABLE `entity` (
`id` int(10) unsigned NOT NULL AUTO_INCREMENT,
`type` enum('user','server account','group') NOT NULL,
PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
--
-- Table structure for table `entity_admin`
--
CREATE TABLE `entity_admin` (
`entity_id` int(10) unsigned NOT NULL,
`admin` int(10) unsigned NOT NULL,
PRIMARY KEY (`entity_id`,`admin`),
KEY `FK_entity_admin_entity_2` (`admin`),
CONSTRAINT `FK_entity_admin_entity` FOREIGN KEY (`entity_id`) REFERENCES `entity` (`id`) ON DELETE CASCADE,
CONSTRAINT `FK_entity_admin_entity_2` FOREIGN KEY (`admin`) REFERENCES `entity` (`id`) ON DELETE CASCADE
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=COMPACT;
--
-- Table structure for table `entity_event`
--
CREATE TABLE `entity_event` (
`id` int(10) unsigned NOT NULL AUTO_INCREMENT,
`entity_id` int(10) unsigned NOT NULL,
`actor_id` int(10) unsigned NOT NULL,
`date` datetime NOT NULL,
`details` mediumtext NOT NULL,
PRIMARY KEY (`id`),
KEY `FK_entity_event_entity_id` (`entity_id`),
KEY `FK_entity_event_actor_id` (`actor_id`),
CONSTRAINT `FK_entity_event_actor_id` FOREIGN KEY (`actor_id`) REFERENCES `entity` (`id`),
CONSTRAINT `FK_entity_event_entity_id` FOREIGN KEY (`entity_id`) REFERENCES `entity` (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
--
-- Table structure for table `group`
--
CREATE TABLE `group` (
`entity_id` int(10) unsigned NOT NULL,
`name` varchar(100) NOT NULL,
`active` tinyint(1) unsigned NOT NULL DEFAULT '1',
`system` tinyint(1) unsigned NOT NULL DEFAULT '0',
PRIMARY KEY (`entity_id`),
UNIQUE KEY `name` (`name`),
CONSTRAINT `FK_group_entity` FOREIGN KEY (`entity_id`) REFERENCES `entity` (`id`) ON DELETE CASCADE
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
--
-- Table structure for table `group_event`
--
CREATE TABLE `group_event` (
`id` int(10) unsigned NOT NULL AUTO_INCREMENT,
`group` int(10) unsigned NOT NULL,
`entity_id` int(10) unsigned NOT NULL,
`date` datetime NOT NULL,
`details` mediumtext NOT NULL,
PRIMARY KEY (`id`),
KEY `FK_group_event_group` (`group`),
KEY `FK_group_event_entity` (`entity_id`),
CONSTRAINT `FK_group_event_entity` FOREIGN KEY (`entity_id`) REFERENCES `entity` (`id`),
CONSTRAINT `FK_group_event_group` FOREIGN KEY (`group`) REFERENCES `group` (`entity_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=COMPACT;
--
-- Table structure for table `group_member`
--
CREATE TABLE `group_member` (
`id` int(10) unsigned NOT NULL AUTO_INCREMENT,
`group` int(10) unsigned NOT NULL,
`entity_id` int(10) unsigned NOT NULL,
`add_date` datetime NOT NULL,
`added_by` int(10) unsigned NOT NULL,
PRIMARY KEY (`id`),
UNIQUE KEY `group_entity_id` (`group`,`entity_id`),
KEY `FK_group_member_entity` (`entity_id`),
KEY `FK_group_member_entity_2` (`added_by`),
CONSTRAINT `FK_group_member_entity` FOREIGN KEY (`entity_id`) REFERENCES `entity` (`id`) ON DELETE CASCADE,
CONSTRAINT `FK_group_member_entity_2` FOREIGN KEY (`added_by`) REFERENCES `entity` (`id`),
CONSTRAINT `FK_group_member_group` FOREIGN KEY (`group`) REFERENCES `group` (`entity_id`) ON DELETE CASCADE
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=COMPACT;
--
-- Table structure for table `public_key`
--
CREATE TABLE `public_key` (
`id` int(10) unsigned NOT NULL AUTO_INCREMENT,
`entity_id` int(10) unsigned NOT NULL,
`type` varchar(30) NOT NULL,
`keydata` mediumtext NOT NULL,
`comment` mediumtext NOT NULL,
`keysize` int(11) DEFAULT NULL,
`fingerprint_md5` char(47) DEFAULT NULL,
`fingerprint_sha256` varchar(50) DEFAULT NULL,
`randomart_md5` text,
`randomart_sha256` text,
PRIMARY KEY (`id`),
KEY `FK_public_key_entity` (`entity_id`),
CONSTRAINT `FK_public_key_entity` FOREIGN KEY (`entity_id`) REFERENCES `entity` (`id`) ON DELETE CASCADE
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
--
-- Table structure for table `public_key_dest_rule`
--
CREATE TABLE `public_key_dest_rule` (
`id` int(10) unsigned NOT NULL AUTO_INCREMENT,
`public_key_id` int(10) unsigned NOT NULL,
`account_name_filter` varchar(50) NOT NULL,
`hostname_filter` varchar(255) NOT NULL,
PRIMARY KEY (`id`),
KEY `FK_public_key_dest_rule_public_key` (`public_key_id`),
CONSTRAINT `FK_public_key_dest_rule_public_key` FOREIGN KEY (`public_key_id`) REFERENCES `public_key` (`id`) ON DELETE CASCADE
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
--
-- Table structure for table `public_key_signature`
--
CREATE TABLE `public_key_signature` (
`id` int(10) unsigned NOT NULL AUTO_INCREMENT,
`public_key_id` int(10) unsigned NOT NULL,
`signature` blob NOT NULL,
`upload_date` datetime NOT NULL,
`fingerprint` varchar(50) NOT NULL,
`sign_date` datetime NOT NULL,
PRIMARY KEY (`id`),
KEY `FK_public_key_signature_public_key` (`public_key_id`),
CONSTRAINT `FK_public_key_signature_public_key` FOREIGN KEY (`public_key_id`) REFERENCES `public_key` (`id`) ON DELETE CASCADE
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
--
-- Table structure for table `server`
--
CREATE TABLE `server` (
`id` int(10) unsigned NOT NULL AUTO_INCREMENT,
`uuid` varchar(36) DEFAULT NULL,
`hostname` varchar(150) NOT NULL,
`ip_address` varchar(64) DEFAULT NULL,
`deleted` tinyint(1) unsigned NOT NULL DEFAULT '0',
`key_management` enum('none','keys','other','decommissioned') NOT NULL DEFAULT 'keys',
`authorization` enum('manual','automatic LDAP','manual LDAP') NOT NULL DEFAULT 'manual',
`use_sync_client` enum('no','yes') NOT NULL DEFAULT 'no',
`sync_status` enum('not synced yet','sync success','sync failure','sync warning') NOT NULL DEFAULT 'not synced yet',
`configuration_system` enum('unknown','cf-sysadmin','puppet-devops','puppet-miniops','puppet-tvstore','none') NOT NULL DEFAULT 'unknown',
`custom_keys` enum('not allowed','allowed') NOT NULL DEFAULT 'not allowed',
`rsa_key_fingerprint` char(32) DEFAULT NULL,
PRIMARY KEY (`id`),
UNIQUE KEY `hostname` (`hostname`),
KEY `ip_address` (`ip_address`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
--
-- Table structure for table `server_account`
--
CREATE TABLE `server_account` (
`entity_id` int(10) unsigned NOT NULL,
`server_id` int(10) unsigned NOT NULL,
`name` varchar(50) DEFAULT NULL,
`sync_status` enum('not synced yet','sync success','sync failure','sync warning','proposed') NOT NULL DEFAULT 'not synced yet',
`active` tinyint(1) unsigned NOT NULL DEFAULT '1',
PRIMARY KEY (`entity_id`),
UNIQUE KEY `server_id_name` (`server_id`,`name`),
KEY `FK_server_account_server` (`server_id`),
CONSTRAINT `FK_server_account_entity` FOREIGN KEY (`entity_id`) REFERENCES `entity` (`id`) ON DELETE CASCADE,
CONSTRAINT `FK_server_account_server` FOREIGN KEY (`server_id`) REFERENCES `server` (`id`) ON DELETE CASCADE
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
--
-- Table structure for table `server_admin`
--
CREATE TABLE `server_admin` (
`server_id` int(10) unsigned NOT NULL,
`entity_id` int(10) unsigned NOT NULL,
PRIMARY KEY (`server_id`,`entity_id`),
KEY `FK_server_admin_entity` (`entity_id`),
CONSTRAINT `FK_server_admin_entity` FOREIGN KEY (`entity_id`) REFERENCES `entity` (`id`) ON DELETE CASCADE,
CONSTRAINT `FK_server_admin_server` FOREIGN KEY (`server_id`) REFERENCES `server` (`id`) ON DELETE CASCADE
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
--
-- Table structure for table `server_event`
--
CREATE TABLE `server_event` (
`id` int(10) unsigned NOT NULL AUTO_INCREMENT,
`server_id` int(10) unsigned NOT NULL,
`actor_id` int(10) unsigned NOT NULL,
`date` datetime NOT NULL,
`details` mediumtext NOT NULL,
PRIMARY KEY (`id`),
KEY `FK_server_log_server` (`server_id`),
KEY `FK_server_event_actor_id` (`actor_id`),
CONSTRAINT `FK_server_event_actor_id` FOREIGN KEY (`actor_id`) REFERENCES `entity` (`id`),
CONSTRAINT `FK_server_log_server` FOREIGN KEY (`server_id`) REFERENCES `server` (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
--
-- Table structure for table `server_ldap_access_option`
--
CREATE TABLE `server_ldap_access_option` (
`id` int(10) unsigned NOT NULL AUTO_INCREMENT,
`server_id` int(10) unsigned NOT NULL,
`option` enum('command','from','no-agent-forwarding','no-port-forwarding','no-pty','no-X11-forwarding') NOT NULL,
`value` text,
PRIMARY KEY (`id`),
UNIQUE KEY `server_id_option` (`server_id`,`option`),
CONSTRAINT `FK_server_ldap_access_option_server` FOREIGN KEY (`server_id`) REFERENCES `server` (`id`) ON DELETE CASCADE
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
--
-- Table structure for table `server_note`
--
CREATE TABLE `server_note` (
`id` int(10) unsigned NOT NULL AUTO_INCREMENT,
`server_id` int(10) unsigned NOT NULL,
`entity_id` int(10) unsigned NOT NULL,
`date` datetime NOT NULL,
`note` mediumtext NOT NULL,
PRIMARY KEY (`id`),
KEY `FK_server_note_server` (`server_id`),
KEY `FK_server_note_user` (`entity_id`),
CONSTRAINT `FK_server_note_entity` FOREIGN KEY (`entity_id`) REFERENCES `entity` (`id`),
CONSTRAINT `FK_server_note_server` FOREIGN KEY (`server_id`) REFERENCES `server` (`id`) ON DELETE CASCADE
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
--
-- Table structure for table `sync_request`
--
CREATE TABLE `sync_request` (
`id` int(10) unsigned NOT NULL AUTO_INCREMENT,
`server_id` int(10) unsigned NOT NULL,
`account_name` varchar(50) DEFAULT NULL,
`processing` tinyint(1) unsigned NOT NULL DEFAULT '0',
PRIMARY KEY (`id`),
UNIQUE KEY `server_id_account_name` (`server_id`,`account_name`),
CONSTRAINT `FK_sync_request_server` FOREIGN KEY (`server_id`) REFERENCES `server` (`id`) ON DELETE CASCADE
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
--
-- Table structure for table `user`
--
CREATE TABLE `user` (
`entity_id` int(10) unsigned NOT NULL,
`uid` varchar(50) NOT NULL,
`name` varchar(100) NOT NULL,
`email` varchar(100) NOT NULL,
`superior_entity_id` int(10) unsigned DEFAULT NULL,
`auth_realm` enum('LDAP','local','external') NOT NULL DEFAULT 'LDAP',
`active` tinyint(1) unsigned NOT NULL DEFAULT '1',
`admin` tinyint(1) unsigned NOT NULL DEFAULT '0',
`developer` tinyint(1) unsigned NOT NULL DEFAULT '0',
`force_disable` tinyint(1) unsigned NOT NULL DEFAULT '0',
`csrf_token` binary(128) DEFAULT NULL,
PRIMARY KEY (`entity_id`),
UNIQUE KEY `uid` (`uid`),
CONSTRAINT `FK_user_entity` FOREIGN KEY (`entity_id`) REFERENCES `entity` (`id`) ON DELETE CASCADE
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
--
-- Table structure for table `user_alert`
--
CREATE TABLE `user_alert` (
`id` int(10) unsigned NOT NULL AUTO_INCREMENT,
`entity_id` int(10) unsigned NOT NULL,
`class` varchar(15) NOT NULL,
`content` mediumtext NOT NULL,
`escaping` int(10) unsigned NOT NULL DEFAULT '1',
PRIMARY KEY (`id`),
KEY `FK_user_alert_entity` (`entity_id`),
CONSTRAINT `FK_user_alert_entity` FOREIGN KEY (`entity_id`) REFERENCES `entity` (`id`) ON DELETE CASCADE
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
/*!40101 SET SQL_MODE=@OLD_SQL_MODE */;
/*!40014 SET FOREIGN_KEY_CHECKS=@OLD_FOREIGN_KEY_CHECKS */;
/*!40014 SET UNIQUE_CHECKS=@OLD_UNIQUE_CHECKS */;
/*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */;
/*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */;
/*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;
/*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */;

98
scripts/ldap_update.php Executable file
View File

@@ -0,0 +1,98 @@
#!/usr/bin/php
<?php
##
## Copyright 2013-2017 Opera Software AS
##
## Licensed under the Apache License, Version 2.0 (the "License");
## you may not use this file except in compliance with the License.
## You may obtain a copy of the License at
##
## http://www.apache.org/licenses/LICENSE-2.0
##
## Unless required by applicable law or agreed to in writing, software
## distributed under the License is distributed on an "AS IS" BASIS,
## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
## See the License for the specific language governing permissions and
## limitations under the License.
##
chdir(__DIR__);
require('../core.php');
$users = $user_dir->list_users();
// Use 'keys-sync' user as the active user (create if it does not yet exist)
try {
$active_user = $user_dir->get_user_by_uid('keys-sync');
} catch(UserNotFoundException $e) {
$active_user = new User;
$active_user->uid = 'keys-sync';
$active_user->name = 'Synchronization script';
$active_user->active = 1;
$active_user->admin = 1;
$active_user->developer = 0;
$user_dir->add_user($active_user);
}
try {
$sysgrp = $group_dir->get_group_by_name($config['ldap']['admin_group_cn']);
} catch(GroupNotFoundException $e) {
$sysgrp = new Group;
$sysgrp->name = $config['ldap']['admin_group_cn'];
$sysgrp->system = 1;
$group_dir->add_group($sysgrp);
}
foreach($users as $user) {
if($user->auth_realm == 'LDAP') {
$active = $user->active;
try {
$user->get_details_from_ldap();
$user->update();
if(isset($config['ldap']['user_superior'])) {
$user->get_superior_from_ldap();
}
} catch(UserNotFoundException $e) {
$user->active = 0;
}
if($active && !$user->active) {
// Check for servers that will now be admin-less
$servers = $user->list_admined_servers();
foreach($servers as $server) {
$server_admins = $server->list_effective_admins();
$total_server_admins = 0;
foreach($server_admins as $server_admin) {
if($server_admin->active) $total_server_admins++;
}
if($total_server_admins == 0) {
if(isset($config['ldap']['user_superior'])) {
$rcpt = $user->superior;
while(!is_null($rcpt) && !$rcpt->active) {
$rcpt = $rcpt->superior;
}
}
$email = new Email;
$email->subject = "Server {$server->hostname} has been orphaned";
$email->body = "{$user->name} ({$user->uid}) was an administrator for {$server->hostname}, but they have now been marked as a former employee and there are no active administrators remaining for this server.\n\n";
$email->body .= "Please find a replacement owner for this server and inform {$config['email']['admin_address']} ASAP, otherwise the server will be registered for decommissioning.";
$email->add_reply_to($config['email']['admin_address'], $config['email']['admin_name']);
if(is_null($rcpt)) {
$email->subject .= " - NO SUPERIOR EMPLOYEE FOUND";
$email->body .= "\n\nWARNING: No suitable superior employee could be found!";
$email->add_recipient($config['email']['report_address'], $config['email']['report_name']);
} else {
$email->add_recipient($rcpt->email, $rcpt->name);
$email->add_cc($config['email']['report_address'], $config['email']['report_name']);
}
$email->send();
}
}
}
if($user->admin && $user->active && !$user->member_of($sysgrp)) {
$sysgrp->add_member($user);
}
if(!($user->admin && $user->active) && $user->member_of($sysgrp)) {
$sysgrp->delete_member($user);
}
$user->update();
}
}

30
scripts/pubkey_update.php Executable file
View File

@@ -0,0 +1,30 @@
#!/usr/bin/php
<?php
##
## Copyright 2013-2017 Opera Software AS
##
## Licensed under the Apache License, Version 2.0 (the "License");
## you may not use this file except in compliance with the License.
## You may obtain a copy of the License at
##
## http://www.apache.org/licenses/LICENSE-2.0
##
## Unless required by applicable law or agreed to in writing, software
## distributed under the License is distributed on an "AS IS" BASIS,
## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
## See the License for the specific language governing permissions and
## limitations under the License.
##
chdir(__DIR__);
require('../core.php');
$pubkeys = $pubkey_dir->list_public_keys();
foreach($pubkeys as $pubkey) {
try {
$pubkey->import($pubkey->export(), null, true);
$pubkey->update();
} catch(InvalidArgumentException $e) {
echo "Invalid public key {$pubkey->id}\n";
}
}

82
scripts/sync-common.php Normal file
View File

@@ -0,0 +1,82 @@
<?php
##
## Copyright 2013-2017 Opera Software AS
##
## Licensed under the Apache License, Version 2.0 (the "License");
## you may not use this file except in compliance with the License.
## You may obtain a copy of the License at
##
## http://www.apache.org/licenses/LICENSE-2.0
##
## Unless required by applicable law or agreed to in writing, software
## distributed under the License is distributed on an "AS IS" BASIS,
## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
## See the License for the specific language governing permissions and
## limitations under the License.
##
/**
* Synchronization child process object
*/
class SyncProcess {
private $handle;
private $pipes;
private $output;
private $errors;
private $request;
/**
* Create a new sync process
* @param string $command command to run
* @param array $args arguments
* @param Request $request object that triggered this sync
*/
public function __construct($command, $args, $request = null) {
$this->request = $request;
$this->output = '';
$descriptorspec = array(
0 => array("pipe", "r"), // stdin
1 => array("pipe", "w"), // stdout
2 => array("pipe", "w"), // stderr
3 => array("pipe", "w") //
);
$commandline = '/usr/bin/timeout 60s '.$command.' '.implode(' ', array_map('escapeshellarg', $args));
$this->handle = proc_open($commandline, $descriptorspec, $this->pipes);
stream_set_blocking($this->pipes[1], 0);
stream_set_blocking($this->pipes[2], 0);
}
/**
* Get data from the child process
* @return string output from the child process
*/
public function get_data() {
if(isset($this->handle) && is_resource($this->handle)) {
$out = fread($this->pipes[1], 4096);
$this->output .= $out;
$this->errors .= fread($this->pipes[2], 4096);
if(feof($this->pipes[1]) && feof($this->pipes[2])) {
foreach($this->pipes as $ref => $pipe) {
fclose($this->pipes[$ref]);
}
unset($this->handle);
if($this->errors) {
echo $this->errors;
$this->output = '';
}
return array('done' => true, 'output' => $this->output);
}
}
}
/**
* Delete the request that triggered this sync
*/
public function __destruct() {
global $sync_request_dir;
if(!is_null($this->request)) {
$sync_request_dir->delete_sync_request($this->request);
}
}
}

553
scripts/sync.php Executable file
View File

@@ -0,0 +1,553 @@
#!/usr/bin/php
<?php
##
## Copyright 2013-2017 Opera Software AS
##
## Licensed under the Apache License, Version 2.0 (the "License");
## you may not use this file except in compliance with the License.
## You may obtain a copy of the License at
##
## http://www.apache.org/licenses/LICENSE-2.0
##
## Unless required by applicable law or agreed to in writing, software
## distributed under the License is distributed on an "AS IS" BASIS,
## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
## See the License for the specific language governing permissions and
## limitations under the License.
##
chdir(__DIR__);
require('../core.php');
require('sync-common.php');
$required_files = array('config/keys-sync', 'config/keys-sync.pub');
foreach($required_files as $file) {
if(!file_exists($file)) die("Sync cannot start - $file not found.\n");
}
// Parse the command-line arguments
$options = getopt('h:i:au:p', array('help', 'host:', 'id:', 'all', 'user:', 'preview'));
if(isset($options['help'])) {
show_help();
exit(0);
}
$short_to_long = array(
'h' => 'host',
'i' => 'id',
'a' => 'all',
'u' => 'user',
'p' => 'preview'
);
foreach($short_to_long as $short => $long) {
if(isset($options[$short]) && isset($options[$long])) {
echo "Error: short form -$short and long form --$long both specified\n";
show_help();
exit(1);
}
if(isset($options[$short])) $options[$long] = $options[$short];
}
$hostopts = 0;
if(isset($options['host'])) $hostopts++;
if(isset($options['id'])) $hostopts++;
if(isset($options['all'])) $hostopts++;
if($hostopts != 1) {
echo "Error: must specify exactly one of --host, --id, or --all\n";
show_help();
exit(1);
}
if(isset($options['user'])) {
$username = $options['user'];
} else {
$username = null;
}
$preview = isset($options['preview']);
// Use 'keys-sync' user as the active user (create if it does not yet exist)
try {
$active_user = $user_dir->get_user_by_uid('keys-sync');
} catch(UserNotFoundException $e) {
$active_user = new User;
$active_user->uid = 'keys-sync';
$active_user->name = 'Synchronization script';
$active_user->active = 1;
$active_user->admin = 1;
$active_user->developer = 0;
$user_dir->add_user($active_user);
}
// Build list of servers to sync
if(isset($options['all'])) {
$servers = $server_dir->list_servers();
} elseif(isset($options['host'])) {
$servers = array();
$hostnames = explode(",", $options['host']);
foreach($hostnames as $hostname) {
$hostname = trim($hostname);
try {
$servers[] = $server_dir->get_server_by_hostname($hostname);
} catch(ServerNotFoundException $e) {
echo "Error: hostname '$hostname' not found\n";
exit(1);
}
}
} elseif(isset($options['id'])) {
sync_server($options['id'], $username, $preview);
exit(0);
}
$pending_syncs = array();
foreach($servers as $server) {
if($server->key_management != 'keys') {
continue;
}
$pending_syncs[$server->hostname] = $server;
}
$sync_procs = array();
define('MAX_PROCS', 20);
while(count($sync_procs) > 0 || count($pending_syncs) > 0) {
while(count($sync_procs) < MAX_PROCS && count($pending_syncs) > 0) {
$server = reset($pending_syncs);
$hostname = key($pending_syncs);
$args = array();
$args[] = '--id';
$args[] = $server->id;
if(!is_null($username)) {
$args[] = '--user';
$args[] = $username;
}
if($preview) {
$args[] = '--preview';
}
$sync_procs[] = new SyncProcess(__FILE__, $args);
unset($pending_syncs[$hostname]);
}
foreach($sync_procs as $ref => $sync_proc) {
$data = $sync_proc->get_data();
if(!empty($data)) {
echo $data['output'];
unset($sync_procs[$ref]);
}
}
usleep(200000);
}
function show_help() {
?>
Usage: sync.php [OPTIONS]
Syncs public keys to the specified hosts.
Mandatory arguments to long options are mandatory for short options too.
-a, --all sync with all active hosts in the database
-h, --host=HOSTNAME sync only the specified host(s)
(specified by name, comma-separated)
-i, --id=ID sync only the specified single host
(specified by id)
-u, --user sync only the specified user account
-p, --preview perform no changes, display content of all
keyfiles
--help display this help and exit
<?php
}
function sync_server($id, $only_username = null, $preview = false) {
global $config;
global $server_dir;
global $user_dir;
$keydir = '/var/local/keys-sync';
$header = "## Auto generated keys file for %s
## Do not edit this file! Modify at %s
";
$header_no_link = "## Auto generated keys file for %s
## Do not edit this file!
";
$ska_key = file_get_contents('config/keys-sync.pub');
$server = $server_dir->get_server_by_id($id);
$hostname = $server->hostname;
echo date('c')." {$hostname}: Preparing sync.\n";
$server->ip_address = gethostbyname($hostname);
$server->update();
if($server->key_management != 'keys') return;
$accounts = $server->list_accounts();
$keyfiles = array();
$sync_warning = false;
// Generate keyfiles for each account
foreach($accounts as $account) {
if($account->active == 0 || $account->sync_status == 'proposed') continue;
$username = str_replace('/', '', $account->name);
$keyfile = sprintf($header, "account '{$account->name}'", $config['web']['baseurl']."/servers/".urlencode($hostname)."/accounts/".urlencode($account->name));
// Collect a set of all groups that the account is a member of (directly or indirectly) and the account itself
$sets = $account->list_group_membership();
$sets[] = $account;
foreach($sets as $set) {
if(get_class($set) == 'Group') {
if($set->active == 0) continue; // Rules for inactive groups should be ignored
$keyfile .= "# === Start of rules applied due to membership in {$set->name} group ===\n";
}
$access_rules = $set->list_access();
$keyfile .= get_keys($access_rules, $account->name, $hostname);
if(get_class($set) == 'Group') {
$keyfile .= "# === End of rules applied due to membership in {$set->name} group ===\n\n";
}
}
$keyfiles[$username] = array('keyfile' => $keyfile, 'check' => false, 'account' => $account);
}
if($server->authorization == 'automatic LDAP' || $server->authorization == 'manual LDAP') {
// Generate keyfiles for LDAP users
$optiontext = array();
foreach($server->list_ldap_access_options() as $option) {
$optiontext[] = $option->option.(is_null($option->value) ? '' : '="'.str_replace('"', '\\"', $option->value).'"');
}
$prefix = implode(',', $optiontext);
if($prefix !== '') $prefix .= ' ';
$users = $user_dir->list_users();
foreach($users as $user) {
$username = str_replace('/', '', $user->uid);
if(is_null($only_username) || $username == $only_username) {
if(!isset($keyfiles[$username])) {
$keyfile = sprintf($header, "LDAP user '{$user->uid}'", $config['web']['baseurl']);
$keys = $user->list_public_keys($username, $hostname);
if(count($keys) > 0) {
if($user->active) {
foreach($keys as $key) {
$keyfile .= $prefix.$key->export()."\n";
}
} else {
$keyfile .= "# Inactive account\n";
}
$keyfiles[$username] = array('keyfile' => $keyfile, 'check' => ($server->authorization == 'manual LDAP'));
}
}
}
}
}
if(array_key_exists('keys-sync', $keyfiles)) {
// keys-sync account should never be synced
unset($keyfiles['keys-sync']);
}
if($preview) {
foreach($keyfiles as $username => $keyfile) {
echo date('c')." {$hostname}: account '$username':\n\n\033[1;34m{$keyfile['keyfile']}\033[0m\n\n";
}
return;
}
// IP address check
echo date('c')." {$hostname}: Checking IP address {$server->ip_address}.\n";
$matching_servers = $server_dir->list_servers(array(), array('ip_address' => $server->ip_address, 'key_management' => array('keys')));
if(count($matching_servers) > 1) {
echo date('c')." {$hostname}: Multiple hosts with same IP address.\n";
$server->sync_report('sync failure', 'Multiple hosts with same IP address');
$server->delete_all_sync_requests();
report_all_accounts_failed($keyfiles);
return;
}
// This is working around deficiencies in the ssh2 library. In some cases, ssh connection attempts will fail, and
// the socket timeout of 60 seconds is somehow not triggered. Script execution timeout is also not triggered.
// Reproducing this problem is not easy - dropping packets to port 22 is not sufficient (it will timeout correctly).
// To workaround, we wrap calls to this script with 'timeout' shell command, and from this point on until we have
// established a connection, catch SIGTERM and report server sync failure if received
declare(ticks = 1);
pcntl_signal(SIGTERM, function($signal) use($server, $hostname, $keyfiles) {
echo date('c')." {$hostname}: SSH connection timed out.\n";
$server->sync_report('sync failure', 'SSH connection timed out');
$server->delete_all_sync_requests();
report_all_accounts_failed($keyfiles);
exit(1);
});
echo date('c')." {$hostname}: Attempting to connect.\n";
$legacy = false;
$attempts = array('keys-sync', 'root');
foreach($attempts as $attempt) {
try {
$connection = ssh2_connect($hostname, 22);
} catch(ErrorException $e) {
echo date('c')." {$hostname}: Failed to connect.\n";
$server->sync_report('sync failure', 'SSH connection failed');
$server->delete_all_sync_requests();
report_all_accounts_failed($keyfiles);
return;
}
$fingerprint = ssh2_fingerprint($connection, SSH2_FINGERPRINT_MD5 | SSH2_FINGERPRINT_HEX);
if(is_null($server->rsa_key_fingerprint)) {
$server->rsa_key_fingerprint = $fingerprint;
$server->update();
} else {
if(strcmp($server->rsa_key_fingerprint, $fingerprint) !== 0) {
echo date('c')." {$hostname}: RSA key validation failed.\n";
$server->sync_report('sync failure', 'SSH host key verification failed');
$server->delete_all_sync_requests();
report_all_accounts_failed($keyfiles);
return;
}
}
try {
ssh2_auth_pubkey_file($connection, $attempt, 'config/keys-sync.pub', 'config/keys-sync');
echo date('c')." {$hostname}: Logged in as $attempt.\n";
break;
} catch(ErrorException $e) {
$legacy = true;
if($attempt == 'root') {
echo date('c')." {$hostname}: Public key authentication failed.\n";
$server->sync_report('sync failure', 'SSH authentication failed');
$server->delete_all_sync_requests();
report_all_accounts_failed($keyfiles);
return;
}
}
}
try {
$sftp = ssh2_sftp($connection);
} catch(ErrorException $e) {
echo date('c')." {$hostname}: SFTP subsystem setup failed.\n";
$server->sync_report('sync failure', 'SFTP subsystem failed');
$server->delete_all_sync_requests();
report_all_accounts_failed($keyfiles);
return;
}
try {
$dir = ssh2_sftp_stat($sftp, $keydir);
} catch(ErrorException $e) {
echo date('c')." {$hostname}: Key directory does not exist.\n";
$dir = null;
$sync_warning = 'Key directory does not exist';
}
if($legacy && !$sync_warning) {
$sync_warning = 'Using legacy sync method';
}
// From this point on, catch SIGTERM and ignore. SIGINT or SIGKILL is required to stop, so timeout wrapper won't
// cause a partial sync
pcntl_signal(SIGTERM, SIG_IGN);
$account_errors = 0;
$cleanup_errors = 0;
if($legacy && isset($keyfiles['root'])) {
// Legacy sync (only if using root account)
$keyfile = $keyfiles['root'];
try {
$local_filename = tempnam('/tmp', 'syncfile');
$fh = fopen($local_filename, 'w');
fwrite($fh, $keyfile['keyfile'].$ska_key);
fclose($fh);
ssh2_scp_send($connection, $local_filename, '/root/.ssh/authorized_keys2', 0600);
unlink($local_filename);
if(isset($keyfile['account'])) {
$keyfile['account']->sync_report('sync success');
}
} catch(ErrorException $e) {
echo date('c')." {$hostname}: Sync command execution failed for legacy root.\n";
$account_errors++;
if(isset($keyfile['account'])) {
$keyfile['account']->sync_report('sync failure');
}
}
}
// New sync
if($dir) {
$stream = ssh2_exec($connection, '/usr/bin/sha1sum '.escapeshellarg($keydir).'/*');
stream_set_blocking($stream, true);
$entries = explode("\n", stream_get_contents($stream));
$sha1sums = array();
foreach($entries as $entry) {
if(preg_match('|^([0-9a-f]{40}) '.preg_quote($keydir, '|').'/(.*)$|', $entry, $matches)) {
$sha1sums[$matches[2]] = $matches[1];
}
}
fclose($stream);
foreach($keyfiles as $username => $keyfile) {
if(is_null($only_username) || $username == $only_username) {
try {
$remote_filename = "$keydir/$username";
$remote_entity = "ssh2.sftp://$sftp$remote_filename";
$create = true;
if($keyfile['check']) {
$stream = ssh2_exec($connection, 'id '.escapeshellarg($username));
stream_set_blocking($stream, 1);
$output = stream_get_contents($stream);
fclose($stream);
if(empty($output)) $create = false;
}
if($create) {
if(isset($sha1sums[$username]) && $sha1sums[$username] == sha1($keyfile['keyfile'])) {
echo date('c')." {$hostname}: No changes required for {$username}\n";
} else {
file_put_contents($remote_entity, $keyfile['keyfile']);
ssh2_exec($connection, 'chown keys-sync: '.escapeshellarg($remote_filename));
echo date('c')." {$hostname}: Updated {$username}\n";
}
if(isset($sha1sums[$username])) {
unset($sha1sums[$username]);
}
} else {
ssh2_sftp_unlink($sftp, $remote_filename);
}
if(isset($keyfile['account'])) {
if($sync_warning && $username != 'root') {
// File was synced, but will not work due to configuration on server
$keyfile['account']->sync_report('sync warning');
} else {
$keyfile['account']->sync_report('sync success');
}
}
} catch(ErrorException $e) {
$account_errors++;
echo "{$hostname}: Sync command execution failed for $username, ".$e->getMessage()."\n";
if(isset($keyfile['account'])) {
$keyfile['account']->sync_report('sync failure');
}
}
}
}
if(is_null($only_username)) {
// Clean up directory
foreach($sha1sums as $file => $sha1sum) {
if($file != '' && $file != 'keys-sync') {
try {
if(ssh2_sftp_unlink($sftp, "$keydir/$file")) {
echo date('c')." {$hostname}: Removed unknown file: {$file}\n";
} else {
$cleanup_errors++;
echo date('c')." {$hostname}: Couldn't remove unknown file: {$file}\n";
}
} catch(ErrorException $e) {
$cleanup_errors++;
echo date('c')." {$hostname}: Couldn't remove unknown file: {$file}, ".$e->getMessage().".\n";
}
}
}
}
}
try {
$uuid = trim(file_get_contents("ssh2.sftp://$sftp/etc/uuid"));
$server->uuid = $uuid;
$server->update();
} catch(ErrorException $e) {
// If the /etc/uuid file does not exist, silently ignore
}
if($cleanup_errors > 0) {
$server->sync_report('sync failure', 'Failed to clean up '.$cleanup_errors.' file'.($cleanup_errors == 1 ? '' : 's'));
} elseif($account_errors > 0) {
$server->sync_report('sync failure', $account_errors.' account'.($account_errors == 1 ? '' : 's').' failed to sync');
} elseif($sync_warning) {
$server->sync_report('sync warning', $sync_warning);
} else {
$server->sync_report('sync success', 'Synced successfully');
}
echo date('c')." {$hostname}: Sync finished\n";
}
function get_keys($access_rules, $account_name, $hostname) {
$keyfile = '';
foreach($access_rules as $access) {
$grant_date = new DateTime($access->grant_date);
$grant_date_full = $grant_date->format('c');
$entity = $access->source_entity;
$optiontext = array();
foreach($access->list_options() as $option) {
$optiontext[] = $option->option.(is_null($option->value) ? '' : '="'.str_replace('"', '\\"', $option->value).'"');
}
$prefix = implode(',', $optiontext);
if($prefix !== '') $prefix .= ' ';
switch(get_class($entity)) {
case 'User':
$keyfile .= "# {$entity->uid}";
$keyfile .= " granted access by {$access->granted_by->uid} on {$grant_date_full}";
$keyfile .= "\n";
if($entity->active) {
$keys = $entity->list_public_keys($account_name, $hostname);
foreach($keys as $key) {
$keyfile .= $prefix.$key->export()."\n";
}
} else {
$keyfile .= "# Inactive account\n";
}
break;
case 'ServerAccount':
$keyfile .= "# {$entity->name}@{$entity->server->hostname}";
$keyfile .= " granted access by {$access->granted_by->uid} on {$grant_date_full}";
$keyfile .= "\n";
if($entity->server->key_management != 'decommissioned') {
$keys = $entity->list_public_keys($account_name, $hostname);
foreach($keys as $key) {
$keyfile .= $prefix.$key->export()."\n";
}
} else {
$keyfile .= "# Decommissioned server\n";
}
break;
case 'Group':
// Recurse!
$seen = array($entity->name => true);
$keyfile .= "# {$entity->name} group";
$keyfile .= " granted access by {$access->granted_by->uid} on {$grant_date_full}";
$keyfile .= "\n";
if($entity->active) {
$keyfile .= "# == Start of {$entity->name} group members ==\n";
$keyfile .= get_group_keys($entity->list_members(), $account_name, $hostname, $prefix, $seen);
$keyfile .= "# == End of {$entity->name} group members ==\n";
} else {
$keyfile .= "# Inactive group\n";
}
break;
}
}
return $keyfile;
}
function get_group_keys($entities, $account_name, $hostname, $prefix, &$seen) {
$keyfile = '';
foreach($entities as $entity) {
switch(get_class($entity)) {
case 'User':
$keyfile .= "# {$entity->uid}";
$keyfile .= "\n";
if($entity->active) {
$keys = $entity->list_public_keys($account_name, $hostname);
foreach($keys as $key) {
$keyfile .= $prefix.$key->export()."\n";
}
} else {
$keyfile .= "# Inactive account\n";
}
break;
case 'ServerAccount':
$keyfile .= "# {$entity->name}@{$entity->server->hostname}";
$keyfile .= "\n";
if($entity->server->key_management != 'decommissioned') {
$keys = $entity->list_public_keys($account_name, $hostname);
foreach($keys as $key) {
$keyfile .= $prefix.$key->export()."\n";
}
} else {
$keyfile .= "# Decommissioned server\n";
}
break;
case 'Group':
// Recurse!
if(!isset($seen[$entity->name])) {
$seen[$entity->name] = true;
$keyfile .= "# {$entity->name} group";
$keyfile .= "\n";
$keyfile .= "# == Start of {$entity->name} group members ==\n";
$keyfile .= get_group_keys($entity->list_members(), $account_name, $hostname, $prefix, $seen);
$keyfile .= "# == End of {$entity->name} group members ==\n";
}
break;
}
}
return $keyfile;
}
function report_all_accounts_failed($keyfiles) {
foreach($keyfiles as $keyfile) {
if(isset($keyfile['account'])) {
$keyfile['account']->sync_report('sync failure');
}
}
}

167
scripts/syncd.php Executable file
View File

@@ -0,0 +1,167 @@
#!/usr/bin/php
<?php
##
## Copyright 2013-2017 Opera Software AS
##
## Licensed under the Apache License, Version 2.0 (the "License");
## you may not use this file except in compliance with the License.
## You may obtain a copy of the License at
##
## http://www.apache.org/licenses/LICENSE-2.0
##
## Unless required by applicable law or agreed to in writing, software
## distributed under the License is distributed on an "AS IS" BASIS,
## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
## See the License for the specific language governing permissions and
## limitations under the License.
##
$options = getopt('', array('systemd'));
/**
* Handle process control signals
*/
function sig_handler($signo) {
global $signal;
$signal = $signo;
}
/**
* Daemon log - write log message
*/
function dlog($txt) {
global $options;
if(isset($options['systemd'])) {
echo "{$txt}\n";
} else {
echo date('c')." {$txt}\n";
}
}
chdir(__DIR__);
error_reporting(E_ALL);
ini_set('display_errors', 1);
cli_set_process_title('keys-sync');
umask(027);
if(!isset($options['systemd'])) {
$pidfile = '/var/run/keys-sync.pid';
$lockfile = '/var/run/keys-sync.lock';
$logfile = '/var/log/keys/sync.log';
$username = 'keys-sync';
if(posix_getuid() !== 0) {
fwrite(STDERR, "This command must be run as root\n");
exit(1);
}
if(!$user = posix_getpwnam($username)) {
fwrite(STDERR, "Could not find $username user details\n");
exit(1);
}
// Attempt to establish lock
$lock = fopen($lockfile, 'w+');
if(!flock($lock, LOCK_EX | LOCK_NB)) {
fwrite(STDERR, "Could not establish lock, process already running?\n");
exit(0);
}
// Fork process
$pid = pcntl_fork();
if($pid == -1) {
// Something went wrong
fwrite(STDERR, "Failed to fork\n");
exit(1);
} elseif($pid == 0) {
// This is the child process
} else {
// This is the parent process
// Write pidfile and exit
$fh = fopen($pidfile, 'w');
fwrite($fh, "$pid\n");
fclose($fh);
exit();
}
// We have now forked
// Close STDIN/STDOUT/STDERR and redirect output to logfile
fclose(STDIN);
fclose(STDOUT);
fclose(STDERR);
$stdin = fopen('/dev/null', 'r');
$stdout = fopen($logfile, 'a');
$stderr = fopen('php://stdout', 'a');
// Change user/group that we are running as
posix_setgid($user['gid']);
posix_setuid($user['uid']);
if(!isset($options['systemd'])) {
// Make the current process a session leader
if(posix_setsid() == -1) {
die("Could not detach from terminal.");
}
}
}
// Set up signal handling
declare(ticks = 1);
$signal = null;
pcntl_signal(SIGTERM, "sig_handler");
pcntl_signal(SIGINT, "sig_handler");
require('../core.php');
require('sync-common.php');
dlog("Daemon started");
$sync_procs = array();
define('MAX_PROCS', 20);
// Primary loop
while(is_null($signal)) {
try {
$reqs = $sync_request_dir->list_pending_sync_requests();
foreach($reqs as $req) {
$args = array();
$args[] = '--id';
$args[] = $req->server_id;
if(!is_null($req->account_name)) {
$args[] = '--user';
$args[] = $req->account_name;
}
if(count($sync_procs) > MAX_PROCS) break;
$req->set_in_progress();
dlog("Sync process spawning for: {$req->server_id}/{$req->account_name}");
$sync_procs[] = new SyncProcess(__DIR__.'/sync.php', $args, $req);
}
} catch(mysqli_sql_exception $e) {
if($e->getMessage() == 'MySQL server has gone away') {
dlog("MySQL server has gone away");
$connected = false;
while(!$connected) {
try {
setup_database();
$connected = true;
dlog("MySQL connection re-established");
} catch(mysqli_sql_exception $e2) {
dlog("Attempt to reconnect failed: ".$e2->getMessage());
sleep(5);
}
}
}
}
foreach($sync_procs as $ref => &$sync_proc) {
$data = $sync_proc->get_data();
if(!empty($data)) {
dlog($data['output']);
unset($sync_proc);
unset($sync_procs[$ref]);
}
}
sleep(1);
}
dlog("Received exit signal");
if(!isset($options['systemd'])) {
// Release lock
flock($lock, LOCK_UN);
fclose($lock);
}

203
scripts/upgrade.php Executable file
View File

@@ -0,0 +1,203 @@
#!/usr/bin/php
<?php
##
## Copyright 2013-2017 Opera Software AS
##
## Licensed under the Apache License, Version 2.0 (the "License");
## you may not use this file except in compliance with the License.
## You may obtain a copy of the License at
##
## http://www.apache.org/licenses/LICENSE-2.0
##
## Unless required by applicable law or agreed to in writing, software
## distributed under the License is distributed on an "AS IS" BASIS,
## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
## See the License for the specific language governing permissions and
## limitations under the License.
##
chdir(__DIR__);
require('../core.php');
$data = $database->query("SHOW TABLES");
$tables = array();
while(list($table) = $data->fetch_array()) {
$tables[$table] = $table;
}
if(!isset($tables['entity'])) {
echo "On database v1\n";
upgrade_to_v2();
}
$data = $database->query("SHOW COLUMNS FROM entity");
while($row = $data->fetch_assoc()) {
$fields[$row['Field']] = $row;
}
if(!isset($fields['type'])) {
echo "On database v2\n";
upgrade_to_v3();
}
echo "Database is at the latest version\n";
function upgrade_to_v2() {
echo "Performing v1 -> v2 upgrade\n";
global $database;
$query = "
CREATE TABLE `entity` (
`id` int(10) unsigned NOT NULL AUTO_INCREMENT,
PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8
";
$database->query($query);
$query = "
CREATE TABLE `access` (
`source_entity_id` int(10) unsigned NOT NULL,
`dest_entity_id` int(10) unsigned NOT NULL,
`grant_date` datetime NOT NULL,
`granted_by` int(10) unsigned NOT NULL,
PRIMARY KEY (`source_entity_id`,`dest_entity_id`),
KEY `FK_access_entity_2` (`dest_entity_id`),
KEY `FK_access_entity_3` (`granted_by`),
CONSTRAINT `FK_access_entity` FOREIGN KEY (`source_entity_id`) REFERENCES `entity` (`id`) ON DELETE CASCADE,
CONSTRAINT `FK_access_entity_2` FOREIGN KEY (`dest_entity_id`) REFERENCES `entity` (`id`) ON DELETE CASCADE,
CONSTRAINT `FK_access_entity_3` FOREIGN KEY (`granted_by`) REFERENCES `entity` (`id`) ON DELETE CASCADE
) ENGINE=InnoDB DEFAULT CHARSET=utf8 ROW_FORMAT=COMPACT
";
$database->query($query);
$query = "
CREATE TABLE `access_request` (
`source_entity_id` int(10) unsigned NOT NULL,
`dest_entity_id` int(10) unsigned NOT NULL,
`request_date` datetime NOT NULL,
`requested_by` int(10) unsigned NOT NULL,
PRIMARY KEY (`source_entity_id`,`dest_entity_id`),
KEY `FK_access_request_entity_2` (`dest_entity_id`),
KEY `FK_access_request_entity_3` (`requested_by`),
CONSTRAINT `FK_access_request_entity` FOREIGN KEY (`source_entity_id`) REFERENCES `entity` (`id`) ON DELETE CASCADE,
CONSTRAINT `FK_access_request_entity_2` FOREIGN KEY (`dest_entity_id`) REFERENCES `entity` (`id`) ON DELETE CASCADE,
CONSTRAINT `FK_access_request_entity_3` FOREIGN KEY (`requested_by`) REFERENCES `entity` (`id`) ON DELETE CASCADE
) ENGINE=InnoDB DEFAULT CHARSET=utf8 ROW_FORMAT=COMPACT
";
$database->query($query);
$database->query("ALTER TABLE `server_account` ADD COLUMN `entity_id` INT(10) UNSIGNED NULL DEFAULT NULL AFTER `id`;");
$database->query("ALTER TABLE `user` ADD COLUMN `entity_id` INT(10) UNSIGNED NULL DEFAULT NULL AFTER `id`;");
$database->query("ALTER TABLE `public_key` ADD COLUMN `entity_id` INT(10) UNSIGNED NULL DEFAULT NULL AFTER `id`");
$database->query("LOCK TABLES entity WRITE, server_account WRITE, user WRITE");
list($max_user_id) = $database->query("SELECT MAX(id) FROM user")->fetch_array();
$database->query("INSERT INTO entity (id) SELECT id FROM user");
$database->query("INSERT INTO entity (id) SELECT id + $max_user_id FROM server_account");
$database->query("UPDATE user SET entity_id = id");
$database->query("UPDATE server_account SET entity_id = id + $max_user_id");
$database->query("UNLOCK TABLES");
$query = "
INSERT INTO access (source_entity_id, dest_entity_id, grant_date, granted_by)
SELECT se.entity_id, de.entity_id, ua.grant_date, gb.entity_id
FROM user_access ua
INNER JOIN user se ON se.id = ua.user_id
INNER JOIN server_account de ON de.id = ua.server_account_id
INNER JOIN user gb ON gb.id = ua.granted_by
";
$database->query($query);
$query = "
INSERT INTO access (source_entity_id, dest_entity_id, grant_date, granted_by)
SELECT se.entity_id, de.entity_id, saa.grant_date, gb.entity_id
FROM server_account_access saa
INNER JOIN server_account se ON se.id = saa.client_server_account_id
INNER JOIN server_account de ON de.id = saa.server_account_id
INNER JOIN user gb ON gb.id = saa.granted_by
";
$database->query($query);
$query = "
INSERT INTO access_request (source_entity_id, dest_entity_id, request_date, requested_by)
SELECT se.entity_id, de.entity_id, uar.request_date, se.entity_id
FROM user_access_request uar
INNER JOIN user se ON se.id = uar.user_id
INNER JOIN server_account de ON de.id = uar.server_account_id
";
$database->query($query);
$query = "
INSERT INTO access_request (source_entity_id, dest_entity_id, request_date, requested_by)
SELECT se.entity_id, de.entity_id, sar.request_date, rb.entity_id
FROM server_account_access_request sar
INNER JOIN server_account se ON se.id = sar.client_server_account_id
INNER JOIN server_account de ON de.id = sar.server_account_id
INNER JOIN user rb ON rb.id = sar.requested_by
";
$database->query($query);
$database->query("DROP TABLE user_access");
$database->query("DROP TABLE user_access_request");
$database->query("DROP TABLE server_account_access");
$database->query("DROP TABLE server_account_access_request");
$query = "
UPDATE public_key pk
INNER JOIN user_public_key upk ON upk.public_key_id = pk.id
INNER JOIN user ON user.id = upk.user_id
SET pk.entity_id = user.entity_id
";
$database->query($query);
$query = "
UPDATE public_key pk
INNER JOIN server_account_public_key sapk ON sapk.public_key_id = pk.id
INNER JOIN server_account sa ON sa.id = sapk.server_account_id
SET pk.entity_id = sa.entity_id
";
$database->query($query);
$database->query("DELETE FROM public_key WHERE entity_id IS NULL");
$database->query("ALTER TABLE `public_key` CHANGE COLUMN `entity_id` `entity_id` INT(10) UNSIGNED NOT NULL, ADD CONSTRAINT `FK_public_key_entity` FOREIGN KEY (`entity_id`) REFERENCES `entity` (`id`) ON DELETE CASCADE;");
$database->query("DROP TABLE user_public_key");
$database->query("DROP TABLE server_account_public_key");
$database->query("ALTER TABLE `project_admin` DROP INDEX `FK_project_admin_user`, DROP FOREIGN KEY `FK_project_admin_user`");
$database->query("ALTER TABLE `project_admin` CHANGE COLUMN `user_id` `entity_id` INT(10) UNSIGNED NOT NULL");
$database->query("ALTER TABLE `project_admin` ADD CONSTRAINT `FK_project_admin_entity` FOREIGN KEY (`entity_id`) REFERENCES `entity` (`id`) ON DELETE CASCADE");
$database->query("ALTER TABLE `server_admin` DROP INDEX `FK_server_admin_user`, DROP FOREIGN KEY `FK_server_admin_user`");
$database->query("ALTER TABLE `server_admin` CHANGE COLUMN `user_id` `entity_id` INT(10) UNSIGNED NOT NULL");
$database->query("ALTER TABLE `server_admin` ADD CONSTRAINT `FK_server_admin_entity` FOREIGN KEY (`entity_id`) REFERENCES `entity` (`id`) ON DELETE CASCADE");
$database->query("ALTER TABLE `server_event` DROP INDEX `FK_server_log_user`, DROP FOREIGN KEY `FK_server_log_user`");
$database->query("ALTER TABLE `server_event` CHANGE COLUMN `user_id` `entity_id` INT(10) UNSIGNED NOT NULL");
$database->query("ALTER TABLE `server_event` ADD CONSTRAINT `FK_server_event_entity` FOREIGN KEY (`entity_id`) REFERENCES `entity` (`id`)");
$database->query("ALTER TABLE `server_note` DROP FOREIGN KEY `FK_server_note_user`");
$database->query("ALTER TABLE `server_note` CHANGE COLUMN `user_id` `entity_id` INT(10) UNSIGNED NOT NULL");
$database->query("ALTER TABLE `server_note` ADD CONSTRAINT `FK_server_note_entity` FOREIGN KEY (`entity_id`) REFERENCES `entity` (`id`)");
$database->query("ALTER TABLE `user_alert` DROP INDEX `FK_user_alert_user`, DROP FOREIGN KEY `FK_user_alert_user`");
$database->query("ALTER TABLE `user_alert` CHANGE COLUMN `user_id` `entity_id` INT(10) UNSIGNED NOT NULL");
$database->query("ALTER TABLE `user_alert` ADD CONSTRAINT `FK_user_alert_entity` FOREIGN KEY (`entity_id`) REFERENCES `entity` (`id`) ON DELETE CASCADE");
$query = "
ALTER TABLE `user`
CHANGE COLUMN `entity_id` `entity_id` INT(10) UNSIGNED NOT NULL FIRST,
DROP COLUMN `id`,
DROP PRIMARY KEY,
ADD PRIMARY KEY (`entity_id`),
ADD CONSTRAINT `FK_user_entity` FOREIGN KEY (`entity_id`) REFERENCES `entity` (`id`) ON DELETE CASCADE
";
$database->query($query);
$query = "
ALTER TABLE `server_account`
CHANGE COLUMN `entity_id` `entity_id` INT(10) UNSIGNED NOT NULL FIRST,
DROP COLUMN `id`,
DROP PRIMARY KEY,
ADD PRIMARY KEY (`entity_id`),
ADD CONSTRAINT `FK_server_account_entity` FOREIGN KEY (`entity_id`) REFERENCES `entity` (`id`) ON DELETE CASCADE
";
$database->query($query);
echo "v1 -> v2 upgrade finished\n";
}
function upgrade_to_v3() {
global $database;
$database->query("ALTER TABLE `entity` ADD COLUMN `type` ENUM('user','server account','group') NULL DEFAULT NULL AFTER `id`");
$database->query("UPDATE entity INNER JOIN user ON user.entity_id = entity.id SET entity.type = 'user'");
$database->query("UPDATE entity INNER JOIN server_account sa ON sa.entity_id = entity.id SET entity.type = 'server account'");
$database->query("UPDATE entity INNER JOIN `group` g ON g.entity_id = entity.id SET entity.type = 'group'");
$database->query("DELETE FROM entity WHERE `type` IS NULL");
$database->query("ALTER TABLE `entity` CHANGE COLUMN `type` `type` ENUM('user','server account','group') NOT NULL");
}

10
services/README Normal file
View File

@@ -0,0 +1,10 @@
To install the sync service
===========================
On a systemd system:
1) Copy the systemd/keys-sync.service file to /etc/systemd/system/
2) Run: systemctl enable keys-sync.service
On a sysvinit system:
1) Copy the init.d/keys-sync file to /etc/init.d/
2) Run: update-rc.d keys-sync defaults

39
services/init.d/keys-sync Normal file
View File

@@ -0,0 +1,39 @@
#!/bin/sh
### BEGIN INIT INFO
# Provides: keys-sync
# Required-Start: mysql
# Required-Stop: mysql
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: SSH key synchronization daemon
### END INIT INFO
. /lib/lsb/init-functions
SCRIPT=/srv/keys/scripts/syncd.php
PIDFILE=/var/run/keys-sync.pid
test -f $SCRIPT || exit 0
case "$1" in
start)
log_daemon_msg "Starting keys-sync daemon"
start-stop-daemon --start --quiet --pidfile $PIDFILE --startas $SCRIPT --
log_end_msg $?
;;
stop)
log_daemon_msg "Stopping keys-sync daemon"
start-stop-daemon --stop --quiet --pidfile $PIDFILE --name syncd.php --user keys-sync
log_end_msg $?
rm -f $PIDFILE
;;
restart)
$0 stop && $0 start
;;
*)
log_action_msg "Usage: /etc/init.d/keys-sync {start|stop|restart}"
exit 2
;;
esac
exit 0

18
services/systemd/keys-sync.service Normal file
View File

@@ -0,0 +1,18 @@
[Unit]
Description=SSH Key synchronization daemon
Documentation=https://github.com/operasoftware/SKA
Requires=mysql.service
[Service]
Type=simple
ExecStart=/srv/keys/scripts/syncd.php --systemd
User=keys-sync
StandardOutput=journal
StandardError=journal
PrivateDevices=on
PrivateTmp=on
ProtectHome=on
ProtectSystem=on
[Install]
WantedBy=multi-user.target

127
templates/access_options.php Normal file
View File

@@ -0,0 +1,127 @@
<?php
##
## Copyright 2013-2017 Opera Software AS
##
## Licensed under the Apache License, Version 2.0 (the "License");
## you may not use this file except in compliance with the License.
## You may obtain a copy of the License at
##
## http://www.apache.org/licenses/LICENSE-2.0
##
## Unless required by applicable law or agreed to in writing, software
## distributed under the License is distributed on an "AS IS" BASIS,
## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
## See the License for the specific language governing permissions and
## limitations under the License.
##
$entity = $this->get('entity');
switch(get_class($entity)) {
case 'ServerAccount': $account = $entity; $server = $entity->server; break;
case 'Group': $group = $entity; break;
}
$remote_entity = $this->get('remote_entity');
$mode = $this->get('mode');
$options = $this->get('options');
switch(get_class($remote_entity)) {
case 'User': $remote_entity_name = $remote_entity->uid; break;
case 'ServerAccount': $remote_entity_name = $remote_entity->name.'@'.$remote_entity->server->hostname; break;
case 'Group': $remote_entity_name = $remote_entity->name; break;
}
?>
<h1><?php if($mode == 'create') out('Grant'); else out('Modify')?> access</h1>
<form method="post" action="<?php out($this->data->relative_request_url)?>" id="access_options">
<?php out($this->get('active_user')->get_csrf_field(), ESC_NONE) ?>
<?php
switch(get_class($remote_entity)) {
case 'User':
$re_url = '/users/'.urlencode($remote_entity->uid);
?>
<input type="hidden" name="username" value="<?php out($remote_entity->uid)?>">
<?php
break;
case 'ServerAccount':
$re_url = '/servers/'.urlencode($remote_entity->server->hostname).'/accounts/'.urlencode($remote_entity->name);
?>
<input type="hidden" name="account" value="<?php out($remote_entity->name)?>">
<input type="hidden" name="hostname" value="<?php out($remote_entity->server->hostname)?>">
<?php
break;
case 'Group':
$re_url = '/groups/'.urlencode($remote_entity->name);
?>
<input type="hidden" name="group" value="<?php out($remote_entity->name)?>">
<?php
break;
}
?>
<p>
You are <?php if($mode == 'create') out('granting'); else out('modifying the')?> SSH access to
<?php if(isset($server)) { ?>
<a href="/servers/<?php out($server->hostname, ESC_URL)?>/accounts/<?php out($account->name, ESC_URL)?>" class="serveraccount"><?php out($account->name.'@'.$server->hostname)?></a>
<?php } elseif(isset($group)) { ?>
resources in the <a href="/groups/<?php out($group->name, ESC_URL)?>"><?php out($group->name)?></a> group
<?php } ?>
for
<a href="<?php out($re_url)?>" class="<?php out(strtolower(get_class($remote_entity)))?>"><?php out($remote_entity_name)?></a>.
</p>
<?php if($mode == 'create') { ?>
<div class="form-group">
<div class="panel-group">
<div class="panel panel-default">
<div class="panel-heading">
<h3 class="panel-title">
<a data-toggle="collapse" href="#advanced_options">
Advanced options <span class="caret"></span>
</a>
</h3>
</div>
<div id="advanced_options" class="collapse">
<?php } ?>
<div class="panel-body">
<p>
Presets:
<button type="button" class="btn btn-default btn-xs" data-preset="default">Default</button>
<button type="button" class="btn btn-default btn-xs" data-preset="command">Command</button>
<button type="button" class="btn btn-default btn-xs" data-preset="dbbackup">DB backup</button>
</p>
<div class="checkbox">
<label><input type="checkbox" name="access_option[command][enabled]"<?php if(isset($options['command'])) out(' checked'); ?>> Specify command (<code>command=&quot;command&quot;</code>)</label>
</div>
<div class="form-group">
<input type="text" id="command_value" name="access_option[command][value]" value="<?php if(isset($options['command'])) out($options['command']->value); ?>" class="form-control">
</div>
<div class="checkbox">
<label><input type="checkbox" name="access_option[from][enabled]"<?php if(isset($options['from'])) out(' checked'); ?>> Restrict source address (<code>from=&quot;<abbr title="A pattern-list is a comma-separated list of patterns. Each pattern can be either a hostname or an IP address, with wildcards (* and ?) allowed.">pattern-list</abbr>&quot;</code>)</label>
</div>
<div class="form-group">
<input type="text" id="from_value" name="access_option[from][value]" value="<?php if(isset($options['from'])) out($options['from']->value); ?>" class="form-control">
</div>
<div class="checkbox">
<label><input type="checkbox" name="access_option[no-port-forwarding][enabled]"<?php if(isset($options['no-port-forwarding'])) out(' checked'); ?>> Disallow port forwarding (<code>no-port-forwarding</code>)</label>
</div>
<div class="checkbox">
<label><input type="checkbox" name="access_option[no-X11-forwarding][enabled]"<?php if(isset($options['no-X11-forwarding'])) out(' checked'); ?>> Disallow X11 forwarding (<code>no-X11-forwarding</code>)</label>
</div>
<div class="checkbox">
<label><input type="checkbox" name="access_option[no-pty][enabled]"<?php if(isset($options['no-pty'])) out(' checked'); ?>> Disable terminal (<code>no-pty</code>)</label>
</div>
</div>
<?php if($mode == 'create') { ?>
</div>
</div>
</div>
</div>
<?php } ?>
<div class="form-group row">
<div class="col-md-8">
<button type="submit" name="<?php if($mode == 'create') out('add_access'); else out('update_access')?>" value="2" class="btn btn-primary btn-block"><?php if($mode == 'create') out('Confirm'); else out('Modify')?> access</button>
</div>
<div class="col-md-4">
<?php if(isset($server)) { ?>
<a href="/servers/<?php out($server->hostname, ESC_URL)?>/accounts/<?php out($account->name, ESC_URL)?>" class="btn btn-default btn-block">Cancel</a>
<?php } elseif(isset($group)) { ?>
<a href="/groups/<?php out($group->name, ESC_URL)?>" class="btn btn-default btn-block">Cancel</a>
<?php } ?>
</div>
</div>
</form>

39
templates/activity.php Normal file
View File

@@ -0,0 +1,39 @@
<?php
##
## Copyright 2013-2017 Opera Software AS
##
## Licensed under the Apache License, Version 2.0 (the "License");
## you may not use this file except in compliance with the License.
## You may obtain a copy of the License at
##
## http://www.apache.org/licenses/LICENSE-2.0
##
## Unless required by applicable law or agreed to in writing, software
## distributed under the License is distributed on an "AS IS" BASIS,
## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
## See the License for the specific language governing permissions and
## limitations under the License.
##
?>
<h1>Activity</h1>
<table class="table">
<col></col>
<col></col>
<col></col>
<col class="date"></col>
<thead>
<tr>
<th>Entity</th>
<th>User</th>
<th>Activity</th>
<th>Date (<abbr title="Coordinated Universal Time">UTC</abbr>)</th>
</tr>
</thead>
<tbody>
<?php
foreach($this->get('events') as $event) {
show_event($event);
}
?>
</tbody>
</table>

75
templates/base.php Normal file
View File

@@ -0,0 +1,75 @@
<?php
##
## Copyright 2013-2017 Opera Software AS
##
## Licensed under the Apache License, Version 2.0 (the "License");
## you may not use this file except in compliance with the License.
## You may obtain a copy of the License at
##
## http://www.apache.org/licenses/LICENSE-2.0
##
## Unless required by applicable law or agreed to in writing, software
## distributed under the License is distributed on an "AS IS" BASIS,
## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
## See the License for the specific language governing permissions and
## limitations under the License.
##
$web_config = $this->get('web_config');
header('X-Frame-Options: DENY');
header("Content-Security-Policy: default-src 'self'");
?>
<!DOCTYPE html>
<meta charset="utf-8"/>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title><?php out($this->get('title'))?></title>
<link rel="stylesheet" href="/bootstrap/css/bootstrap.min.css"/>
<link rel="stylesheet" href="/style.css?<?php out(filemtime('public_html/style.css'))?>">
<link rel="icon" href="/key.png">
<script src="/header.js?<?php out(filemtime('public_html/header.js'))?>"></script>
<?php out($this->get('head'), ESC_NONE) ?>
<div id="wrap">
<a href="#content" class="sr-only">Skip to main content</a>
<div class="navbar navbar-default navbar-fixed-top">
<div class="container">
<div class="navbar-header">
<button type="button" class="navbar-toggle" data-toggle="collapse" data-target=".navbar-collapse">
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<?php if(!empty($web_config['logo'])) { ?>
<a class="navbar-brand" href="/">
<img src="<?php out($web_config['logo'])?>">
SSH Key Authority
</a>
<?php } ?>
</div>
<div class="navbar-collapse collapse">
<ul class="nav navbar-nav">
<?php foreach($this->get('menu_items') as $url => $name) { ?>
<li<?php if($url == $this->get('relative_request_url')) out(' class="active"', ESC_NONE); ?>><a href="<?php out($url)?>"><?php out($name)?></a></li>
<?php } ?>
</ul>
</div>
</div>
</div>
<div class="container" id="content">
<?php foreach($this->get('alerts') as $alert) { ?>
<div class="alert alert-<?php out($alert->class)?> alert-dismissable">
<button type="button" class="close" data-dismiss="alert" aria-hidden="true">&times;</button>
<?php out($alert->content, $alert->escaping)?>
</div>
<?php } ?>
<?php out($this->get('content'), ESC_NONE) ?>
</div>
</div>
<div id="footer">
<div class="container">
<p class="text-muted credit"><?php out($web_config['footer'], ESC_NONE)?></p>
<?php if($this->get('active_user')->developer) { ?>
<?php } ?>
</div>
</div>
<script src="/jquery/jquery-3.2.1.min.js"></script>
<script src="/bootstrap/js/bootstrap.min.js"></script>
<script src="/extra.js?<?php out(filemtime('public_html/extra.js'))?>"></script>

33
templates/bulk_mail.php Normal file
View File

@@ -0,0 +1,33 @@
<?php
##
## Copyright 2013-2017 Opera Software AS
##
## Licensed under the Apache License, Version 2.0 (the "License");
## you may not use this file except in compliance with the License.
## You may obtain a copy of the License at
##
## http://www.apache.org/licenses/LICENSE-2.0
##
## Unless required by applicable law or agreed to in writing, software
## distributed under the License is distributed on an "AS IS" BASIS,
## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
## See the License for the specific language governing permissions and
## limitations under the License.
##
?>
<h1>Bulk mail <?php out(str_replace('_', ' ', $this->get('recipients')))?></h1>
<div class="alert alert-warning">This form will send a mail to <strong>all</strong> <?php out($this->get('rcpt_desc'))?> the SSH Key Authority system!</div>
<form method="post" action="/bulk_mail/<?php out($this->get('recipients'), ESC_URL)?>">
<?php out($this->get('active_user')->get_csrf_field(), ESC_NONE) ?>
<div class="form-group">
<label for="subject">Subject</label>
<input type="text" class="form-control" id="subject" name="subject" required value="">
</div>
<div class="form-group">
<label for="body">Body</label>
<textarea class="form-control monospace" rows="20" id="body" name="body" required>You are being sent this mail as a <?php out($this->get('rcpt_role'))?> the SSH Key Authority system.
</textarea>
</div>
<div class="form-group"><button type="submit" data-confirm="Send mail? Are you sure?" class="btn btn-primary btn-lg btn-block">Send bulk mail to <?php out(str_replace('_', ' ', $this->get('recipients')))?></button></div>
</form>

23
templates/bulk_mail_choose.php Normal file
View File

@@ -0,0 +1,23 @@
<?php
##
## Copyright 2013-2017 Opera Software AS
##
## Licensed under the Apache License, Version 2.0 (the "License");
## you may not use this file except in compliance with the License.
## You may obtain a copy of the License at
##
## http://www.apache.org/licenses/LICENSE-2.0
##
## Unless required by applicable law or agreed to in writing, software
## distributed under the License is distributed on an "AS IS" BASIS,
## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
## See the License for the specific language governing permissions and
## limitations under the License.
##
?>
<h1>Bulk mail</h1>
<p>Choose recipients:</p>
<ul>
<li><a href="/bulk_mail/all_users">All users</a></li>
<li><a href="/bulk_mail/server_admins">All server administrators</a></li>
</ul>

19
templates/csrf.php Normal file
View File

@@ -0,0 +1,19 @@
<?php
##
## Copyright 2013-2017 Opera Software AS
##
## Licensed under the Apache License, Version 2.0 (the "License");
## you may not use this file except in compliance with the License.
## You may obtain a copy of the License at
##
## http://www.apache.org/licenses/LICENSE-2.0
##
## Unless required by applicable law or agreed to in writing, software
## distributed under the License is distributed on an "AS IS" BASIS,
## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
## See the License for the specific language governing permissions and
## limitations under the License.
##
?>
<h1>Form submission failed</h1>
<p>Your request was missing the required security token. Please try submitting your request again.</p>

19
templates/error403.php Normal file
View File

@@ -0,0 +1,19 @@
<?php
##
## Copyright 2013-2017 Opera Software AS
##
## Licensed under the Apache License, Version 2.0 (the "License");
## you may not use this file except in compliance with the License.
## You may obtain a copy of the License at
##
## http://www.apache.org/licenses/LICENSE-2.0
##
## Unless required by applicable law or agreed to in writing, software
## distributed under the License is distributed on an "AS IS" BASIS,
## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
## See the License for the specific language governing permissions and
## limitations under the License.
##
?>
<h1>Access denied</h1>
<p>Sorry, but you don't have permission to view this page.</p>

20
templates/error404.php Normal file
View File

@@ -0,0 +1,20 @@
<?php
##
## Copyright 2013-2017 Opera Software AS
##
## Licensed under the Apache License, Version 2.0 (the "License");
## you may not use this file except in compliance with the License.
## You may obtain a copy of the License at
##
## http://www.apache.org/licenses/LICENSE-2.0
##
## Unless required by applicable law or agreed to in writing, software
## distributed under the License is distributed on an "AS IS" BASIS,
## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
## See the License for the specific language governing permissions and
## limitations under the License.
##
?>
<h1>Page not found</h1>
<p>Sorry, but the address you've given doesn't seem to point to a valid page.</p>
<p>If you got here by following a link, please <a href="mailto:<?php out($config['email']['admin_address'])?>?subject=<?php out('Broken link to '.$this->get('fulladdress').(empty($this->get('referrer')) ? '' : ' from '.$this->get('referrer')), ESC_URL_ALL)?>">report it to us</a>. Otherwise, please make sure that you have typed the address correctly, or just start browsing from the <a href="/">keys home page</a>.</p>

54
templates/error500.php Normal file
View File

@@ -0,0 +1,54 @@
<?php
##
## Copyright 2013-2017 Opera Software AS
##
## Licensed under the Apache License, Version 2.0 (the "License");
## you may not use this file except in compliance with the License.
## You may obtain a copy of the License at
##
## http://www.apache.org/licenses/LICENSE-2.0
##
## Unless required by applicable law or agreed to in writing, software
## distributed under the License is distributed on an "AS IS" BASIS,
## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
## See the License for the specific language governing permissions and
## limitations under the License.
##
?>
<?php if($this->get('error_details')) { ?>
<h1>Error</h1>
<p><?php out($this->get('exception_class')) ?> "<span class="text-danger"><?php out($this->get('error_details')->getMessage()) ?></span>"</p>
<p>Occurred in <?php out($this->get('error_details')->getFile().' line '.$this->get('error_details')->getLine()) ?></p>
<h2>Stack trace</h2>
<table class="table">
<thead>
<tr>
<th>Function</th>
<th>Arguments</th>
<th>Location</th>
</tr>
</thead>
<tbody>
<?php foreach($this->get('error_details')->getTrace() as $stack_line) { ?>
<?php if($stack_line['function'] != 'exception_error_handler') { ?>
<tr>
<td><?php out($stack_line['function'])?></td>
<td>
<?php if(!empty($stack_line['args'])) { ?>
<ul>
<?php foreach($stack_line['args'] as $arg) { ?>
<li><?php out(print_r($arg, 1)) ?></li>
<?php } ?>
</ul>
<?php } ?>
</td>
<td><?php out($stack_line['file'].' line '.$stack_line['line'])?></td>
</tr>
<?php } ?>
<?php } ?>
</tbody>
</table>
<?php } else { ?>
<h1>Oops! Something went wrong!</h1>
<p>Sorry, but it looks like something needs fixing on the system. The problem has been automatically reported to the administrators, but if you wish, you can also <a href="mailto:<?php out($config['email']['admin_address'])?>?subject=<?php out('SSH Key Authority error number '.$this->get('error_number'), ESC_URL_ALL)?>">provide additional information</a> about what you were doing that may have triggered the error.</p>
<?php } ?>

19
templates/error503.php Normal file
View File

@@ -0,0 +1,19 @@
<?php
##
## Copyright 2013-2017 Opera Software AS
##
## Licensed under the Apache License, Version 2.0 (the "License");
## you may not use this file except in compliance with the License.
## You may obtain a copy of the License at
##
## http://www.apache.org/licenses/LICENSE-2.0
##
## Unless required by applicable law or agreed to in writing, software
## distributed under the License is distributed on an "AS IS" BASIS,
## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
## See the License for the specific language governing permissions and
## limitations under the License.
##
?>
<h1>System is down for maintenance</h1>
<p>Sorry for the inconvenience. We should be back soon though, so press the reload button in your browser in a few minutes to try again.</p>

192
templates/functions.php Normal file
View File

@@ -0,0 +1,192 @@
<?php
##
## Copyright 2013-2017 Opera Software AS
##
## Licensed under the Apache License, Version 2.0 (the "License");
## you may not use this file except in compliance with the License.
## You may obtain a copy of the License at
##
## http://www.apache.org/licenses/LICENSE-2.0
##
## Unless required by applicable law or agreed to in writing, software
## distributed under the License is distributed on an "AS IS" BASIS,
## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
## See the License for the specific language governing permissions and
## limitations under the License.
##
function show_event($event) {
$json = json_decode($event->details);
$details = hesc($event->details);
switch($json->action) {
case 'Server add':
$details = 'Added server to key management';
break;
case 'Group add':
$details = 'Created group';
break;
case 'Account add':
$details = 'Added account '.hesc($json->value);
break;
case 'Account remove':
// Legacy event type
$details = 'Removed account '.hesc($json->value);
break;
case 'Access request':
$details = 'Requested access for '.show_event_participant($json->value);
break;
case 'Access approve':
$details = 'Approved access for '.show_event_participant($json->value);
break;
case 'Access reject':
$details = 'Rejected access for '.show_event_participant($json->value);
break;
case 'Access add':
$details = 'Added access for '.show_event_participant($json->value);
break;
case 'Access remove':
$details = 'Removed access for '.show_event_participant($json->value);
break;
case 'Administrator add':
$details = 'Added administrator '.show_event_participant($json->value);
break;
case 'Administrator remove':
$details = 'Removed administrator '.show_event_participant($json->value);
break;
case 'Member add':
$details = 'Added member '.show_event_participant($json->value);
break;
case 'Member remove':
$details = 'Removed member '.show_event_participant($json->value);
break;
case 'Pubkey add':
$details = 'Added public key '.hesc($json->value);
break;
case 'Pubkey remove':
$details = 'Removed public key '.hesc($json->value);
break;
case 'Setting update':
$details = hesc($json->field).' changed from <q>'.hesc($json->oldvalue).'</q> to <q>'.hesc($json->value).'</q>';
break;
case 'Sync status change':
$details = 'Sync status: '.hesc($json->value);
break;
}
?>
<tr>
<td>
<?php if(get_class($event) == 'ServerEvent') { ?>
<a href="/servers/<?php out($event->server->hostname, ESC_URL)?>" class="server"><?php out($event->server->hostname) ?></a>
<?php } elseif(get_class($event) == 'UserEvent') { ?>
<a href="/users/<?php out($event->user->uid, ESC_URL)?>" class="user"><?php out($event->user->uid) ?></a>
<?php } elseif(get_class($event) == 'ServerAccountEvent') { ?>
<a href="/servers/<?php out($event->account->server->hostname, ESC_URL)?>/accounts/<?php out($event->account->name, ESC_URL)?>" class="serveraccount"><?php out($event->account->name.'@'.$event->account->server->hostname) ?></a>
<?php } elseif(get_class($event) == 'GroupEvent') { ?>
<a href="/groups/<?php out($event->group->name, ESC_URL)?>" class="group"><?php out($event->group->name) ?></a>
<?php } ?>
</td>
<td><a href="/users/<?php out($event->actor->uid, ESC_URL)?>" class="user"><?php out($event->actor->uid) ?></a></td>
<td><?php out($details, ESC_NONE) ?></td>
<td class="nowrap"><?php out($event->date) ?></td>
</tr>
<?php
}
function show_event_participant($participant) {
list($type, $name) = explode(':', $participant, 2);
if($type == 'user') {
return '<a href="/users/'.urlencode($name).'" class="user">'.hesc($name).'</a>';
} elseif($type == 'account') {
list($account, $server) = explode('@', $name, 2);
return '<a href="/servers/'.urlencode($server).'/accounts/'.urlencode($account).'" class="serveraccount">'.hesc($name).'</a>';
} elseif($type == 'group') {
return '<a href="/groups/'.urlencode($name).'" class="group">'.hesc($name).'</a>';
} else {
return hesc($participant);
}
}
function keygen_help($box_position) {
?>
<ul class="nav nav-tabs">
<li><a href="#windows_instructions" data-toggle="tab">Windows</a></li>
<li><a href="#mac_instructions" data-toggle="tab">Mac</a></li>
<li><a href="#linux_instructions" data-toggle="tab">Linux</a></li>
</ul>
<div class="tab-content clearfix">
<div class="tab-pane fade" id="windows_instructions">
<aside class="pull-right"><img src="/putty-key-generator.png" class="img-rounded"></aside>
<p>On Windows you will typically use the <a href="http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html">PuTTYgen</a> application to generate your key pair.</p>
<ol>
<li>Download and run the latest Windows installer from the <a href="http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html">PuTTY download page</a>.
<li>Start PuTTYgen.
<li>Provide a comment for the key: it is a very good idea to include your user name and the current date in the comment to make the key easier to identify.
<li><strong>Provide a key passphrase.</strong>
<li>Select "SSH-2 RSA" as the type of key to generate.
<li>Enter "4096" as the number of bits in the generated key.
<li>Click the Generate button
<li>Save the private key to your local machine.
<li>Select and copy the contents of the "Public key for pasting into OpenSSH authorized_keys file" section at the top of the window (scrollable, make sure to select all).
<?php if(!is_null($box_position)) { ?>
<li>Paste the public key that you just copied into the box <?php out($box_position)?> and click the "Add public key" button.
<?php } ?>
</ol>
<div class="alert alert-info">
<strong>Note:</strong> if you are not using PuTTY to connect, you may need to export your private key into OpenSSH format to use it. You can do this from the Conversions menu.
</div>
<div class="alert alert-info">
<strong>Note:</strong> if you are using Cygwin or MSYS bash, the instructions for Linux can be used instead.
</div>
</div>
<div class="tab-pane fade" id="mac_instructions">
<p>On Mac you can generate a key pair with the ssh-keygen command.</p>
<ol>
<li>Start the "Terminal" program.
<li>Run the following command: <code>ssh-keygen -t rsa -b 4096 -C '<var>comment</var>'</code>, replacing '<var>comment</var>' with your own comment - a good idea is to include your user name and the current date in the comment to make the key easier to identify.
<li><strong>Make sure that you give the key a passphrase when prompted.</strong>
<li>A new text file will have been created in a <code>.ssh</code> directory called <code>id_rsa.pub</code>. Copy the contents of that file into your clipboard.
<?php if(!is_null($box_position)) { ?>
<li>Paste the public key that you just copied into the box <?php out($box_position)?> and click the "Add public key" button.
<?php } ?>
</ol>
</div>
<div class="tab-pane fade" id="linux_instructions">
<p>On Linux you can generate a key pair with the ssh-keygen command.</p>
<ol>
<li>Open a terminal on your machine
<li>
Run the following command: <code>ssh-keygen -t rsa -b 4096 -C '<var>comment</var>'</code>, replacing '<var>comment</var>' with your own comment - a good idea is to include your user name and the current date in the comment to make the key easier to identify.
<div class="alert alert-info">
Note: if this command fails with a message of "ssh-keygen: command not found", you need to install the openssh-client package: <code>sudo apt-get install openssh-client</code> on Debian-based systems.
</div>
<li><strong>Make sure that you give the key a passphrase when prompted.</strong>
<li>Run <code>cat ~/.ssh/id_rsa.pub</code>. The output is your public key. Copy it into your clipboard.
<?php if(!is_null($box_position)) { ?>
<li>Paste the public key that you just copied into the box <?php out($box_position)?> and click the "Add public key" button.
<?php } ?>
</ol>
</div>
</div>
<?php
}
function pubkey_json($pubkey, $include_keydata = true, $include_owner = true) {
$json = new StdClass;
if($include_keydata) {
$json->keydata = $pubkey->export();
}
$json->type = $pubkey->type;
$json->keysize = $pubkey->keysize;
$json->fingerprint = $pubkey->fingerprint_md5;
$json->fingerprint_md5 = $pubkey->fingerprint_md5;
$json->fingerprint_sha256 = $pubkey->fingerprint_sha256;
if($include_owner) {
$json->owner = new StdClass;
$json->owner->type = get_class($pubkey->owner);
if(get_class($pubkey->owner) == 'User') {
$json->owner->uid = $pubkey->owner->uid;
} elseif(get_class($pubkey->owner) == 'ServerAccount') {
$json->owner->hostname = $pubkey->owner->server->hostname;
}
$json->owner->name = $pubkey->owner->name;
}
return $json;
}

436
templates/group.php Normal file
View File

@@ -0,0 +1,436 @@
<?php
##
## Copyright 2013-2017 Opera Software AS
##
## Licensed under the Apache License, Version 2.0 (the "License");
## you may not use this file except in compliance with the License.
## You may obtain a copy of the License at
##
## http://www.apache.org/licenses/LICENSE-2.0
##
## Unless required by applicable law or agreed to in writing, software
## distributed under the License is distributed on an "AS IS" BASIS,
## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
## See the License for the specific language governing permissions and
## limitations under the License.
##
$membercounts = array('User' => 0, 'ServerAccount' => 0, 'Group' => 0);
foreach($this->get('group_members') as $member) {
$membercounts[get_class($member)]++;
}
?>
<h1><span class="glyphicon glyphicon-list-alt" title="Group"></span> <?php out($this->get('group')->name)?><?php if($this->get('group')->active == 0) out(' <span class="label label-default">Inactive</span>', ESC_NONE) ?></h1>
<?php if($this->get('admin') || $this->get('group_admin')) { ?>
<ul class="nav nav-tabs">
<li><a href="#members" data-toggle="tab">Members</a></li>
<li><a href="#access" data-toggle="tab">Access</a></li>
<li><a href="#outbound" data-toggle="tab">Outbound access</a></li>
<li><a href="#admins" data-toggle="tab">Administrators</a></li>
<?php if($this->get('admin')) { ?>
<li><a href="#settings" data-toggle="tab">Settings</a></li>
<?php } ?>
<li><a href="#log" data-toggle="tab">Log</a></li>
</ul>
<!-- Tab panes -->
<div class="tab-content">
<div class="tab-pane fade" id="members">
<h2 class="sr-only">Group members</h2>
<?php if(count($this->get('group_members')) == 0) { ?>
<p>No members have been added to this group yet.</p>
<?php } else { ?>
<form method="post" action="<?php out($this->data->relative_request_url)?>">
<?php out($this->get('active_user')->get_csrf_field(), ESC_NONE) ?>
<?php if($this->get('group')->system) { ?>
<div class="alert alert-info">
This is a system group. Its membership list cannot be edited.
</div>
<?php } ?>
<table class="table table-bordered table-striped">
<thead>
<tr>
<th colspan="2">Member</th>
<th>Status</th>
<?php if(!$this->get('group')->system) { ?>
<th>Actions</th>
<?php } ?>
</tr>
</thead>
<tbody>
<?php foreach($this->get('group_members') as $member) { ?>
<tr>
<?php
switch(get_class($member)) {
case 'User':
?>
<td><a href="/users/<?php out($member->uid, ESC_URL)?>" class="user"><?php out($member->uid)?></a></td>
<td><?php out($member->name); if(!$member->active) out(' <span class="label label-default">Inactive</span>', ESC_NONE)?></td>
<?php
break;
case 'ServerAccount':
?>
<td><a href="/servers/<?php out($member->server->hostname, ESC_URL)?>/accounts/<?php out($member->name, ESC_URL)?>" class="serveraccount"><?php out($member->name.'@'.$member->server->hostname)?></a></td>
<td><em>Server account</em><?php if($member->server->key_management == 'decommissioned') out(' <span class="label label-default">Inactive</span>', ESC_NONE) ?></td>
<?php
break;
case 'Group':
?>
<td><a href="/groups/<?php out($member->name, ESC_URL)?>" class="group"><?php out($member->name)?></a></td>
<td><em>Group</em></td>
<?php
break;
}
?>
<td>Added on <?php out($member->add_date) ?> by <?php out($member->added_by->uid) ?></td>
<?php if(!$this->get('group')->system) { ?>
<td>
<button type="submit" name="delete_member" value="<?php out($member->entity_id)?>" class="btn btn-default btn-xs"><span class="glyphicon glyphicon-ban-circle"></span> Remove from group</button>
</td>
<?php } ?>
<?php } ?>
</tr>
</tbody>
</table>
</form>
<?php } ?>
<?php if(!$this->get('group')->system) { ?>
<form method="post" action="<?php out($this->data->relative_request_url)?>">
<?php out($this->get('active_user')->get_csrf_field(), ESC_NONE) ?>
<h3>Add user</h3>
<div class="row">
<div class="form-group col-md-9">
<div class="input-group">
<span class="input-group-addon"><label for="username"><span class="glyphicon glyphicon-user" title="User"></span><span class="sr-only">User name</span></label></span>
<input type="text" id="username" name="username" class="form-control" placeholder="User name" required list="userlist">
</div>
</div>
<div class="form-group col-md-3">
<button type="submit" name="add_member" value="1" class="btn btn-primary btn-block">Add user to group</button>
</div>
</div>
</form>
<form method="post" action="<?php out($this->data->relative_request_url)?>">
<?php out($this->get('active_user')->get_csrf_field(), ESC_NONE) ?>
<h3>Add server account</h3>
<div class="row">
<div class="form-group col-md-2">
<div class="input-group">
<span class="input-group-addon"><label for="account"><span class="glyphicon glyphicon-log-in" title="Server account"></span><span class="sr-only">Account</span></label></span>
<input type="text" id="account" name="account" class="form-control" placeholder="Account name" required>
</div>
</div>
<div class="form-group col-md-7">
<div class="input-group">
<span class="input-group-addon"><label for="hostname">@</label></span>
<input type="text" id="hostname" name="hostname" class="form-control" placeholder="Hostname" required list="<?php out($this->get('admin') ? 'serverlist' : 'adminedserverlist')?>">
</div>
</div>
<div class="form-group col-md-3">
<button type="submit" name="add_member" value="1" class="btn btn-primary btn-block">Add server account to group</button>
</div>
</div>
</form>
<?php } ?>
</div>
<div class="tab-pane fade" id="access">
<h2 class="sr-only">Access</h2>
<?php if(count($this->get('group_access')) == 0) { ?>
<?php if($membercounts['ServerAccount'] > 0 || $membercounts['Group'] > 0) { ?>
<p>No access has been granted to this group's resources.</p>
<?php } ?>
<?php } else { ?>
<form method="post" action="<?php out($this->data->relative_request_url)?>">
<?php out($this->get('active_user')->get_csrf_field(), ESC_NONE) ?>
<table class="table table-bordered table-striped">
<thead>
<tr>
<th colspan="2">Access for</th>
<th>Status</th>
<th>Options</th>
<th>Actions</th>
</tr>
</thead>
<tbody>
<?php foreach($this->get('group_access') as $access) { ?>
<?php $entity = $access->source_entity; ?>
<tr>
<?php
$options = $access->list_options();
switch(get_class($entity)) {
case 'User':
?>
<td><a href="/users/<?php out($entity->uid, ESC_URL)?>" class="user"><?php out($entity->uid)?></a></td>
<td><?php out($entity->name); if(!$entity->active) out(' <span class="label label-default">Inactive</span>', ESC_NONE)?></td>
<?php
break;
case 'ServerAccount':
?>
<td><a href="/servers/<?php out($entity->server->hostname, ESC_URL)?>/accounts/<?php out($entity->name, ESC_URL)?>" class="serveraccount"><?php out($entity->name.'@'.$entity->server->hostname)?></a></td>
<td><em>Server account</em><?php if($entity->server->key_management == 'decommissioned') out(' <span class="label label-default">Inactive</span>', ESC_NONE) ?></td>
<?php
break;
case 'Group':
?>
<td><a href="/groups/<?php out($entity->name, ESC_URL)?>" class="group"><?php out($entity->name)?></a></td>
<td><em>Group</em></td>
<?php
break;
}
?>
<td>Added on <?php out($access->grant_date) ?> by <?php out($access->granted_by->uid) ?></td>
<td>
<?php if(count($options) > 0) { ?>
<ul class="compact">
<?php foreach($options as $option) { ?>
<li>
<code>
<?php
out($option->option);
if(!is_null($option->value)) {
?>=&quot;<abbr title="<?php out($option->value)?>">…</abbr>&quot;<?php
}
?>
</code>
</li>
<?php } ?>
</ul>
<?php } ?>
</td>
<td>
<a href="/groups/<?php out($this->get('group')->name, ESC_URL)?>/access_rules/<?php out($access->id, ESC_URL)?>" class="btn btn-default btn-xs"><span class="glyphicon glyphicon-cog"></span> Configure access</a>
<button type="submit" name="delete_access" value="<?php out($access->id)?>" class="btn btn-default btn-xs"><span class="glyphicon glyphicon-ban-circle"></span> Remove access</button>
</td>
<?php } ?>
</tr>
</tbody>
</table>
</form>
<?php } ?>
<?php if($membercounts['ServerAccount'] == 0 && $membercounts['Group'] == 0) { ?>
<p>This group does not contain any resources (server accounts or groups containing server accounts) to grant access to.</p>
<?php } else { ?>
<form method="post" action="<?php out($this->data->relative_request_url)?>">
<?php out($this->get('active_user')->get_csrf_field(), ESC_NONE) ?>
<h3>Grant user access</h3>
<div class="row">
<div class="form-group col-md-8">
<div class="input-group">
<span class="input-group-addon"><label for="access-username"><span class="glyphicon glyphicon-user" title="User"></span><span class="sr-only">User name</span></label></span>
<input type="text" id="access-username" name="username" class="form-control" placeholder="User name" required list="userlist">
</div>
</div>
<div class="form-group col-md-4">
<button type="submit" name="add_access" value="1" class="btn btn-primary btn-block">Grant user access to group resources</button>
</div>
</div>
</form>
<form method="post" action="<?php out($this->data->relative_request_url)?>">
<?php out($this->get('active_user')->get_csrf_field(), ESC_NONE) ?>
<h3>Grant server account access</h3>
<div class="row">
<div class="form-group col-md-2">
<div class="input-group">
<span class="input-group-addon"><label for="access-account"><span class="glyphicon glyphicon-log-in" title="Server account"></span><span class="sr-only">Account</span></label></span>
<input type="text" id="access-account" name="account" class="form-control" placeholder="Account name" required>
</div>
</div>
<div class="form-group col-md-6">
<div class="input-group">
<span class="input-group-addon"><label for="access-hostname">@</label></span>
<input type="text" id="access-hostname" name="hostname" class="form-control" placeholder="Hostname" required list="serverlist">
</div>
</div>
<div class="form-group col-md-4">
<button type="submit" name="add_access" value="1" class="btn btn-primary btn-block">Grant server account access to group resources</button>
</div>
</div>
</form>
<form method="post" action="<?php out($this->data->relative_request_url)?>">
<?php out($this->get('active_user')->get_csrf_field(), ESC_NONE) ?>
<h3>Grant group access</h3>
<div class="row">
<div class="form-group col-md-8">
<div class="input-group">
<span class="input-group-addon"><label for="access-group"><span class="glyphicon glyphicon-list-alt" title="Group"></span><span class="sr-only">Group name</span></label></span>
<input type="text" id="access-group" name="group" class="form-control" placeholder="Group name" required list="grouplist">
</div>
</div>
<div class="form-group col-md-4">
<button type="submit" name="add_access" value="1" class="btn btn-primary btn-block">Grant a group access to this group's resources</button>
</div>
</div>
</form>
<?php } ?>
</div>
<div class="tab-pane fade" id="outbound">
<h2 class="sr-only">Outbound access</h2>
<?php if(count($this->get('group_remote_access')) == 0) { ?>
<p>This group has not been granted access to other resources.</p>
<?php } else { ?>
<p>This group has access to the following resources:</p>
<table class="table table-bordered table-striped">
<thead>
<tr>
<th colspan="2">Access to</th>
<th>Status</th>
</tr>
</thead>
<tbody>
<?php foreach($this->get('group_remote_access') as $access) { ?>
<?php $entity = $access->dest_entity; ?>
<tr>
<?php
switch(get_class($entity)) {
case 'User':
?>
<td><a href="/users/<?php out($entity->uid, ESC_URL)?>" class="user"><?php out($entity->uid)?></a></td>
<td><?php out($entity->name); if(!$entity->active) out(' <span class="label label-default">Inactive</span>', ESC_NONE)?></td>
<?php
break;
case 'ServerAccount':
?>
<td><a href="/servers/<?php out($entity->server->hostname, ESC_URL)?>/accounts/<?php out($entity->name, ESC_URL)?>" class="serveraccount"><?php out($entity->name.'@'.$entity->server->hostname)?></a></td>
<td><em>Server account</em><?php if($entity->server->key_management == 'decommissioned') out(' <span class="label label-default">Inactive</span>', ESC_NONE) ?></td>
<?php
break;
case 'Group':
?>
<td><a href="/groups/<?php out($entity->name, ESC_URL)?>" class="group"><?php out($entity->name)?></a></td>
<td><em>Group</em></td>
<?php
break;
}
?>
<td>Added on <?php out($access->grant_date) ?> by <?php out($access->granted_by->uid) ?></td>
<?php } ?>
</tr>
</tbody>
</table>
<?php } ?>
</div>
<div class="tab-pane fade" id="admins">
<h2 class="sr-only">Group administrators</h2>
<?php if(count($this->get('group_admins')) == 0) { ?>
<p class="alert alert-danger">This group does not have any administrators assigned.</p>
<?php } else { ?>
<form method="post" action="<?php out($this->data->relative_request_url)?>">
<?php out($this->get('active_user')->get_csrf_field(), ESC_NONE) ?>
<table class="table table-bordered table-striped">
<thead>
<tr>
<th>User ID</th>
<th>Name</th>
<?php if($this->get('admin')) { ?>
<th>Actions</th>
<?php } ?>
</tr>
</thead>
<tbody>
<?php foreach($this->get('group_admins') as $admin) { ?>
<tr>
<td><a href="/users/<?php out($admin->uid, ESC_URL)?>" class="user"><?php out($admin->uid) ?></a></td>
<td><?php out($admin->name); if(!$admin->active) out(' <span class="label label-default">Inactive</span>', ESC_NONE) ?></td>
<?php if($this->get('admin')) { ?>
<td>
<button type="submit" name="delete_admin" value="<?php out($admin->id) ?>" class="btn btn-default btn-xs"><span class="glyphicon glyphicon-trash"></span> Remove admin</button>
</td>
<?php } ?>
</tr>
<?php } ?>
</tbody>
</table>
</form>
<?php } ?>
<?php if($this->get('admin')) { ?>
<form method="post" action="<?php out($this->data->relative_request_url)?>" class="form-inline">
<?php out($this->get('active_user')->get_csrf_field(), ESC_NONE) ?>
<h3>Add administrator</h3>
<div class="form-group">
<label for="user_name" class="sr-only">User name</label>
<input type="text" id="user_name" name="user_name" class="form-control" placeholder="User name" required list="userlist">
</div>
<button type="submit" name="add_admin" value="1" class="btn btn-primary">Add administrator to group</button>
</form>
<?php } ?>
</div>
<?php if($this->get('admin')) { ?>
<div class="tab-pane fade" id="settings">
<h2 class="sr-only">Settings</h2>
<form method="post" action="<?php out($this->data->relative_request_url)?>" class="form-horizontal">
<?php out($this->get('active_user')->get_csrf_field(), ESC_NONE) ?>
<div class="form-group">
<label for="name" class="col-sm-2 control-label">Name</label>
<div class="col-sm-10">
<input type="text" id="name" name="name" value="<?php out($this->get('group')->name)?>" required class="form-control">
</div>
</div>
<div class="form-group">
<label class="col-sm-2 control-label">Group status</label>
<div class="col-sm-10">
<div class="radio">
<label class="text-success">
<input type="radio" name="active" value="1"<?php if($this->get('group')->active == 1) out(' checked') ?>>
Enabled
</label>
</div>
<div class="radio">
<label class="text-danger">
<input type="radio" name="active" value="0"<?php if($this->get('group')->active == 0) out(' checked') ?>>
Disabled
</label>
</div>
</div>
</div>
<div class="form-group">
<div class="col-sm-offset-2 col-sm-10">
<button type="submit" name="edit_group" value="1" class="btn btn-primary">Change settings</button>
</div>
</div>
</form>
</div>
<?php } ?>
<div class="tab-pane fade" id="log">
<h2 class="sr-only">Log</h2>
<table class="table">
<thead>
<tr>
<th>Entity</th>
<th>User</th>
<th>Activity</th>
<th>Date (<abbr title="Coordinated Universal Time">UTC</abbr>)</th>
</tr>
</thead>
<tbody>
<?php
foreach($this->get('group_log') as $event) {
show_event($event);
}
?>
</tbody>
</table>
</div>
</div>
<datalist id="userlist">
<?php foreach($this->get('all_users') as $user) { ?>
<option value="<?php out($user->uid)?>" label="<?php out($user->name)?>">
<?php } ?>
</datalist>
<datalist id="grouplist">
<?php foreach($this->get('all_groups') as $group) { ?>
<option value="<?php out($group->name)?>">
<?php } ?>
</datalist>
<datalist id="adminedserverlist">
<?php foreach($this->get('admined_servers') as $server) { ?>
<option value="<?php out($server->hostname)?>">
<?php } ?>
</datalist>
<datalist id="serverlist">
<?php foreach($this->get('all_servers') as $server) { ?>
<option value="<?php out($server->hostname)?>">
<?php } ?>
</datalist>
<?php } else { ?>
<p>You do not have access to manage this group.</p>
<?php } ?>

32
templates/group_json.php Normal file
View File

@@ -0,0 +1,32 @@
<?php
##
## Copyright 2013-2017 Opera Software AS
##
## Licensed under the Apache License, Version 2.0 (the "License");
## you may not use this file except in compliance with the License.
## You may obtain a copy of the License at
##
## http://www.apache.org/licenses/LICENSE-2.0
##
## Unless required by applicable law or agreed to in writing, software
## distributed under the License is distributed on an "AS IS" BASIS,
## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
## See the License for the specific language governing permissions and
## limitations under the License.
##
$json = new StdClass;
$json->users = array();
$json->server_accounts = array();
foreach($this->get('group_members') as $member) {
$group_member = new StdClass;
if(get_class($member) == 'User') {
$group_member->uid = $member->uid;
$group_member->email = $member->email;
$json->users[] = $group_member;
} elseif(get_class($member) == 'ServerAccount') {
$group_member->name = $member->name;
$group_member->hostname = $member->server->hostname;
$json->server_accounts[] = $group_member;
}
}
out(json_encode($json), ESC_NONE);

21
templates/group_not_found.php Normal file
View File

@@ -0,0 +1,21 @@
<?php
##
## Copyright 2013-2017 Opera Software AS
##
## Licensed under the Apache License, Version 2.0 (the "License");
## you may not use this file except in compliance with the License.
## You may obtain a copy of the License at
##
## http://www.apache.org/licenses/LICENSE-2.0
##
## Unless required by applicable law or agreed to in writing, software
## distributed under the License is distributed on an "AS IS" BASIS,
## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
## See the License for the specific language governing permissions and
## limitations under the License.
##
?>
<h1>Group not found</h1>
<div class="alert alert-danger">
<p>The group name you entered isn't yet known by the keys management server. Please <a href="" class="navigate-back">go back</a> and try again.</p>
</div>

120
templates/groups.php Normal file
View File

@@ -0,0 +1,120 @@
<?php
##
## Copyright 2013-2017 Opera Software AS
##
## Licensed under the Apache License, Version 2.0 (the "License");
## you may not use this file except in compliance with the License.
## You may obtain a copy of the License at
##
## http://www.apache.org/licenses/LICENSE-2.0
##
## Unless required by applicable law or agreed to in writing, software
## distributed under the License is distributed on an "AS IS" BASIS,
## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
## See the License for the specific language governing permissions and
## limitations under the License.
##
?>
<h1>Groups</h1>
<?php if($this->get('admin')) { ?>
<ul class="nav nav-tabs">
<li><a href="#list" data-toggle="tab">Group list</a></li>
<li><a href="#add" data-toggle="tab">Add group</a></li>
</ul>
<?php } ?>
<!-- Tab panes -->
<div class="tab-content">
<div class="tab-pane fade<?php if(!$this->get('admin')) out(' in active') ?>" id="list">
<h2 class="sr-only">Group list</h2>
<div class="panel-group">
<div class="panel panel-default">
<div class="panel-heading">
<h3 class="panel-title">
Filter options
</h3>
</div>
<div class="panel-body">
<form>
<div class="row">
<div class="col-sm-4">
<div class="form-group">
<label for="name-search">Name (<a href="https://mariadb.com/kb/en/mariadb/regular-expressions-overview/">regexp</a>)</label>
<input type="text" id="name-search" name="name" class="form-control" value="<?php out($this->get('filter')['name'])?>" autofocus>
</div>
</div>
<div class="col-sm-3">
<h4>Status</h4>
<?php
$options = array();
$options['1'] = 'Active';
$options['0'] = 'Inactive';
foreach($options as $value => $label) {
$checked = in_array($value, $this->get('filter')['active']) ? ' checked' : '';
?>
<div class="checkbox"><label><input type="checkbox" name="active[]" value="<?php out($value)?>"<?php out($checked) ?>> <?php out($label) ?></label></div>
<?php } ?>
</div>
</div>
<button type="submit" class="btn btn-primary">Display results</button>
</form>
</div>
</div>
</div>
<?php if(count($this->get('groups')) == 0) { ?>
<p>No groups found.</p>
<?php } else { ?>
<form method="post" action="<?php out($this->data->relative_request_url)?>" class="form-inline">
<?php out($this->get('active_user')->get_csrf_field(), ESC_NONE) ?>
<table class="table table-striped">
<thead>
<tr>
<th>Group</th>
<th>Members</th>
<th>Admins</th>
<?php if($this->get('admin')) { ?>
<th>Actions</th>
<?php } ?>
</tr>
</thead>
<tbody>
<?php foreach($this->get('groups') as $group) { ?>
<tr<?php if(!$group->active) out(' class="text-muted"', ESC_NONE) ?>>
<td><a href="/groups/<?php out($group->name, ESC_URL) ?>" class="group<?php if(!$group->active) out(' text-muted') ?>"><?php out($group->name) ?></a></td>
<td><?php out(number_format($group->member_count))?></td>
<td><?php out($group->admins)?></td>
<?php if($this->get('admin')) { ?>
<td>
<a href="<?php out($this->data->relative_request_url.'/'.urlencode($group->name))?>" class="btn btn-default btn-xs"><span class="glyphicon glyphicon-cog"></span> Manage group</a>
</td>
<?php } ?>
</tr>
<?php } ?>
</tbody>
</table>
</form>
<?php } ?>
</div>
<?php if($this->get('admin')) { ?>
<div class="tab-pane fade" id="add">
<h2 class="sr-only">Add group</h2>
<form method="post" action="<?php out($this->data->relative_request_url)?>" class="form-inline">
<?php out($this->get('active_user')->get_csrf_field(), ESC_NONE) ?>
<div class="form-group">
<label for="name" class="sr-only">Group name</label>
<input type="text" id="name" name="name" class="form-control" placeholder="Group name" required>
</div>
<div class="form-group">
<label for="admin_uid" class="sr-only">Administrator</label>
<input type="text" size="40" id="admin_uid" name="admin_uid" class="form-control" placeholder="Administrator" required list="userlist">
<datalist id="userlist">
<?php foreach($this->get('all_users') as $user) { ?>
<option value="<?php out($user->uid)?>" label="<?php out($user->name)?>">
<?php } ?>
</datalist>
</div>
<button type="submit" name="add_group" value="1" class="btn btn-primary">Create group</button>
</form>
</div>
<?php } ?>
</div>

234
templates/help.php Normal file
View File

@@ -0,0 +1,234 @@
<?php
##
## Copyright 2013-2017 Opera Software AS
##
## Licensed under the Apache License, Version 2.0 (the "License");
## you may not use this file except in compliance with the License.
## You may obtain a copy of the License at
##
## http://www.apache.org/licenses/LICENSE-2.0
##
## Unless required by applicable law or agreed to in writing, software
## distributed under the License is distributed on an "AS IS" BASIS,
## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
## See the License for the specific language governing permissions and
## limitations under the License.
##
$admin_mail = $this->get('admin_mail');
$baseurl = $this->get('baseurl');
?>
<div class="panel-group" id="help">
<h1>Help</h1>
<div class="panel panel-default">
<div class="panel-heading">
<h2 class="panel-title">
<a data-toggle="collapse" data-parent="#help" href="#getting_started">
Getting started
</a>
</h2>
</div>
<div id="getting_started" class="panel-collapse collapse">
<div class="panel-body">
<h3>Generating an SSH keypair</h3>
<?php keygen_help(null) ?>
<h3>Uploading a public key</h3>
<p>You can upload a new public key to your account from the <a href="/">home</a> page.</p>
</div>
</div>
</div>
<div class="panel panel-default">
<div class="panel-heading">
<h2 class="panel-title">
<a data-toggle="collapse" data-parent="#help" href="#concepts">
Concepts
</a>
</h2>
</div>
<div id="concepts" class="panel-collapse collapse">
<div class="panel-body">
<h3>Iconography</h3>
<p>Most objects that are known by SSH Key Authority are represented by icons:</p>
<h4><span class="glyphicon glyphicon-hdd"></span> Servers</h4>
<p>Physical or virtual servers.</p>
<h4><span class="glyphicon glyphicon-log-in"></span> Server accounts</h4>
<p>Accounts on servers (eg. root@myserver is a server account).</p>
<h4><span class="glyphicon glyphicon-user"></span> Users</h4>
<p>Users of SSH Key Authority.</p>
<h4><span class="glyphicon glyphicon-list-alt"></span> Groups</h4>
<p>Collections of users or server accounts.</p>
</div>
</div>
</div>
<div class="panel panel-default">
<div class="panel-heading">
<h2 class="panel-title">
<a data-toggle="collapse" data-parent="#help" href="#getting_access">
Getting access to a server
</a>
</h4>
</div>
<div id="getting_access" class="panel-collapse collapse">
<div class="panel-body">
<p>Begin by browsing the <a href="/servers">server list</a>. Click on the server that you need access to.</p>
<p>You should see a "request access" form, in which you will need to enter the name of the account on the server that you are requesting access for. For example, if you need access to the <i>root</i> account, then that is what you should enter in this field.</p>
<p>Once you have successfully requested access, the designated server administators will be sent a mail informing them of your request and you will need to wait for one of them to grant your access.</p>
<p class="alert alert-info">You will need to have a public key uploaded for your access to work. See the <a data-toggle="collapse" data-parent="#help" href="#getting_started" class="alert-link">getting started guide</a>.</p>
</div>
</div>
</div>
<div class="panel panel-default">
<div class="panel-heading">
<h2 class="panel-title">
<a data-toggle="collapse" data-parent="#help" href="#add_server">
Adding a server to SSH Key Authority
</a>
</h2>
</div>
<div id="add_server" class="panel-collapse collapse">
<div class="panel-body">
<p>Contact <a href="mailto:<?php out($admin_mail)?>"><?php out($admin_mail)?></a> to have your server(s) added to SSH Key Authority.</p>
</div>
</div>
</div>
<h2>Frequently asked questions</h2>
<div class="panel panel-default">
<div class="panel-heading">
<h3 class="panel-title">
<a data-toggle="collapse" data-parent="#help" href="#sync_error">
What does this sync error for my server mean?
</a>
</h3>
</div>
<div id="sync_error" class="panel-collapse collapse">
<div class="panel-body">
<dl class="spaced">
<dt>SSH connection failed</dt>
<dd>The keys system was unable to establish an SSH connection to your server. This could indicate that the server is offline or otherwise unreachable, or that the SSH server is not running.</dd>
<dt>SSH host key verification failed</dt>
<dd>The keys system was able to open an SSH connection to your server, but the host key no longer matches the one that is on record for your server. If this is expected (eg. your server has been migrated to a new host), you can reset the host key on the "Settings" page of your server. Press the "Clear" button for the host key fingerprint and then "Save changes".</dd>
<dt>SSH authentication failed</dt>
<dd>Although the keys system was able to connect to your server via SSH, it failed to log in. See the guides for setting up <a data-toggle="collapse" data-parent="#help" href="#sync_setup">full account syncing</a> or <a data-toggle="collapse" data-parent="#help" href="#legacy_sync_setup">legacy root account syncing</a>.</dd>
<dt>SFTP subsystem failed</dt>
<dd>The keys system currently relies on SFTP in order to determine if an account's key file needs updating or not. We are hoping to remove this dependency at some point, but for now your server needs to support SFTP (which openssh does by default) for key synchronization to work.</dd>
<dt><em>x</em> account(s) failed to sync</dt>
<dt>Failed to clean up <em>x</em> file(s)</dt>
<dd>
The keys system could not write to at least one of the files in <code>/var/local/keys-sync</code> (or <code>/root/.ssh/authorized_keys2</code> for legacy sync). This is typically caused by one of 3 possibilities:
<ul>
<li>Issues with file ownership - this directory and all files in it must be owned by the keys-sync user</li>
<li>Read-only filesystem</li>
<li>Disk full</li>
</ul>
</dd>
<dt>Multiple hosts with same IP address</dt>
<dd>At least one other host managed by SSH Key Authority resolves to the same IP address as your server. SSH Key Authority will refuse to sync to either server until this is resolved.</dd>
</dl>
</div>
</div>
</div>
<div class="panel panel-default">
<div class="panel-heading">
<h3 class="panel-title">
<a data-toggle="collapse" data-parent="#help" href="#sync_warning">
What does this sync warning for my server mean?
</a>
</h3>
</div>
<div id="sync_warning" class="panel-collapse collapse">
<div class="panel-body">
<dl class="spaced">
<dt>Key directory does not exist</dt>
<dd>Your server has not been set up for <a data-toggle="collapse" data-parent="#help" href="#sync_setup">full account syncing</a>. The <i>root</i> account <strong>is</strong> being synced, but other accounts are not.</dd>
<dt>Using legacy sync method</dt>
<dd>Your server <strong>has</strong> been set up for <a data-toggle="collapse" data-parent="#help" href="#sync_setup">full account syncing</a> (stage 1), but the authentication on your server has not been switched over to keys control (stage 2). Legacy syncing is still being used, so only the <i>root</i> account sync is taking effect.</dd>
</dl>
</div>
</div>
</div>
<div class="panel panel-default">
<div class="panel-heading">
<h3 class="panel-title">
<a data-toggle="collapse" data-parent="#help" href="#sync_setup">
How do I set up my server to sync access for all accounts?
</a>
</h3>
</div>
<div id="sync_setup" class="panel-collapse collapse">
<div class="panel-body">
<h5>Stage 1</h5>
<p>If SSH Key Authority is reporting "Key directory does not exist" for your server, then Stage 1 is required.</p>
<ol>
<li>Create keys-sync account: <code>adduser --system --disabled-password --home /var/local/keys-sync --shell /bin/sh keys-sync</code>
<li>Change the permissions of <code>/var/local/keys-sync</code> to 711: <code>chmod 0711 /var/local/keys-sync</code>
<li>Create <code>/var/local/keys-sync/keys-sync</code> file (owned by keys-sync, permissions 0644) with the following SSH key in it:
<pre><?php out($this->get('keys-sync-pubkey'))?></pre>
</li>
</ol>
<h5>Verify Stage 1 success</h5>
<p>Once Stage 1 has been deployed to your server, trigger a resync from SSH Key Authority. The server should no longer have the "Key directory does not exist" warning after syncing (the "Using legacy sync method" warning is expected at this point instead). You can check the contents of the <code>/var/local/keys-sync</code> directory to make sure that the access looks right.</p>
<h5>Stage 2</h5>
<ol>
<li>
Reconfigure SSH (<code>/etc/ssh/sshd_config</code>) to use:
<ul>
<li>"<code>AuthorizedKeysFile /var/local/keys-sync/%u</code>"
<li>"<code>StrictModes no</code>"
</ul>
<li>Restart SSH server
</ol>
<p>This stage stops any .ssh/authorized_keys* files from having any effect and transfers login authentication authority over to the /var/local/keys-sync directory.</p>
<p>After triggering a resync from SSH Key Authority, your server should be listed as "Synced successfully".</p>
</div>
</div>
</div>
<div class="panel panel-default">
<div class="panel-heading">
<h3 class="panel-title">
<a data-toggle="collapse" data-parent="#help" href="#legacy_sync_setup">
How do I set up my server for legacy (root-only) sync?
</a>
</h3>
</div>
<div id="legacy_sync_setup" class="panel-collapse collapse">
<div class="panel-body">
<p class="alert alert-warning">While this sync method is simpler to set up, we recommend setting up <a data-toggle="collapse" data-parent="#help" href="#sync_setup">full account syncing</a> where possible.</p>
<p>Add the following to the <code>/root/.ssh/authorized_keys</code> file (create it if it does not exist):</p>
<pre><?php out($this->get('keys-sync-pubkey'))?></pre>
<p>The <code>/root</code> and <code>/root/.ssh</code> directories must be accessible <em>only by root</em>.</p>
</div>
</div>
</div>
<div class="panel panel-default">
<div class="panel-heading">
<h3 class="panel-title">
<a data-toggle="collapse" data-parent="#help" href="#grant_access">
How do I grant access to an account on my server?
</a>
</h3>
</div>
<div id="grant_access" class="panel-collapse collapse">
<div class="panel-body">
<p>For access to accounts by employees:</p>
<ol>
<li>Go to your server's page (ie. <code><?php out($baseurl)?>/servers/&lt;hostname&gt;</code>).</li>
<li>If the account is not listed yet, add it with the "Create account" form.</li>
<li>Click "Manage account" for the relevant account.</li>
<li>In the "Add user to account" form, enter the user's intranet account name and submit.</li>
</ol>
<p>For server-to-server access, assuming that both of the servers involved are managed by SSH Key Authority:</p>
<p>Example: <code>foo@source.example.com</code> needs SSH access to <code>bar@destination.example.com</code></p>
<ol>
<li>Go to the admin page for source.example.com (ie. <code><?php out($baseurl)?>/servers/source.example.com</code>).</li>
<li>Add the "foo" account to keys ("Manage this account with SSH Key Authority") if it is not already listed.</li>
<li>Go to the manage account page for "foo".</li>
<li>On the Public keys tab, add the SSH public key for the foo@source.example.com account.</li>
<li>Go to the admin page for destination.example.com (ie. <code><?php out($baseurl)?>/servers/destination.example.com</code>).</li>
<li>Add the "bar" account to keys ("Manage this account with SSH Key Authority") if it is not already listed.</li>
<li>Go to the manage account page for "bar".</li>
<li>On the Access tab, add server-to-server access for foo@source.example.com.</li>
</ol>
<p>In the above example if source.example.com is not yet known by SSH Key Authority, please contact <a href="mailto:<?php out($admin_mail)?>"><?php out($admin_mail)?></a> to add it to the system.</p>
</div>
</div>
</div>
</div>

197
templates/home.php Normal file
View File

@@ -0,0 +1,197 @@
<?php
##
## Copyright 2013-2017 Opera Software AS
##
## Licensed under the Apache License, Version 2.0 (the "License");
## you may not use this file except in compliance with the License.
## You may obtain a copy of the License at
##
## http://www.apache.org/licenses/LICENSE-2.0
##
## Unless required by applicable law or agreed to in writing, software
## distributed under the License is distributed on an "AS IS" BASIS,
## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
## See the License for the specific language governing permissions and
## limitations under the License.
##
?>
<h1>Keys management</h1>
<p>Welcome to the SSH Key Authority server.</p>
<?php if(count($this->get('user_keys')) == 0) { ?>
<h2>Getting started</h2>
<p>To start using the key management system, you must first generate a "key pair". The instructions for doing this vary based on your computer's Operating System (OS).</p>
<?php keygen_help('below') ?>
<form method="post" action="/">
<?php out($this->get('active_user')->get_csrf_field(), ESC_NONE) ?>
<div class="form-group">
<label for="public_key">Public key</label>
<textarea class="form-control" rows="4" id="add_public_key" name="add_public_key" required></textarea>
</div>
<div class="form-group"><button class="btn btn-primary btn-lg btn-block">Add public key</button></div>
</form>
<?php } else { ?>
<h2>Your public keys</h2>
<form method="post" action="<?php out($this->data->relative_request_url)?>">
<?php out($this->get('active_user')->get_csrf_field(), ESC_NONE) ?>
<table class="table">
<thead>
<tr>
<th>Type</th>
<th class="fingerprint">Fingerprint</th>
<th></th>
<th>Size</th>
<th>Comment</th>
<th>Actions</th>
</tr>
</thead>
<tbody>
<?php foreach($this->get('user_keys') as $key) { ?>
<tr>
<td><?php out($key->type) ?></td>
<td>
<a href="/users/<?php out($this->get('uid'), ESC_URL)?>/pubkeys/<?php out($key->id, ESC_URL)?>#info">
<span class="fingerprint_md5"><?php out($key->fingerprint_md5) ?></span>
<span class="fingerprint_sha256"><?php out($key->fingerprint_sha256) ?></span>
</a>
</td>
<td>
<?php if(count($key->list_signatures()) > 0) { ?><a href="/users/<?php out($this->get('uid'), ESC_URL)?>/pubkeys/<?php out($key->id, ESC_URL)?>#sig"><span class="glyphicon glyphicon-pencil" title="Signed key"></span></a><?php } ?>
<?php if(count($key->list_destination_rules()) > 0) { ?><a href="/users/<?php out($this->get('uid'), ESC_URL)?>/pubkeys/<?php out($key->id, ESC_URL)?>#dest"><span class="glyphicon glyphicon-pushpin" title="Destination-restricted"></span></a><?php } ?>
</td>
<td><?php out($key->keysize) ?></td>
<td><?php out($key->comment) ?></td>
<td>
<a href="/users/<?php out($this->get('uid'), ESC_URL)?>/pubkeys/<?php out($key->id, ESC_URL)?>" class="btn btn-default btn-xs"><span class="glyphicon glyphicon-cog"></span> Manage public key</a>
<button type="submit" name="delete_public_key" value="<?php out($key->id) ?>" class="btn btn-default btn-xs"><span class="glyphicon glyphicon-trash"></span> Delete public key</button>
</td>
</tr>
<?php } ?>
</tbody>
</table>
</form>
<p><button id="add_key_button" class="btn btn-default">Add another public key</button></p>
<form method="post" action="/" class="hidden" id="add_key_form">
<?php out($this->get('active_user')->get_csrf_field(), ESC_NONE) ?>
<div class="form-group">
<label for="add_public_key">Public key</label>
<textarea class="form-control" rows="4" id="add_public_key" name="add_public_key" required></textarea>
</div>
<div class="form-group row">
<div class="col-md-8">
<button type="submit" class="btn btn-primary btn-lg btn-block">Add public key</button>
</div>
<div class="col-md-2">
<button type="button" class="btn btn-info btn-lg btn-block">Help</button>
</div>
<div class="col-md-2">
<button type="button" class="btn btn-default btn-lg btn-block">Cancel</button>
</div>
</div>
<div id="help" class="hidden">
<?php keygen_help('above') ?>
</div>
</form>
<?php if(count($this->get('admined_servers')) > 0) { ?>
<h2>Your servers</h2>
<p>You are listed as an administrator for the following servers:</p>
<table class="table">
<thead>
<tr>
<th>Hostname</th>
<th>Config</th>
<th>Admins</th>
<th>Status</th>
</tr>
</thead>
<tbody>
<?php
foreach($this->get('admined_servers') as $server) {
if($server->key_management != 'keys') {
$class = '';
} else {
switch($server->sync_status) {
case 'not synced yet': $class = 'warning'; break;
case 'sync failure': $class = 'danger'; break;
case 'sync success': $class = 'success'; break;
case 'sync warning': $class = 'warning'; break;
}
}
if($last_sync = $server->get_last_sync_event()) {
$sync_details = json_decode($last_sync->details)->value;
} else {
$sync_details = ucfirst($server->sync_status);
}
?>
<tr>
<td rowspan="2">
<a href="/servers/<?php out($server->hostname, ESC_URL) ?>" class="server"><?php out($server->hostname) ?></a>
<?php if($server->pending_requests > 0) { ?>
<a href="/servers/<?php out($server->hostname, ESC_URL) ?>#requests"><span class="badge" title="Pending requests"><?php out(number_format($server->pending_requests)) ?></span></a>
<?php } ?>
</td>
<td>
<?php
switch($server->key_management) {
case 'keys':
switch($server->authorization) {
case 'manual': out('Manual account management'); break;
case 'automatic LDAP': out('LDAP accounts - automatic'); break;
case 'manual LDAP': out('LDAP accounts - manual'); break;
}
break;
case 'other': out('Managed by another system'); break;
case 'none': out('Unmanaged'); break;
case 'decommissioned': out('Decommissioned'); break;
}
?>
</td>
<td>
<?php
$admins = explode(',', $server->admins);
$admin_list = '';
foreach($admins as $admin) {
$type = substr($admin, 0, 1);
$name = substr($admin, 2);
if($type == 'G') {
$admin_list .= '<span class="glyphicon glyphicon-list-alt"></span> ';
}
$admin_list .= hesc($name).', ';
}
$admin_list = substr($admin_list, 0, -2);
out($admin_list, ESC_NONE);
?>
</td>
<td rowspan="2" class="<?php out($class)?>"><?php out($sync_details) ?></td>
</tr>
<tr>
<td colspan="2" class="indented">
<dl class="oneline">
<?php foreach($server->list_accounts() as $server_account) { ?>
<dt><a href="/servers/<?php out($server->hostname, ESC_URL)?>/accounts/<?php out($server_account->name, ESC_URL)?>" class="serveraccount"><?php out($server_account->name) ?></a>:</dt>
<?php
$list = array();
foreach($server_account->list_access() as $access) {
$entity = $access->source_entity;
switch(get_class($entity)) {
case 'User':
$list[] = hesc($entity->uid);
break;
case 'ServerAccount':
$list[] = hesc($entity->name.'@'.$entity->server->hostname);
break;
case 'Group':
$list[] = '<span class="glyphicon glyphicon-list-alt"></span> '.hesc($entity->name);
break;
}
}
?>
<dd><?php out(implode(', ', $list), ESC_NONE)?></dd>
<?php } ?>
</dl>
</td>
</tr>
<?php } ?>
</tbody>
</table>
<?php } ?>
<?php } ?>

21
templates/invalid_group_name.php Normal file
View File

@@ -0,0 +1,21 @@
<?php
##
## Copyright 2013-2017 Opera Software AS
##
## Licensed under the Apache License, Version 2.0 (the "License");
## you may not use this file except in compliance with the License.
## You may obtain a copy of the License at
##
## http://www.apache.org/licenses/LICENSE-2.0
##
## Unless required by applicable law or agreed to in writing, software
## distributed under the License is distributed on an "AS IS" BASIS,
## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
## See the License for the specific language governing permissions and
## limitations under the License.
##
?>
<h1>Invalid project name</h1>
<div class="alert alert-danger">
<p>"<?php out($this->get('project_name'))?>" doesn't look like a valid project name. Forward slashes (/) are not allowed in the project name. Please <a href="" class="navigate-back">go back</a> and try again.</p>
</div>

21
templates/invalid_hostname.php Normal file
View File

@@ -0,0 +1,21 @@
<?php
##
## Copyright 2013-2017 Opera Software AS
##
## Licensed under the Apache License, Version 2.0 (the "License");
## you may not use this file except in compliance with the License.
## You may obtain a copy of the License at
##
## http://www.apache.org/licenses/LICENSE-2.0
##
## Unless required by applicable law or agreed to in writing, software
## distributed under the License is distributed on an "AS IS" BASIS,
## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
## See the License for the specific language governing permissions and
## limitations under the License.
##
?>
<h1>Invalid hostname</h1>
<div class="alert alert-danger">
<p>"<?php out($this->get('hostname'))?>" doesn't look like a valid hostname. Please <a href="" class="navigate-back">go back</a> and try again.</p>
</div>

21
templates/key_upload_fail.php Normal file
View File

@@ -0,0 +1,21 @@
<?php
##
## Copyright 2013-2017 Opera Software AS
##
## Licensed under the Apache License, Version 2.0 (the "License");
## you may not use this file except in compliance with the License.
## You may obtain a copy of the License at
##
## http://www.apache.org/licenses/LICENSE-2.0
##
## Unless required by applicable law or agreed to in writing, software
## distributed under the License is distributed on an "AS IS" BASIS,
## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
## See the License for the specific language governing permissions and
## limitations under the License.
##
?>
<h1>Public key upload failed</h1>
<div class="alert alert-danger">
<p><?php out($this->get('message')) ?> Please <a href="" class="navigate-back">go back</a> and try again.</p>
</div>

19
templates/not_admin.php Normal file
View File

@@ -0,0 +1,19 @@
<?php
##
## Copyright 2013-2017 Opera Software AS
##
## Licensed under the Apache License, Version 2.0 (the "License");
## you may not use this file except in compliance with the License.
## You may obtain a copy of the License at
##
## http://www.apache.org/licenses/LICENSE-2.0
##
## Unless required by applicable law or agreed to in writing, software
## distributed under the License is distributed on an "AS IS" BASIS,
## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
## See the License for the specific language governing permissions and
## limitations under the License.
##
?>
<h1>Unable to fulfill request</h1>
<p>Your request cannot be fulfilled because you are not an administrator of the target entity.</p>

150
templates/pubkey.php Normal file
View File

@@ -0,0 +1,150 @@
<?php
##
## Copyright 2013-2017 Opera Software AS
##
## Licensed under the Apache License, Version 2.0 (the "License");
## you may not use this file except in compliance with the License.
## You may obtain a copy of the License at
##
## http://www.apache.org/licenses/LICENSE-2.0
##
## Unless required by applicable law or agreed to in writing, software
## distributed under the License is distributed on an "AS IS" BASIS,
## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
## See the License for the specific language governing permissions and
## limitations under the License.
##
$owner = $this->get('pubkey')->owner;
?>
<h1>
Public key '<?php out($this->get('pubkey')->comment)?>' for
<?php
switch(get_class($owner)) {
case 'User':
$name = $owner->name;
?>
<a href="/users/<?php out($owner->uid, ESC_URL)?>" class="user"><?php out($name)?></a>
<?php
break;
case 'ServerAccount':
$name = $owner->name.'@'.$owner->server->hostname;
?>
<a href="/servers/<?php out($owner->server->hostname, ESC_URL)?>/accounts/<?php out($owner->name, ESC_URL)?>" class="serveraccount"><?php out($name)?></a>
<?php
break;
}
?>
</h1>
<?php if($this->get('user_is_owner') || $this->get('admin')) { ?>
<ul class="nav nav-tabs">
<li><a href="#info" data-toggle="tab">Information</a></li>
<li><a href="#sig" data-toggle="tab">Key signing</a></li>
<li><a href="#dest" data-toggle="tab">Destination restrictions</a></li>
</ul>
<?php } ?>
<div class="tab-content">
<div class="tab-pane <?php if(!$this->get('user_is_owner') || $this->get('admin')) out(' active') ?>" id="info">
<h2 class="sr-only">Information</h2>
<dl>
<dt>Key data</dt>
<dd><pre><?php out($this->get('pubkey')->export())?></pre></dd>
<dt>Key size</dt>
<dd><?php out($this->get('pubkey')->keysize)?></dd>
<dt>Fingerprint (MD5)</dt>
<dd><?php out($this->get('pubkey')->fingerprint_md5)?></dd>
<dt>Randomart (MD5)</dt>
<dd><pre class="ascii-art"><?php out($this->get('pubkey')->randomart_md5)?></pre></dd>
<dt>Fingerprint (SHA256)</dt>
<dd><?php out($this->get('pubkey')->fingerprint_sha256)?></dd>
<dt>Randomart (SHA256)</dt>
<dd><pre class="ascii-art"><?php out($this->get('pubkey')->randomart_sha256)?></pre></dd>
</dl>
</div>
<?php if($this->get('user_is_owner') || $this->get('admin')) { ?>
<div class="tab-pane" id="sig">
<h2 class="sr-only">Key signing</h2>
<form method="post" action="<?php out($this->data->relative_request_url)?>" enctype="multipart/form-data">
<?php if(count($this->get('signatures')) == 0) { ?>
<p>No signatures have been uploaded for this key yet.</p>
<?php } else { ?>
<table class="table table-bordered table-striped">
<thead>
<tr>
<th>Signing key</th>
<th>Signed on</th>
<th>Uploaded on</th>
<th>Actions</th>
</tr>
</thead>
<tbody>
<?php foreach($this->get('signatures') as $sig) { ?>
<tr>
<td><?php out($sig->fingerprint)?></td>
<td><?php out($sig->sign_date)?></td>
<td><?php out($sig->upload_date)?></td>
<td><button type="submit" name="delete_signature" value="<?php out($sig->id)?>" class="btn btn-default btn-xs"><span class="glyphicon glyphicon-trash"></span> Delete signature</button></td>
</tr>
<?php } ?>
</tbody>
</table>
<?php } ?>
<h3>Add signature</h3>
<?php out($this->get('active_user')->get_csrf_field(), ESC_NONE) ?>
<div class="form-group">
<label>
Signature file
<input type="file" name="signature" class="form-control">
</label>
</div>
<div class="form-group">
<button type="submit" name="add_signature" value="1" class="btn btn-primary">Upload signature</button>
</div>
</form>
</div>
<div class="tab-pane" id="dest">
<h2 class="sr-only">Destination restrictions</h2>
<?php if(count($this->get('dest_rules')) == 0) { ?>
<p>This key will currently be synced to all accounts and servers that <?php out($name)?> is granted access to. To restrict this key to a subset of that list, add rules below.</p>
<?php } else { ?>
<p>This key will only be synced to accounts and servers that <?php out($name)?> is granted access to that also match the following rules:</p>
<form method="post" action="<?php out($this->data->relative_request_url)?>">
<?php out($this->get('active_user')->get_csrf_field(), ESC_NONE) ?>
<table class="table table-bordered table-striped">
<thead>
<tr>
<th>Account name</th>
<th>Hostname</th>
<th>Actions</th>
</tr>
</thead>
<tbody>
<?php foreach($this->get('dest_rules') as $rule) { ?>
<tr>
<td><?php out($rule->account_name_filter)?></td>
<td><?php out($rule->hostname_filter)?></td>
<td><button type="submit" name="delete_dest_rule" value="<?php out($rule->id)?>" class="btn btn-default btn-xs"><span class="glyphicon glyphicon-trash"></span> Delete rule</button></td>
</tr>
<?php } ?>
</tbody>
</table>
</form>
<?php } ?>
<form method="post" action="<?php out($this->data->relative_request_url)?>">
<?php out($this->get('active_user')->get_csrf_field(), ESC_NONE) ?>
<h3>Add new rule</h3>
<p>You can make use of wildcards (<kbd>*</kbd>) in each field below.</p>
<div class="form-group">
<label for="account_name_filter">Account name</label>
<input type="text" id="account_name_filter" name="account_name_filter" class="form-control" value="*" required>
</div>
<div class="form-group">
<label for="hostname_filter">Hostname</label>
<input type="text" id="hostname_filter" name="hostname_filter" class="form-control" value="*" required>
</div>
<div class="form-group">
<button type="submit" name="add_dest_rule" value="1" class="btn btn-primary btn-block">Add rule</button>
</div>
</form>
</div>
<?php } ?>
</div>

19
templates/pubkey_json.php Normal file
View File

@@ -0,0 +1,19 @@
<?php
##
## Copyright 2013-2017 Opera Software AS
##
## Licensed under the Apache License, Version 2.0 (the "License");
## you may not use this file except in compliance with the License.
## You may obtain a copy of the License at
##
## http://www.apache.org/licenses/LICENSE-2.0
##
## Unless required by applicable law or agreed to in writing, software
## distributed under the License is distributed on an "AS IS" BASIS,
## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
## See the License for the specific language governing permissions and
## limitations under the License.
##
$pubkey = $this->get('pubkey');
$json = pubkey_json($pubkey);
out(json_encode($json), ESC_NONE);

Some files were not shown because too many files have changed in this diff Show More