Added in configuration files / scripts and cgi-bin scripts.

2 files changed, 168 insertions, 0 deletions

diff --git a/cgi-bin/provisioning.cgi b/cgi-bin/provisioning.cgi
new file mode 100755
index 0000000..bf7a6a2
--- /dev/null
+++ b/cgi-bin/provisioning.cgi
@@ -0,0 +1,165 @@
+#!/usr/bin/haserl --shell=lua
+
+<%
+require "posix"
+
+local path_info = ENV["PATH_INFO"] or ENV["REQUEST_URI"] or ""
+local root = ENV["DOCUMENT_ROOT"] or ""
+local request_method = ENV["REQUEST_METHOD"] or ""
+local user_agent = ENV["HTTP_USER_AGENT"] or ""
+local ip_address = ENV["REMOTE_ADDR"] or ""
+
+local log = io.open("/var/log/provisioning.log", "a+")
+log:write("Running provisioning.cgi ".. os.date() .. "\n")
+log:write("Processing a "..request_method.." on "..path_info.."\n")
+--	for a,b in pairs(ENV) do log:write(a.."=", b,"\n") end
+
+local ACL_FILE = "/etc/provisioning/acl.conf"
+
+function acl_check (...)
+	local allowed = false
+	local f = io.open(ACL_FILE)
+	if f then
+		for line in f:lines() do
+			if string.match(user_agent, line) or string.match(ip_address, line) then
+				log:write("ALLOW MATCH FOUND " .. line .. "\n")
+				allowed = true
+				break
+			end
+		end
+		f:close()
+	end
+	if not allowed then
+		log:write("ALLOW MATCH NOT FOUND. ACCESS DENIED\n")
+	end
+	return allowed
+end
+
+function http_code (code)
+	log:write("HTTP code processed " .. code .. "\n")
+	if code == 200 then
+		io.stdout:write("Status: 200 OK\n")
+		io.stdout:write("Content-Type: \n\n")
+	elseif code == 204 then
+		io.stdout:write("Status: 204 No Content\n")
+		io.stdout:write("Content-Type: \n\n")
+	elseif code == 404 then
+		io.stdout:write("Status: 404 Not Found\n")
+		io.stdout:write("Content-Type: \n\n")
+		io.stdout:write("Status: 404 Not Found\n")
+		io.stdout:write("\n")
+	elseif code == 403 then
+		io.stdout:write("Status: 403 Forbidden\n")
+		io.stdout:write("Content-Type: \n\n")
+		io.stdout:write("Status: 403 Forbidden\n")
+		io.stdout:write("\n")
+	else
+		io.stdout:write("Status: 400 Bad Request\n")
+		io.stdout:write("Content-Type: \n\n")
+		io.stdout:write("Status: 400 Bad Request\n")
+		io.stdout:write("\n")
+	end
+end
+
+--------------------------------------------------------------------------------------------------------------
+-- Code Begins Here --
+--------------------------------------------------------------------------------------------------------------
+if not acl_check() then
+	http_code(403)
+	log:close()
+	os.exit()
+end
+
+local basename = posix.basename(path_info)
+local mac = string.match(basename, "%x%x%x%x%x%x%x%x%x%x%x%x")
+
+if ( request_method == "GET" ) then
+	-- don't even bother for files that don't contain a MAC
+	if mac == nil then 
+		http_code(404)
+		log:close()
+		os.exit()
+	end
+
+        -- If it's a Polycom, 404 the MAC.cfg, MAC-directory.xml, MAC-license, MAC-phone.cfg, and MAC-web.cfg files
+	local f = string.match(basename, mac.."(.*)")
+        if string.match(user_agent, "Polycom") and (f==".cfg" or f=="-directory.xml" or f=="-license.cfg" or f=="-phone.cfg" or f=="-web.cfg" or mac=="000000000000") then
+		http_code(404)
+		log:close()
+		os.exit()
+        end
+
+	log:write("Checking PROV Table for results\n")
+	-- Load the ACF mvc
+	local PATH = package.path
+	package.path = "/usr/share/acf/www/cgi-bin/?.lua;" .. package.path
+	require("mvc")
+	package.path = PATH
+	-- We'll use the cli controller, but change the view resolver to call the template
+	local pathinfo = ENV.PATH_INFO
+	FRAMEWORK=mvc:new()
+	FRAMEWORK:read_config("acf")
+	APP=FRAMEWORK:new("acf_cli")
+	APP.view_resolver = function(self)
+		return function (data)
+			if not data.errtxt and data.value.values and data.value.values.value.device and data.value.values.value.device.template then
+				local func = haserl.loadfile(data.value.values.value.device.template)
+				func(data.value.values.value)
+			else
+				if data.errtxt then
+				APP.logevent("data.errtxt")
+				elseif not data.value.values then
+				APP.logevent("not data.value.values")
+				elseif not data.value.values.value.device then
+				APP.logevent("not data.value.values.value.device")
+				elseif not data.value.values.value.device.template then
+				APP.logevent("not data.value.values.value.device.template")
+				end
+				http_code(404)
+			end
+		end
+	end
+	-- Set up the action and parameters
+	ENV.PATH_INFO = "/provisioning/provisioning/getfile"
+	APP.clientdata = {mac=mac, ip=ip_address, agent=user_agent}
+	-- Dispatch the command
+	APP:dispatch()
+	APP:destroy()
+	FRAMEWORK:destroy()
+
+	ENV.PATH_INFO = pathinfo
+elseif ( request_method == "PUT" ) then
+	local data = io.stdin:read("*all")
+
+	log:write("Checking PROV Table for results\n")
+	-- Load the ACF mvc
+	local PATH = package.path
+	package.path = "/usr/share/acf/www/cgi-bin/?.lua;" .. package.path
+	require("mvc")
+	package.path = PATH
+	-- We'll use the cli controller, but change the view resolver to report HTTP code
+	local pathinfo = ENV.PATH_INFO
+	FRAMEWORK=mvc:new()
+	FRAMEWORK:read_config("acf")
+	APP=FRAMEWORK:new("acf_cli")
+	APP.view_resolver = function(self)
+		return function (data)
+			if data.errtxt then
+				http_code(400)
+			else
+				http_code(200)
+			end
+		end
+	end
+	-- Set up the action and parameters
+	ENV.PATH_INFO = "/provisioning/provisioning/putfile"
+	APP.clientdata = {file=path_info, root=root, data=data, ip=ip_address, agent=user_agent}
+	-- Dispatch the command
+	APP:dispatch()
+	APP:destroy()
+	FRAMEWORK:destroy()
+
+	ENV.PATH_INFO = pathinfo
+end
+log:close() 
+%>
diff --git a/cgi-bin/redirect.cgi b/cgi-bin/redirect.cgi
new file mode 100755
index 0000000..5bc91cc
--- /dev/null
+++ b/cgi-bin/redirect.cgi
@@ -0,0 +1,3 @@
+#!/bin/sh
+echo "Location: https://$HTTP_HOST"
+echo