Initial import

COPYING

@@ -0,0 +1,340 @@
+		    GNU GENERAL PUBLIC LICENSE
+		       Version 2, June 1991
+
+ Copyright (C) 1989, 1991 Free Software Foundation, Inc.
+     59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+			    Preamble
+
+  The licenses for most software are designed to take away your
+freedom to share and change it.  By contrast, the GNU General Public
+License is intended to guarantee your freedom to share and change free
+software--to make sure the software is free for all its users.  This
+General Public License applies to most of the Free Software
+Foundation's software and to any other program whose authors commit to
+using it.  (Some other Free Software Foundation software is covered by
+the GNU Library General Public License instead.)  You can apply it to
+your programs, too.
+
+  When we speak of free software, we are referring to freedom, not
+price.  Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+this service if you wish), that you receive source code or can get it
+if you want it, that you can change the software or use pieces of it
+in new free programs; and that you know you can do these things.
+
+  To protect your rights, we need to make restrictions that forbid
+anyone to deny you these rights or to ask you to surrender the rights.
+These restrictions translate to certain responsibilities for you if you
+distribute copies of the software, or if you modify it.
+
+  For example, if you distribute copies of such a program, whether
+gratis or for a fee, you must give the recipients all the rights that
+you have.  You must make sure that they, too, receive or can get the
+source code.  And you must show them these terms so they know their
+rights.
+
+  We protect your rights with two steps: (1) copyright the software, and
+(2) offer you this license which gives you legal permission to copy,
+distribute and/or modify the software.
+
+  Also, for each author's protection and ours, we want to make certain
+that everyone understands that there is no warranty for this free
+software.  If the software is modified by someone else and passed on, we
+want its recipients to know that what they have is not the original, so
+that any problems introduced by others will not reflect on the original
+authors' reputations.
+
+  Finally, any free program is threatened constantly by software
+patents.  We wish to avoid the danger that redistributors of a free
+program will individually obtain patent licenses, in effect making the
+program proprietary.  To prevent this, we have made it clear that any
+patent must be licensed for everyone's free use or not licensed at all.
+
+  The precise terms and conditions for copying, distribution and
+modification follow.
+
+		    GNU GENERAL PUBLIC LICENSE
+   TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
+
+  0. This License applies to any program or other work which contains
+a notice placed by the copyright holder saying it may be distributed
+under the terms of this General Public License.  The "Program", below,
+refers to any such program or work, and a "work based on the Program"
+means either the Program or any derivative work under copyright law:
+that is to say, a work containing the Program or a portion of it,
+either verbatim or with modifications and/or translated into another
+language.  (Hereinafter, translation is included without limitation in
+the term "modification".)  Each licensee is addressed as "you".
+
+Activities other than copying, distribution and modification are not
+covered by this License; they are outside its scope.  The act of
+running the Program is not restricted, and the output from the Program
+is covered only if its contents constitute a work based on the
+Program (independent of having been made by running the Program).
+Whether that is true depends on what the Program does.
+
+  1. You may copy and distribute verbatim copies of the Program's
+source code as you receive it, in any medium, provided that you
+conspicuously and appropriately publish on each copy an appropriate
+copyright notice and disclaimer of warranty; keep intact all the
+notices that refer to this License and to the absence of any warranty;
+and give any other recipients of the Program a copy of this License
+along with the Program.
+
+You may charge a fee for the physical act of transferring a copy, and
+you may at your option offer warranty protection in exchange for a fee.
+
+  2. You may modify your copy or copies of the Program or any portion
+of it, thus forming a work based on the Program, and copy and
+distribute such modifications or work under the terms of Section 1
+above, provided that you also meet all of these conditions:
+
+    a) You must cause the modified files to carry prominent notices
+    stating that you changed the files and the date of any change.
+
+    b) You must cause any work that you distribute or publish, that in
+    whole or in part contains or is derived from the Program or any
+    part thereof, to be licensed as a whole at no charge to all third
+    parties under the terms of this License.
+
+    c) If the modified program normally reads commands interactively
+    when run, you must cause it, when started running for such
+    interactive use in the most ordinary way, to print or display an
+    announcement including an appropriate copyright notice and a
+    notice that there is no warranty (or else, saying that you provide
+    a warranty) and that users may redistribute the program under
+    these conditions, and telling the user how to view a copy of this
+    License.  (Exception: if the Program itself is interactive but
+    does not normally print such an announcement, your work based on
+    the Program is not required to print an announcement.)
+
+These requirements apply to the modified work as a whole.  If
+identifiable sections of that work are not derived from the Program,
+and can be reasonably considered independent and separate works in
+themselves, then this License, and its terms, do not apply to those
+sections when you distribute them as separate works.  But when you
+distribute the same sections as part of a whole which is a work based
+on the Program, the distribution of the whole must be on the terms of
+this License, whose permissions for other licensees extend to the
+entire whole, and thus to each and every part regardless of who wrote it.
+
+Thus, it is not the intent of this section to claim rights or contest
+your rights to work written entirely by you; rather, the intent is to
+exercise the right to control the distribution of derivative or
+collective works based on the Program.
+
+In addition, mere aggregation of another work not based on the Program
+with the Program (or with a work based on the Program) on a volume of
+a storage or distribution medium does not bring the other work under
+the scope of this License.
+
+  3. You may copy and distribute the Program (or a work based on it,
+under Section 2) in object code or executable form under the terms of
+Sections 1 and 2 above provided that you also do one of the following:
+
+    a) Accompany it with the complete corresponding machine-readable
+    source code, which must be distributed under the terms of Sections
+    1 and 2 above on a medium customarily used for software interchange; or,
+
+    b) Accompany it with a written offer, valid for at least three
+    years, to give any third party, for a charge no more than your
+    cost of physically performing source distribution, a complete
+    machine-readable copy of the corresponding source code, to be
+    distributed under the terms of Sections 1 and 2 above on a medium
+    customarily used for software interchange; or,
+
+    c) Accompany it with the information you received as to the offer
+    to distribute corresponding source code.  (This alternative is
+    allowed only for noncommercial distribution and only if you
+    received the program in object code or executable form with such
+    an offer, in accord with Subsection b above.)
+
+The source code for a work means the preferred form of the work for
+making modifications to it.  For an executable work, complete source
+code means all the source code for all modules it contains, plus any
+associated interface definition files, plus the scripts used to
+control compilation and installation of the executable.  However, as a
+special exception, the source code distributed need not include
+anything that is normally distributed (in either source or binary
+form) with the major components (compiler, kernel, and so on) of the
+operating system on which the executable runs, unless that component
+itself accompanies the executable.
+
+If distribution of executable or object code is made by offering
+access to copy from a designated place, then offering equivalent
+access to copy the source code from the same place counts as
+distribution of the source code, even though third parties are not
+compelled to copy the source along with the object code.
+
+  4. You may not copy, modify, sublicense, or distribute the Program
+except as expressly provided under this License.  Any attempt
+otherwise to copy, modify, sublicense or distribute the Program is
+void, and will automatically terminate your rights under this License.
+However, parties who have received copies, or rights, from you under
+this License will not have their licenses terminated so long as such
+parties remain in full compliance.
+
+  5. You are not required to accept this License, since you have not
+signed it.  However, nothing else grants you permission to modify or
+distribute the Program or its derivative works.  These actions are
+prohibited by law if you do not accept this License.  Therefore, by
+modifying or distributing the Program (or any work based on the
+Program), you indicate your acceptance of this License to do so, and
+all its terms and conditions for copying, distributing or modifying
+the Program or works based on it.
+
+  6. Each time you redistribute the Program (or any work based on the
+Program), the recipient automatically receives a license from the
+original licensor to copy, distribute or modify the Program subject to
+these terms and conditions.  You may not impose any further
+restrictions on the recipients' exercise of the rights granted herein.
+You are not responsible for enforcing compliance by third parties to
+this License.
+
+  7. If, as a consequence of a court judgment or allegation of patent
+infringement or for any other reason (not limited to patent issues),
+conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License.  If you cannot
+distribute so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you
+may not distribute the Program at all.  For example, if a patent
+license would not permit royalty-free redistribution of the Program by
+all those who receive copies directly or indirectly through you, then
+the only way you could satisfy both it and this License would be to
+refrain entirely from distribution of the Program.
+
+If any portion of this section is held invalid or unenforceable under
+any particular circumstance, the balance of the section is intended to
+apply and the section as a whole is intended to apply in other
+circumstances.
+
+It is not the purpose of this section to induce you to infringe any
+patents or other property right claims or to contest validity of any
+such claims; this section has the sole purpose of protecting the
+integrity of the free software distribution system, which is
+implemented by public license practices.  Many people have made
+generous contributions to the wide range of software distributed
+through that system in reliance on consistent application of that
+system; it is up to the author/donor to decide if he or she is willing
+to distribute software through any other system and a licensee cannot
+impose that choice.
+
+This section is intended to make thoroughly clear what is believed to
+be a consequence of the rest of this License.
+
+  8. If the distribution and/or use of the Program is restricted in
+certain countries either by patents or by copyrighted interfaces, the
+original copyright holder who places the Program under this License
+may add an explicit geographical distribution limitation excluding
+those countries, so that distribution is permitted only in or among
+countries not thus excluded.  In such case, this License incorporates
+the limitation as if written in the body of this License.
+
+  9. The Free Software Foundation may publish revised and/or new versions
+of the General Public License from time to time.  Such new versions will
+be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+Each version is given a distinguishing version number.  If the Program
+specifies a version number of this License which applies to it and "any
+later version", you have the option of following the terms and conditions
+either of that version or of any later version published by the Free
+Software Foundation.  If the Program does not specify a version number of
+this License, you may choose any version ever published by the Free Software
+Foundation.
+
+  10. If you wish to incorporate parts of the Program into other free
+programs whose distribution conditions are different, write to the author
+to ask for permission.  For software which is copyrighted by the Free
+Software Foundation, write to the Free Software Foundation; we sometimes
+make exceptions for this.  Our decision will be guided by the two goals
+of preserving the free status of all derivatives of our free software and
+of promoting the sharing and reuse of software generally.
+
+			    NO WARRANTY
+
+  11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
+FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW.  EXCEPT WHEN
+OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
+PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
+OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.  THE ENTIRE RISK AS
+TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU.  SHOULD THE
+PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
+REPAIR OR CORRECTION.
+
+  12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
+REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
+INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
+OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
+TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
+YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
+PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGES.
+
+		     END OF TERMS AND CONDITIONS
+
+	    How to Apply These Terms to Your New Programs
+
+  If you develop a new program, and you want it to be of the greatest
+possible use to the public, the best way to achieve this is to make it
+free software which everyone can redistribute and change under these terms.
+
+  To do so, attach the following notices to the program.  It is safest
+to attach them to the start of each source file to most effectively
+convey the exclusion of warranty; and each file should have at least
+the "copyright" line and a pointer to where the full notice is found.
+
+    <one line to give the program's name and a brief idea of what it does.>
+    Copyright (C) 19yy  <name of author>
+
+    This program is free software; you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation; either version 2 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program; if not, write to the Free Software
+    Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+
+
+Also add information on how to contact you by electronic and paper mail.
+
+If the program is interactive, make it output a short notice like this
+when it starts in an interactive mode:
+
+    Gnomovision version 69, Copyright (C) 19yy name of author
+    Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
+    This is free software, and you are welcome to redistribute it
+    under certain conditions; type `show c' for details.
+
+The hypothetical commands `show w' and `show c' should show the appropriate
+parts of the General Public License.  Of course, the commands you use may
+be called something other than `show w' and `show c'; they could even be
+mouse-clicks or menu items--whatever suits your program.
+
+You should also get your employer (if you work as a programmer) or your
+school, if any, to sign a "copyright disclaimer" for the program, if
+necessary.  Here is a sample; alter the names:
+
+  Yoyodyne, Inc., hereby disclaims all copyright interest in the program
+  `Gnomovision' (which makes passes at compilers) written by James Hacker.
+
+  <signature of Ty Coon>, 1 April 1989
+  Ty Coon, President of Vice
+
+This General Public License does not permit incorporating your program into
+proprietary programs.  If your program is a subroutine library, you may
+consider it more useful to permit linking proprietary applications with the
+library.  If this is what you want to do, use the GNU Library General
+Public License instead of this License.

createlinks

@@ -0,0 +1,21 @@
+#!/usr/bin/perl -w
+
+use esmith::Build::CreateLinks qw(:all);
+
+panel_link("userpanelaccess", "manager");
+
+event_link("conf-userpanelsymlinks", "conf-userpanel", "20");
+event_link("conf-userpanelsymlinks", "webapps-update", "20");
+
+foreach my $event (qw/ipasserelle-update bootstrap-ldap-save webapps-update/){
+    event_link("ipasserelle-init-config-domain", "$event", "25");
+    templates2events("/etc/lemonldap-ng/lemonldap-ng-admin.ini", "$event");
+    templates2events("/etc/lemonldap-ng/lemonldap-ng-pki.ini", "$event");
+}
+
+# Create language symlinks
+foreach my $lang qw(bg da de el en-us es et fr he hu id it ja nb
+                    nl pl pt pt-br ro ru sl sv th tr zh-cn zh-tw){
+    safe_symlink("/etc/e-smith/locale/$lang/etc/e-smith/web/functions",
+                 "root/etc/e-smith/locale/$lang/etc/e-smith/web/panels/user/cgi-bin");
+}

ipasserelle-userpanel.spec

@@ -0,0 +1,87 @@
+Summary: iPasserelle User Panel module
+%define name ipasserelle-userpanel
+Name: %{name}
+%define version 0.2.0
+%define release 1
+Version: %{version}
+Release: %{release}%{?dist}
+License: GPL
+URL: http://www.ipasserelle.com
+Group: SMEserver/addon
+Source: %{name}-%{version}.tar.gz
+
+BuildArch: noarch
+BuildRoot: /var/tmp/%{name}-%{version}
+
+Requires: e-smith-base >= 5.2.0-62
+Requires: ipasserelle-base
+Requires: smeserver-lemonldap-ng => 0.1-15
+Requires: smeserver-webapps-common >= 0.1-10
+
+BuildRequires: e-smith-devtools
+
+Obsoletes: smeserver-userpanel
+Obsoletes: ipasserelle-user-portal
+Provides: smeserver-userpanel
+
+%description
+iPasserelle User Portal provides a user oriented
+portal where they can set their own settings
+Admins can also delegate panels to users
+This module is based on smeserver-userpanel
+
+%changelog
+* Tue Nov 12 2013 Daniel Berteaud <daniel@firewall-services.com> 0.2.0-1
+- Import in GIT
+
+* Mon Nov 14 2011 Daniel Berteaud <daniel@firewall-services.com> 0.1-6
+- create language symlinks
+
+* Tue Jul 19 2011 Daniel Berteaud <daniel@firewall-services.com> 0.1-5
+- Move SetEnvIf directives
+- Add SSO protected access to PHPki
+- Don't send $cn as header as it prevent access if username contains accent
+
+* Mon Jul 18 2011 Daniel Berteaud <daniel@firewall-services.com> 0.1-4
+- Rewrite userpanel-navigation (based on the current server-manager's one)
+
+* Mon Jul 11 2011 Daniel Berteaud <daniel@firewall-services.com> 0.1-3
+- Add httpd-admin handler to the list of handler which need a reload
+
+* Wed Jul 06 2011 Daniel Berteaud <daniel@firewall-services.com> 0.1-2
+- Expand LL::NG conf also in bootstrap-ldap-save and ipasserelle-update
+
+* Tue Jun 28 2011 Daniel Berteaud <daniel@firewall-services.com> 0.1-1
+- initial release (based on smeserver-userpanel-0.9-11)
+
+
+%prep
+%setup
+
+%build
+perl createlinks
+
+%{__mkdir_p} root/etc/e-smith/web/panels/user/cgi-bin
+
+%install
+rm -rf $RPM_BUILD_ROOT
+(cd root   ; find . -depth -print | cpio -dump $RPM_BUILD_ROOT)
+rm -f %{name}-%{version}-filelist
+/sbin/e-smith/genfilelist $RPM_BUILD_ROOT > %{name}-%{version}-filelist
+echo "%doc COPYING"  >> %{name}-%{version}-filelist
+
+%clean
+cd ..
+rm -rf %{name}-%{version}
+
+%pre
+
+%preun
+
+%post
+
+%postun
+
+%files -f %{name}-%{version}-filelist
+%defattr(-,root,root)
+

root/etc/e-smith/db/configuration/migrate/LemonLDAPSOAPAccess

@@ -0,0 +1,26 @@
+{
+
+my $llng = $DB->get("lemonldap") ||
+        $DB->new_record("lemonldap", { type => "service" });
+
+my @soapaccess = split(/[;,]/, ($llng->prop('SoapAllowFrom') || ''));
+my $internal = $DB->get('InternalInterface')->prop('IPAddress');
+push @soapaccess, $internal if (!grep {$internal eq $_} @soapaccess);
+$llng->set_prop('SoapAllowFrom', join(',',@soapaccess));
+
+# httpd-admin handler
+my @reload =  split(/[;,]/, ($llng->prop('Reload') || ''));
+my $reloadurl = 'localhost:980=http://localhost:980/lm-reload';
+push @reload, $reloadurl if (!grep {$reloadurl eq $_} @reload);
+
+# httpd-pki handler
+$reloadurl = 'localhost:940=http://localhost:940/lm-reload';
+my $phpki = $DB->get('httpd-pki');
+if($phpki){
+    my $status = $phpki->prop('status') || 'disabled';
+    push @reload, $reloadurl if ((!grep {$reloadurl eq $_} @reload) && ($status eq 'enabled'));
+}
+
+$llng->set_prop('Reload', join(',',@reload));
+
+}

root/etc/e-smith/events/actions/conf-userpanelsymlinks

@@ -0,0 +1,92 @@
+#!/usr/bin/perl -w
+
+#----------------------------------------------------------------------
+#
+# Copyright (c) 2001 Daniel van Raay
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.	See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307  USA
+#----------------------------------------------------------------------
+
+package esmith;
+
+use strict;
+use Errno;
+use esmith::config;
+use esmith::util;
+use esmith::db;
+
+my %conf;
+tie %conf, 'esmith::config';
+
+my %accounts;
+tie %accounts, 'esmith::config', '/home/e-smith/db/accounts';
+
+#---------------------------------------------------------------------------
+# clear and re-create all the user panel symlinks
+#---------------------------------------------------------------------------
+
+#clear
+opendir (DIR, "/etc/e-smith/web/panels/user/cgi-bin/") or
+    die "Can't open directory /etc/e-smith/web/panels/user/cgi-bin/\n";
+my @symlinks = grep (!/^\./, readdir (DIR));
+closedir (DIR);
+
+foreach my $link (@symlinks)
+{
+    -e "/etc/e-smith/web/panels/user/cgi-bin/$link" && unlink("/etc/e-smith/web/panels/user/cgi-bin/$link");
+}
+
+#always link userpanels
+my %newsymlinks;
+opendir (DIR, "/etc/e-smith/web/functions/") or
+    die "Can't open directory /etc/e-smith/web/functions/\n";
+foreach my $userpanels ( grep (/^(userpanel-initial|userpanel-navigation|userpanel-noframes|pleasewait)$/, readdir (DIR)) )
+{
+    $newsymlinks{$userpanels} = 'Yes';
+}
+closedir (DIR);
+
+#also add needed panels
+foreach my $user (sort keys %accounts)
+{
+    my $userAdminPanels = db_get_prop(\%accounts, $user, "AdminPanels");
+    $userAdminPanels = '' if ! defined ($userAdminPanels);
+
+    foreach my $panels (split (/,/, $userAdminPanels))
+    {
+        $newsymlinks{$panels} = 'Yes';
+    }
+}
+
+foreach my $link ( sort keys %newsymlinks )
+{
+    if ( -e "/etc/e-smith/web/functions/$link" &&
+         ! -e "/etc/e-smith/web/panels/user/cgi-bin/$link" )
+    {
+	#symlink("../../../functions/$link", "/etc/e-smith/web/panels/user/cgi-bin/$link") ||
+	link("/etc/e-smith/web/functions/$link", "/etc/e-smith/web/panels/user/cgi-bin/$link") ||
+	    warn "Couldn't link('functions/$link' to '/etc/e-smith/web/panels/user/cgi-bin/$link'): $!\n";
+    }
+}
+
+  system("/sbin/e-smith/expand-template /etc/httpd/admin-conf/httpd.conf") == 0
+      or warn ("Error expanding httpd.conf \n");
+
+  #system("/etc/rc.d/init.d/httpd-admin restart") == 0
+  #   or warn ("Error occurred restarting httpd-admin \n");
+  esmith::util::backgroundCommand (1, "/usr/local/bin/svc", "-h", "/service/httpd-admin");# == 0
+
+exit (0);
+

root/etc/e-smith/events/actions/ipasserelle-init-config-domain

@@ -0,0 +1,51 @@
+#!/usr/bin/perl -w
+#----------------------------------------------------------------------
+# copyright (C) 2011 Firewall-Services
+# daniel@firewall-services.com
+# 
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307  USA
+# 
+# Technical support for this program is available from Mitel Networks 
+# Please visit our web site www.mitel.com/sme/ for details.
+#----------------------------------------------------------------------
+
+use strict;
+use warnings;
+use esmith::DomainsDB;
+use esmith::ConfigDB;
+
+my $d = esmith::DomainsDB->open or die "Couldn't open DomainsDB\n";
+my $c = esmith::ConfigDB->open_ro() or die "Couldn't open ConfigDB\n";
+
+my $domain = $c->get('DomainName')->value;
+my $vhost;
+
+$vhost = $d->get("config.$domain");
+
+exit (0) if ($vhost);
+
+$d->new_record("config.$domain",{
+        type         => 'domain',
+        Content      => 'Primary',
+        Description  => "Accès à la configuration de l'iPasserelle",
+        Nameservers  => 'internet',
+        TemplatePath => 'UserManagerVirtualHost',
+        Removable    => 'no',
+});
+
+unless ( system("/sbin/e-smith/signal-event", "domain-create", "config.$domain") == 0 ){
+    die "Failed to create domain ip.$domain\n";
+}
+

root/etc/e-smith/templates.metadata/etc/lemonldap-ng/lemonldap-ng-admin.ini

@@ -0,0 +1,4 @@
+PERMS=0640
+UID="root"
+GID="admin"
+

root/etc/e-smith/templates.metadata/etc/lemonldap-ng/lemonldap-ng-pki.ini

@@ -0,0 +1,4 @@
+PERMS=0640
+UID="root"
+GID="phpki"
+

root/etc/e-smith/templates/etc/httpd/admin-conf/httpd.conf/20LoadModule80mod_perl

@@ -0,0 +1,8 @@
+{
+    my $status = $modPerl{status};
+
+    return "# modPerl disabled" unless ($status and $status eq "enabled");
+
+    return "LoadModule perl_module      modules/mod_perl.so";
+}
+

root/etc/e-smith/templates/etc/httpd/admin-conf/httpd.conf/25LemonLDAPHandler

@@ -0,0 +1,20 @@
+# Load LemonLDAP::NG Handler
+PerlOptions +GlobalRequest
+PerlRequire /var/lib/lemonldap-ng/handler/MyAdminHandler.pm
+
+# Common error page and security parameters
+ErrorDocument 403 http://auth.{$DomainName}/?lmError=403
+ErrorDocument 500 http://auth.{$DomainName}/?lmError=500
+
+
+# Configuration reload mechanism (only 1 per physical server is
+# needed): choose your URL to avoid restarting Apache when
+# configuration change
+<Location /lm-reload>
+    Order deny,allow
+    Deny from all
+    Allow from localhost
+    PerlHeaderParserHandler My::Package->refresh
+    Satisfy any
+</Location>
+

root/etc/e-smith/templates/etc/httpd/admin-conf/httpd.conf/80Aliases05userpanel

@@ -0,0 +1,9 @@
+
+# Aliases for the e-smith-user panel:
+
+    ScriptAlias /user-manager/cgi-bin /etc/e-smith/web/panels/user/cgi-bin
+    Alias /user-manager /etc/e-smith/web/panels/user/html
+
+    ScriptAlias /user/cgi-bin /etc/e-smith/web/panels/user/cgi-bin
+    Alias /user /etc/e-smith/web/panels/user/html
+

root/etc/e-smith/templates/etc/httpd/admin-conf/httpd.conf/90e-smithAccess30user

@@ -0,0 +1,76 @@
+#------------------------------------------------------------
+# e-smith-user panel
+#------------------------------------------------------------
+{
+    use esmith::AccountsDB;
+    my $a = esmith::AccountsDB->open_ro;
+
+    my %panelshash;
+    opendir (DIR, "/etc/e-smith/web/panels/user/cgi-bin")
+        || die "Can't open /etc/e-smith/web/panels/user/cgi-bin directory.\n";
+
+    my @files = sort (grep (!/(^\.\.?$)|(^pleasewait$)|(^userpanel-[a-z][\-\_a-z0-9]*)/, readdir(DIR)));
+
+    closedir (DIR);
+
+# TODO: globalPanels
+#    my $globalpanels = db_get_prop(\%accounts, 'globalUP', 'AdminPanels');
+#    $globalpanels = '' if ( ! defined ($globalpanels) );
+#    my @globalpanels = split (/,/, $globalpanels, -1);
+
+    foreach $file (@files){
+        next if ($globalpanels && grep (/^$file$/, @globalpanels));
+        foreach my $user ($a->users){
+            my $key = $user->key;
+            push @{$panelshash{$file}}, $key
+                if ((grep {$file eq $_} split(/[;,]/, ($user->prop('AdminPanels') || '')))
+                    && (!grep {$key eq $_} @{$panelshash{$file}}));
+        }
+        foreach my $group ($a->groups){
+            foreach my $member (split(/[;,]/,($group->prop('Members') || ''))){
+                push @{$panelshash{$file}}, $member
+                    if ((grep {$file eq $_} split(/[;,]/, ($group->prop('AdminPanels') || '')))
+                        && (!grep {$member eq $_} @{$panelshash{$file}}));
+            }
+        }
+    }
+
+    $OUT .= <<HERE;
+
+<Directory \"/etc/e-smith/web/panels/user/html\" >
+    Options Includes Indexes FollowSymLinks
+    AllowOverride None
+    order deny,allow
+    deny from all
+    allow from $localAccess
+    PerlHeaderParserHandler My::Package
+    Satisfy all
+</Directory>
+
+<Directory \"/etc/e-smith/web/panels/user/cgi-bin\" >
+    Options Includes Indexes FollowSymLinks
+    AllowOverride None
+    order deny,allow
+    deny from all
+    allow from $localAccess
+    PerlHeaderParserHandler My::Package
+    Satisfy all
+
+HERE
+
+    foreach my $file (@files){
+        next unless ( defined ($panelshash{$file}) );
+        foreach my $u (@{$panelshash{$file}}){
+            $OUT .= "    SetEnvIf Auth-User \"$u\" allow_$file\n";
+        }
+        $OUT .= "\n";
+        $OUT .= "    <Files $file>\n";
+        $OUT .= "         order deny,allow\n";
+        $OUT .= "         deny from all\n";
+        $OUT .= "         allow from env=allow_$file\n";
+        $OUT .= "    </Files>\n";
+    }
+
+    $OUT .= "</Directory>\n";
+}
+

root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/UserManagerVirtualHost/00Setup

@@ -0,0 +1,10 @@
+{
+    use esmith::DomainsDB;
+    # Convert the passed hash for the domain object back into an object.
+    $domain = bless \%domain, 'esmith::DB::db::Record';
+
+    # Make scalars from some of the properties of the domain
+    $virtualHost = $domain->key;
+    $OUT = "";
+}
+

root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/UserManagerVirtualHost/02ServerName

@@ -0,0 +1 @@
+    ServerName {$virtualHost}

root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/UserManagerVirtualHost/25SSLDirectives

@@ -0,0 +1,15 @@
+{
+    my $ssl = $domain->prop('RequireSSL') || 'disabled';
+
+    if (($modSSL{TCPPort} || "443") eq $port){
+        $OUT .= "    SSLEngine on\n";
+    }
+    else {
+        $OUT .=<<'EOF';
+    RewriteEngine on
+    RewriteRule ^/(.*|$) https://%{HTTP_HOST}/$1 [L,R]
+
+EOF
+    }
+}
+

root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/UserManagerVirtualHost/26RewriteTraceAndTrack

@@ -0,0 +1,8 @@
+{
+    $OUT =<<'HERE';
+    RewriteEngine on
+    RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
+    RewriteRule .* - [F]
+HERE
+}
+

root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/UserManagerVirtualHost/40ApacheIconAlias

@@ -0,0 +1,3 @@
+    # alias for Apache icons
+    Alias /icons/ /var/www/icons/
+

root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/UserManagerVirtualHost/50Content

@@ -0,0 +1,18 @@
+{
+
+$OUT .=<<"EOF";
+
+    ProxyPreserveHost on
+    RewriteEngine on
+    RewriteRule (^/(user/cgi-bin/.*)|(user-manager(.*)?)|(server-common/.*))\$ http://localhost:980/\$1 [P,L]
+    RewriteRule ^/phpki(sso)?(/.*)\$ http://localhost:940/phpkisso\$2 [P,L]
+
+    <Location />
+        Order deny,allow
+        Deny from all
+        Allow from $localAccess $externalSSLAccess
+    </Location>
+
+EOF
+
+}

root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/UserManagerVirtualHost/template-begin

@@ -0,0 +1,3 @@
+
+<VirtualHost {$ipAddress}:{$port}>
+

root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/UserManagerVirtualHost/template-end

@@ -0,0 +1,2 @@
+</VirtualHost>
+

root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/VirtualHosts/28UserManagerProxyPass

@@ -0,0 +1,9 @@
+{
+    # vim: ft=perl:
+
+    $OUT = '';
+    foreach $place ('user-manager','user')
+    {
+        $OUT .= "    RewriteRule ^/$place(/.*|\$)    https://config.$DomainName/$place\$1 [L,R]\n";
+    }
+}

root/etc/e-smith/templates/etc/httpd/pki-conf/httpd.conf/20LoadModule80mod_perl

@@ -0,0 +1,8 @@
+{
+    my $status = $modPerl{status};
+
+    return "# modPerl disabled" unless ($status and $status eq "enabled");
+
+    return "LoadModule perl_module      modules/mod_perl.so";
+}
+

root/etc/e-smith/templates/etc/httpd/pki-conf/httpd.conf/25LemonLDAPHandler

@@ -0,0 +1,19 @@
+# Load LemonLDAP::NG Handler
+PerlOptions +GlobalRequest
+PerlRequire /var/lib/lemonldap-ng/handler/MyPkiHandler.pm
+
+# Common error page and security parameters
+ErrorDocument 403 http://auth.{$DomainName}/?lmError=403
+ErrorDocument 500 http://auth.{$DomainName}/?lmError=500
+
+
+# Configuration reload mechanism (only 1 per physical server is
+# needed): choose your URL to avoid restarting Apache when
+# configuration change
+<Location /lm-reload>
+    Order deny,allow
+    Deny from all
+    Allow from localhost
+    PerlHeaderParserHandler My::Package->refresh
+</Location>
+

root/etc/e-smith/templates/etc/httpd/pki-conf/httpd.conf/95phpkisso

@@ -0,0 +1,16 @@
+
+Alias /phpkisso /opt/phpki/html/
+
+<Location /phpkisso/ca>
+    PerlHeaderParserHandler My::Package
+{
+my @users = split(/\s/, getUsersList("phpki"));
+foreach my $u (@users){
+   $OUT .= "    SetEnvIf Auth-User \"$u\" allow_phpki\n";
+}
+}
+    order deny,allow
+    deny from all
+    allow from env=allow_phpki
+</Location>
+

root/etc/e-smith/templates/etc/lemonldap-ng/lemonldap-ng-admin.ini/05All

@@ -0,0 +1,9 @@
+[all]
+
+[configuration]
+type = SOAP
+proxy = https://lemonsoap:{$lemonldap{'SoapPassword'};}@soapsso.{$DomainName}/index.pl/config
+proxyOptions = \{ timeout => 5 \}
+localStorage=Cache::FileCache
+localStorageOptions=\{ 'namespace' => 'LemonLDAPngAdmin', 'default_expires_in' => 600, 'directory_umask' => '007', 'cache_root' => '/tmp', 'cache_depth' => 5, \}
+

root/etc/e-smith/templates/etc/lemonldap-ng/lemonldap-ng-pki.ini/05All

@@ -0,0 +1,9 @@
+[all]
+
+[configuration]
+type = SOAP
+proxy = https://lemonsoap:{$lemonldap{'SoapPassword'};}@soapsso.{$DomainName}/index.pl/config
+proxyOptions = \{ timeout => 5 \}
+localStorage=Cache::FileCache
+localStorageOptions=\{ 'namespace' => 'LemonLDAPngPki', 'default_expires_in' => 600, 'directory_umask' => '007', 'cache_root' => '/tmp', 'cache_depth' => 5, \}
+

root/etc/e-smith/templates/var/lib/lemonldap-ng/conf/lmConf/030userportal

@@ -0,0 +1,25 @@
+{
+
+$conf->{'locationRules'}->{"config.$domain"} = {
+             '(?#001common)^/server-common' => 'unprotect',
+             '(?#010phpki)^/phpkisso/ca' => '$groups =~ /\\b(equipe|admins)\\b/ and ($localAccess or $externalSSLAccess)',
+             'default' => 'deny',
+             '(?#005usermanager)^/user(/cgi\\-bin/|\\-manager)' => '$groups =~ /\\b(equipe|admins)\\b/ and ($localAccess or $externalSSLAccess)'
+} unless $conf->{'locationRules'}->{"config.$domain"};
+
+$conf->{'exportedHeaders'}->{"config.$domain"} = {
+             'Auth-User' => '$uid',
+} unless $conf->{'exportedHeaders'}->{"config.$domain"};
+
+$conf->{'applicationList'}->{'020utils'}->{'usermanager'} = {
+             'options' => {
+                      'logo' => 'configure.png',
+                      'name' => 'Configuration',
+                      'description' => 'Configuration iPasserelle',
+                      'uri' => "https://config.$domain/user-manager",
+                      'display' => 'auto'
+             },
+             'type' => 'application'
+} unless $conf->{'applicationList'}->{'020utils'}->{'usermanager'};
+
+}

root/etc/e-smith/web/functions/userpanel-initial

@@ -0,0 +1,83 @@
+#!/usr/bin/perl -wT
+
+#----------------------------------------------------------------------
+#
+# Copyright (c) 2011-2013 Firewall-Services
+# daniel@firewall-services.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307  USA
+#----------------------------------------------------------------------
+
+package esmith;
+
+use strict;
+use CGI ':all';
+use CGI::Carp qw(fatalsToBrowser);
+
+BEGIN
+{   
+    # Clear PATH and related environment variables so that calls to
+    # external programs do not cause results to be tainted. See
+    # "perlsec" manual page for details.
+
+    $ENV {'PATH'} = '';
+    $ENV {'SHELL'} = '/bin/bash';
+    delete $ENV {'ENV'};
+}
+
+$CGI::POST_MAX=1024 * 100;  # max 100K posts
+$CGI::DISABLE_UPLOADS = 1;  # no uploads
+
+my $q = new CGI;
+
+print $q->header (-EXPIRES => '+-20y', charset => 'UTF-8');
+
+print $q->start_html (-TITLE        => 'Portail de configuration iPasserelle',
+                      -AUTHOR       => 'daniel@firewall-services.com',
+                      -META         => {'copyright' => 'Copyright 2011-2013 Firewall-Services'},
+                      -CLASS        => "main",
+                      -STYLE        => {
+                            -code => '@import url("/server-common/css/sme_main.css");',
+                            -src => '/server-common/css/sme_core.css'
+                     });
+
+
+my $user = $ENV{'REMOTE_USER'};
+my $name = $ENV{'HTTP_USER_NAME'} || $user;
+
+print $q->h1("Portail de configuration iPasserelle");
+print $q->h2("Bienvenue $name");
+
+print <<"EOF";
+<p><p>
+Vous pouvez modifier les param&egrave;tres de votre compte
+en cliquant sur les diff&eacute;rents menus sur la gauche.
+<ul>
+<center>
+<img src=/server-common/ipasserelle_logo.jpg><p>
+</center>
+
+EOF
+
+print $q->endform;
+
+print $q->p
+    ($q->hr ({-CLASS => "sme-copyrightbar"}),
+    $q->div ({-CLASS => "sme-copyright"},
+    "Portail de configuration iPasserelle<BR>" .
+    "Copyright 2011-2013 Firewall-Services.<BR>"));
+print '</DIV>';
+print $q->end_html;
+

root/etc/e-smith/web/functions/userpanel-navigation

@@ -0,0 +1,313 @@
+#!/usr/bin/perl -wT
+
+#----------------------------------------------------------------------
+# User manager functions: navigation
+#
+# copyright (C) 2011 Firewall Services
+# daniel@firewall-services.com
+# 
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+# 		
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+# 		
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307  USA
+# 
+#----------------------------------------------------------------------
+package esmith;
+
+use strict;
+use CGI ':no_xhtml', ':all';
+use CGI::Carp qw(fatalsToBrowser);
+
+use esmith::cgi;
+use esmith::config;
+use esmith::AccountsDB;
+use esmith::NavigationDB;
+use esmith::util;
+use esmith::I18N;
+
+sub showNavigation ($);
+
+BEGIN
+{
+    # Clear PATH and related environment variables so that calls to
+    # external programs do not cause results to be tainted. See
+    # "perlsec" manual page for details.
+
+    $ENV {'PATH'} = '';
+    $ENV {'SHELL'} = '/bin/bash';
+    delete $ENV {'ENV'};
+}
+
+esmith::util::setRealToEffective ();
+
+$CGI::POST_MAX=1024 * 100;  # max 100K posts
+$CGI::DISABLE_UPLOADS = 1;  # no uploads
+
+# Use the one script for navigation and noframes
+my $NO_FRAMES = ($0 =~ /noframes/);
+
+my %conf;
+tie %conf, 'esmith::config';
+
+my $accdb = esmith::AccountsDB->open_ro || die "Couldn't open AccountsDB\n";
+
+my $q = new CGI;
+
+showNavigation ($q);
+exit (0);
+
+#------------------------------------------------------------
+# subroutine to display navigation bar
+#------------------------------------------------------------
+
+sub showNavigation ($)
+{
+    my $q = shift;
+ 
+    # enable utf8 binmode so new translations work
+    binmode STDOUT, ":utf8";
+
+    my $acctName = $ENV{'REMOTE_USER'};
+    my $user = $accdb->get($acctName) || die "User $acctName not found in AccountsDB\n";
+    my $availablePanels = $user->prop('AdminPanels') || '';
+    foreach ($accdb->user_group_list($acctName)){
+        my $group = $accdb->get($_) || die "Group $_ not found in AccountsDB\n";
+        $availablePanels .= ',' . ($group->prop('AdminPanels') || '');
+    }
+    my $glob = $accdb->get('globalUP');
+    my $globalPanels = $glob->prop('AdminPanels') || '';
+
+    my @adminpanels;
+    if ( defined ($availablePanels) && defined ($globalPanels) )
+    {   
+        @adminpanels = ((split (/,/, $availablePanels, -1)),(split (/,/, $globalPanels, -1)));
+    }
+    elsif ( defined ($globalPanels) )
+    {   
+        @adminpanels = split (/,/, $globalPanels, -1);
+    }
+    elsif ( defined ($availablePanels) )
+    {   
+        @adminpanels = split (/,/, $availablePanels, -1);
+    }
+
+    # Use this variable throughout to keep track of files
+    # list of just the files
+    my $c = "1";
+    my @files = ();
+    my %files_hash = ();
+	
+    #-----------------------------------------------------
+    # Determine the directory where the functions are kept
+    #-----------------------------------------------------
+
+    my $navigation_ignore =
+        "(\.\.?|navigation|noframes|online-manual|(internal|pleasewait)(-.*)?)";
+
+    my $cgidir = '/etc/e-smith/web/panels/user/cgi-bin/';
+
+    if (opendir (DIR, $cgidir))
+    {   
+        @files = grep (!/^(\..*|userpanel-navigation|userpanel-noframes|userpanel-initial|pleasewait)$/,
+        readdir (DIR));
+        closedir (DIR);
+    }
+    else
+    {   
+        warn "Can't open directory $cgidir\n";
+    }
+
+    foreach my $file (@files)
+    {
+        foreach my $adminpanel (@adminpanels)
+        {
+            if ( $file eq $adminpanel )
+            {
+                $files_hash{$file} = $cgidir;
+            }
+        }
+    }
+
+    #-------------------------------------------------- 
+    # For each script, extract the description and category
+    # information. Build up an associative array mapping headings
+    # to heading structures. Each heading structure contains the
+    # total weight for the heading, the number of times the heading
+    # has been encountered, and another associative array mapping
+    # descriptions to description structures. Each description
+    # structure contains the filename of the particular cgi script
+    # and a weight.
+    #-------------------------------------------------- 
+    my %nav = ();
+
+    use constant NAVIGATIONDIR => '/home/e-smith/db/navigation';
+    use constant WEBFUNCTIONS  => '/etc/e-smith/web/functions';
+
+    my $i18n = new esmith::I18N;
+
+    my $language = $i18n->preferredLanguage( $ENV{HTTP_ACCEPT_LANGUAGE} );
+
+    my $navinfo = NAVIGATIONDIR . "/navigation.$language";
+
+    my $navdb = esmith::NavigationDB->open_ro( $navinfo ) or
+	die "Couldn't open $navinfo\n";
+
+    # Check the navdb for anything with a UrlPath, which means that it doesn't
+    # have a cgi file to be picked up by the above code. Ideally, only pages
+    # that exist should be in the db, but that's not the case. Anything
+    # without a cgi file will have to remove themselves on uninstall from the
+    # navigation dbs.
+    foreach my $rec ($navdb->get_all)
+    {
+	if ($rec->prop('UrlPath'))
+	{
+	    $files_hash{$rec->{key}} = $cgidir;
+	}
+    }
+
+    foreach my $file (keys %files_hash)
+    {
+	my $heading = 'Unknown';
+	my $description = $file;
+	my $headingWeight = 99999;
+	my $descriptionWeight = 99999;
+	my $urlpath = '';
+
+	my $rec = $navdb->get($file);
+
+	if (defined $rec)
+	{
+	    $heading = $rec->prop('Heading');
+	    $description = $rec->prop('Description');
+	    $headingWeight = $rec->prop('HeadingWeight');
+	    $descriptionWeight = $rec->prop('DescriptionWeight');
+	    $urlpath = $rec->prop('UrlPath') || '';
+	}
+
+	#-------------------------------------------------- 
+	# add heading, description and weight information to data structure
+	#-------------------------------------------------- 
+
+	unless (exists $nav {$heading})
+	{
+	    $nav {$heading} = { COUNT => 0, WEIGHT => 0, DESCRIPTIONS => [] };
+	}
+
+	$nav {$heading} {'COUNT'} ++;
+	$nav {$heading} {'WEIGHT'} += $headingWeight;
+
+	# Check for manager panel, and assign the appropriate
+	#  cgi-bin prefix for the links.
+	# Grab the last 2 directories by splitting for '/'s and
+	#  then concatenating the last 2
+	# probably a better way, but I don't know it.
+	my @filename = split /\//, $files_hash{$file};
+	my $path = ($cgidir eq '/etc/e-smith/web/panels/user/cgi-bin/') ? 
+	    "/$filename[scalar @filename - 1]" : 
+	    "/$filename[scalar @filename - 2]/$filename[scalar @filename - 1]";
+	
+	push @{ $nav {$heading} {'DESCRIPTIONS'} },
+		{ DESCRIPTION => $description,
+		  WEIGHT => $descriptionWeight, 
+		  FILENAME => $urlpath ? $urlpath : "$path/$file",
+		  CGIPATH => $path
+		};
+    }
+
+    #-------------------------------------------------- 
+    # generate list of headings sorted by average weight
+    #-------------------------------------------------- 
+    if ( $NO_FRAMES )
+    {
+	esmith::cgi::genNoframesHeader ($q);
+    }
+    else
+    {
+        esmith::cgi::genNavigationHeader ($q, undef);
+	print "\n<TABLE BORDER=\"0\" CELLSPACING=\"0\" CELLPADDING=\"0\">\n";
+    }
+
+  print '<script language="JavaScript" type="text/javascript">
+  <!-- Hide script
+  //This swap the class of the selected item.
+    function swapClass() {
+    var i,x,tB,j=0,tA=new Array(),arg=swapClass.arguments;
+    if(document.getElementsByTagName){for(i=4;i<arg.length;i++){tB=document.getElementsByTagName(arg[i]);
+    for(x=0;x<tB.length;x++){tA[j]=tB[x];j++;}}for(i=0;i<tA.length;i++){
+    if(tA[i].className){if(tA[i].id==arg[1]){if(arg[0]==1){
+    tA[i].className=(tA[i].className==arg[3])?arg[2]:arg[3];}else{tA[i].className=arg[2];}
+    }else if(arg[0]==1 && arg[1]==\'none\'){if(tA[i].className==arg[2] || tA[i].className==arg[3]){
+    tA[i].className=(tA[i].className==arg[3])?arg[2]:arg[3];}
+    }else if(tA[i].className==arg[2]){tA[i].className=arg[3];}}}}}
+    ';
+    print "
+  //This swap the class of the selected item.
+    function swapClasses() {
+    var arg=swapClasses.arguments;
+    swapClass(0,'none','item-current','item','a');
+    swapClass(0,'none','warn-current','warn','a');
+    swapClass(0,arg[0],'item-current','item','a');
+    }
+
+    // End script hiding -->
+    </script>
+    ";
+
+    foreach my $h (sort {
+	 ($nav{$a}{'WEIGHT'}/$nav{$a}{'COUNT'}) <=>
+	($nav{$b}{'WEIGHT'}/$nav{$b}{'COUNT'}) } keys %nav)
+    {
+        if ( $NO_FRAMES )
+	{
+	    print $q->h2 ($h);
+	}
+	else
+	{
+	    print "\n", $q->Tr ($q->td({class => "section"},$q->span({class => "section"}, $h)));
+	}
+
+	#-------------------------------------------------- 
+	# generate list of descriptions sorted by weight
+	#-------------------------------------------------- 
+        print "<ul>\n" if ( $NO_FRAMES );
+
+	foreach (sort { $a->{'WEIGHT'} <=> $b->{'WEIGHT'} }  @{$nav {$h}{'DESCRIPTIONS'}})
+	{
+	    my $href = "/user-manager" .  $_->{'FILENAME'};
+	    if ( $NO_FRAMES )
+	    {
+		print $q->li ($q->a ({href => "$href?noframes=1"}, $_->{'DESCRIPTION'}));
+	    }
+	    else
+  	    {
+		print "\n",$q->Tr(
+			     $q->td ({-class => "menu-cell"},
+				     $q->a ({-id => "sme$c",
+                                            -class => "item",
+                                            -onClick => "swapClasses('sme$c')",
+                                            href => $href, 
+                                            target => 'main'}, 
+                                        $_->{'DESCRIPTION'})
+				     ));
+                        }
+                        $c++;
+                        
+	}
+        print "</ul>\n" if ($NO_FRAMES);
+    }
+
+    unless ( $NO_FRAMES )
+    {
+	print "\n</TABLE>\n";
+        esmith::cgi::genNavigationFooter ($q);
+    }
+}

root/etc/e-smith/web/functions/userpanel-noframes

@@ -0,0 +1,268 @@
+#!/usr/bin/perl -wT
+
+#----------------------------------------------------------------------
+# user manager functions: noframes
+#
+# Copyright (c) 2001 Daniel van Raay <danielvr@caa.org.au>
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307  USA
+#----------------------------------------------------------------------
+
+package esmith;
+
+use strict;
+use CGI ':all';
+use CGI::Carp qw(fatalsToBrowser);
+
+use esmith::cgi;
+use esmith::config;
+use esmith::util;
+use esmith::db;
+use esmith::AccountsDB;
+
+sub showNavigation ($);
+sub byweight;
+
+BEGIN
+{
+    # Clear PATH and related environment variables so that calls to
+    # external programs do not cause results to be tainted. See
+    # "perlsec" manual page for details.
+
+    $ENV {'PATH'} = '';
+    $ENV {'SHELL'} = '/bin/bash';
+    delete $ENV {'ENV'};
+}
+
+esmith::util::setRealToEffective ();
+
+$CGI::POST_MAX=1024 * 100;  # max 100K posts
+$CGI::DISABLE_UPLOADS = 1;  # no uploads
+
+my %conf;
+tie %conf, 'esmith::config';
+
+my %accounts;
+tie %accounts, 'esmith::config', '/home/e-smith/db/accounts';
+
+my $a = esmith::AccountsDB->open_ro || die "Error opening AccountsDB\n";
+
+my $q = new CGI;
+
+showNavigation ($q);
+exit (0);
+
+
+#------------------------------------------------------------
+# subroutine to display navigation bar
+#------------------------------------------------------------
+
+sub showNavigation ($)
+{
+    my $q = shift;
+
+    esmith::cgi::genNoframesHeader ($q);
+
+    my $acctName = $ENV{'REMOTE_USER'};
+    my $user = $a->get($acctName) || die "User $acctName not found in AccountsDB\n";
+    my $availablePanels = $user->prop('AdminPanels') || '';
+    foreach ($a->user_group_list($acctName)){
+        my $group = $a->get($_) || die "Group $_ not found in AccountsDB\n";
+        $availablePanels .= ','.$group->prop('AdminPanels') || '';
+    }
+    my $glob = $a->get('globalUP');
+    my $globalPanels = $glob->prop('AdminPanels') || '';
+
+    my @adminpanels;
+    if ( defined ($availablePanels) && defined ($globalPanels) )
+    {
+        @adminpanels = ((split (/,/, $availablePanels, -1)),(split (/,/, $globalPanels, -1)));
+    }
+    elsif ( defined ($globalPanels) )
+    {
+        @adminpanels = split (/,/, $globalPanels, -1);
+    }
+    elsif ( defined ($availablePanels) )
+    {
+        @adminpanels = split (/,/, $availablePanels, -1);
+    }
+
+    # Use this variable throughout to keep track of files
+    # list of just the files
+    my @files = ();
+    my %files_hash = ();
+
+    #-----------------------------------------------------
+    # Determine the directory where the functions are kept
+    # match available panels with delegated panels to this user
+    #-----------------------------------------------------
+
+    my $cgidir = '/etc/e-smith/web/panels/user/cgi-bin/';
+
+    if (opendir (DIR, $cgidir))
+    {
+        @files = grep (!/^(\..*|userpanel-navigation|userpanel-noframes|userpanel-initial|pleasewait)$/,
+        readdir (DIR));
+        closedir (DIR);
+    }
+    else
+    {
+        warn "Can't open directory $cgidir\n";
+    }
+
+    foreach my $file (@files)
+    {
+        foreach my $adminpanel (@adminpanels)
+        {
+            if ( $file eq $adminpanel )
+            {
+                $files_hash{$file} = $cgidir;
+            }
+        }
+    }
+
+    #--------------------------------------------------
+    # For each script, extract the description and category
+    # information. Build up an associative array mapping headings
+    # to heading structures. Each heading structure contains the
+    # total weight for the heading, the number of times the heading
+    # has been encountered, and another associative array mapping
+    # descriptions to description structures. Each description
+    # structure contains the filename of the particular cgi script
+    # and a weight.
+    #--------------------------------------------------
+
+    my %nav = ();
+
+    foreach my $file (keys %files_hash)
+    {
+        #--------------------------------------------------
+        # extract heading, description and weight information
+        # from CGI script
+        #--------------------------------------------------
+        my $heading = "Unknown";
+        my $headingWeight = 0;
+
+        my $description = "Unknown";
+        my $descriptionWeight = 0;
+
+          unless (open (RD, "$files_hash{$file}/$file"))
+          {
+              warn "Can't open file $files_hash{$file}/$file: $!\n";
+              next;
+          }
+
+        while (<RD>)
+        {
+        if (/^\s*#\s*heading\s*:\s*(.+?)\s*$/)
+        {
+                $heading = $1;
+        }
+
+        if (/^\s*#\s*description\s*:\s*(.+?)\s*$/)
+        {
+            $description = $1;
+        }
+
+        if (/^\s*#\s*navigation\s*:\s*(\d+?)\s+(\d+?)\s*$/)
+        {
+            $headingWeight = $1;
+            $descriptionWeight = $2;
+        }
+            last if ($heading ne "Unknown" && $headingWeight && $description ne "Unknown" && $descriptionWeight);
+        }
+        close RD;
+
+        #--------------------------------------------------
+        # add heading, description and weight information to data structure
+        #--------------------------------------------------
+
+        unless (exists $nav {$heading})
+        {
+            $nav {$heading} = { COUNT => 0, WEIGHT => 0, DESCRIPTIONS => [] };
+        }
+
+        $nav {$heading} {'COUNT'} ++;
+        $nav {$heading} {'WEIGHT'} += $headingWeight;
+
+        # Check for manager panel, and assign the appropriate
+        # cgi-bin prefix for the links.
+        # Grab the last 2 directories by splitting for '/'s and
+        # then concatenating the last 2
+        # probably a better way, but I don't know it.
+        my @filename = split /\//, $files_hash{$file};
+        my $path = "/user-manager/$filename[scalar @filename - 1]";
+
+        push @{ $nav {$heading} {'DESCRIPTIONS'} },
+                 { DESCRIPTION => $description,
+                   WEIGHT => $descriptionWeight,
+                   FILENAME => "$path/$file",
+                   CGIPATH => $path
+                 };
+    }
+
+    #--------------------------------------------------
+    # generate list of headings sorted by average weight
+    #--------------------------------------------------
+
+    my @unsortedheadings = keys %nav;
+
+    my $h;
+    local @esmith::weights = ();
+    foreach $h (@unsortedheadings)
+    {
+        push (@esmith::weights, ($nav {$h} {'WEIGHT'} / $nav {$h} {'COUNT'}));
+    }
+
+    my @sortedheadings = @unsortedheadings [sort byweight $[..$#unsortedheadings];
+
+    foreach $h (@sortedheadings)
+    {
+         print $q->h2 ($h);
+
+         #--------------------------------------------------
+         # generate list of descriptions sorted by weight
+         #--------------------------------------------------
+
+         my @unsorteddescriptions = @{ $nav {$h} {'DESCRIPTIONS'} };
+
+         my $d;
+         @esmith::weights = ();
+         foreach $d (@unsorteddescriptions)
+         {
+             push (@esmith::weights, $d->{'WEIGHT'});
+         }
+
+         my @indices = sort byweight $[..$#unsorteddescriptions;
+
+         print "<ul>\n";
+
+         my $i;
+         foreach $i (@indices)
+         {
+             my $href = $unsorteddescriptions [$i]->{'FILENAME'};
+             print $q->li ($q->a ({href => $href}, $unsorteddescriptions [$i]->{'DESCRIPTION'}));
+
+         }
+         print "</ul>\n";
+    }
+
+    esmith::cgi::genNavigationFooter ($q);
+}
+
+sub byweight
+{
+    $esmith::weights [$a] <=> $esmith::weights [$b];
+}

root/etc/e-smith/web/functions/userpanelaccess

@@ -0,0 +1,411 @@
+#!/usr/bin/perl -wT
+
+#----------------------------------------------------------------------
+# heading     : Security
+# description : User Panel Access
+# navigation  : 1000 1300
+#
+# Copyright (c) 2001 Daniel van Raay <danielvr@caa.org.au>
+# Modified (c) 2002 Stephen Noble <stephen@dungog.net>
+# Modified (c) 2002 Shad L. Lords <slords@mail.com>
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307  USA
+#----------------------------------------------------------------------
+
+package esmith;
+
+use strict;
+use CGI ':all';
+use CGI::Carp qw(fatalsToBrowser);
+
+use esmith::cgi;
+use esmith::config;
+use esmith::util;
+use esmith::db;
+use esmith::event;
+
+sub showInitial ($$);
+sub genPanels ($$);
+sub modifyAccess ($);
+sub performModifyAccess ($);
+
+BEGIN
+{
+    # Clear PATH and related environment variables so that calls to
+    # external programs do not cause results to be tainted. See
+    # "perlsec" manual page for details.
+
+    $ENV {'PATH'} = '';
+    $ENV {'SHELL'} = '/bin/bash';
+    delete $ENV {'ENV'};
+}
+
+esmith::util::setRealToEffective ();
+
+$CGI::POST_MAX=1024 * 100;  # max 100K posts
+$CGI::DISABLE_UPLOADS = 1;  # no uploads
+
+my %conf;
+tie %conf, 'esmith::config';
+
+my %accounts;
+tie %accounts, 'esmith::config', '/home/e-smith/db/accounts';
+
+#------------------------------------------------------------
+# examine state parameter and display the appropriate form
+#------------------------------------------------------------
+
+my $q = new CGI;
+
+if (! grep (/^state$/, $q->param))
+{
+    showInitial ($q, '');
+}
+
+elsif ($q->param ('state') eq "modifyAccess")
+{
+    modifyAccess ($q);
+}
+
+elsif ($q->param ('state') eq "performModifyAccess")
+{
+    performModifyAccess ($q);
+}
+
+else
+{
+    esmith::cgi::genStateError ($q, \%conf);
+}
+
+exit (0);
+
+#------------------------------------------------------------
+# subroutine to display initial form
+#------------------------------------------------------------
+
+sub showInitial ($$)
+{
+    my ($q, $msg) = @_;
+
+    if ($msg eq '')
+    {
+    esmith::cgi::genHeaderNonCacheable
+        ($q, \%conf, 'Change access to server-manager panels for user accounts');
+    }
+    else
+    {
+    esmith::cgi::genHeaderNonCacheable
+        ($q, \%conf, 'Operation status report');
+
+    print $q->p ($msg);
+    print $q->hr;
+    }
+
+    my @userAccounts = ('admin');
+
+    foreach (sort keys %accounts)
+    {
+      push (@userAccounts, $_) if (db_get_type(\%accounts, $_) eq "user");
+    }
+
+    foreach (sort keys %accounts)
+    {
+      push (@userAccounts, $_) if (db_get_type(\%accounts, $_) eq "group");
+    }
+
+    unless (scalar @userAccounts)
+    {
+      print $q->p ($q->b ('There are no user accounts in the system.'));
+    }
+    else
+    {
+      my $description = <<END_TEXT;
+You can modify individual users access to the server-manager
+panels below by clicking on the link next the account. You can assign
+panels to the members of a group with their link. Users or Groups
+in red have some form of extra access. You can globally assign
+a panel by editing the global account
+END_TEXT
+
+      print $q->p ($description);
+
+      print $q->p ($q->b ('Current List of User Accounts'));
+
+      print "<table border=1 cellspacing=1 cellpadding=4>";
+
+      print $q->Tr (esmith::cgi::genSmallCell ($q, $q->b ('Account')),
+                esmith::cgi::genSmallCell ($q, $q->b ('Name/Description')),
+                $q->td ('&nbsp;'));
+
+      my $user;
+
+      foreach $user (@userAccounts)
+      {
+          my $name = '';
+          if (db_get_type(\%accounts, $user) eq "group")
+          {
+              $name =db_get_prop(\%accounts, $user, "Description");
+          }
+          else
+          {
+              $name =db_get_prop(\%accounts, $user, "FirstName")." ". db_get_prop(\%accounts, $user, "LastName");
+          }
+
+          my $AdminPanels = db_get_prop(\%accounts, $user, "AdminPanels");
+          $AdminPanels = '' if ! defined ($AdminPanels);
+
+          if ( ! $AdminPanels )
+          {
+          print $q->Tr (esmith::cgi::genSmallCell ($q, $user),
+                    esmith::cgi::genSmallCell ($q, $name),
+                    esmith::cgi::genSmallCell ($q,
+                  $q->a ({href => $q->url (-absolute => 1)
+                           . "?state=modifyAccess&acct="
+                           . $user}, 'Change Access...')));
+
+          }
+          else
+          {
+          print $q->Tr (esmith::cgi::genSmallRedCell ($q, $user),
+                    esmith::cgi::genSmallRedCell ($q, $name),
+                    esmith::cgi::genSmallCell ($q,
+                  $q->a ({href => $q->url (-absolute => 1)
+                           . "?state=modifyAccess&acct="
+                           . $user}, 'Change Access...')));
+
+          }
+
+      }
+
+      #global setting
+      if ( ! db_get( \%accounts, 'globalUP') )
+      {
+          db_set(\%accounts, 'globalUP', 'userpanelglobal', { FirstName => 'global user', LastName => 'panel access' });
+      }
+
+      my $AdminPanels = db_get_prop(\%accounts, 'globalUP', "AdminPanels");
+      $AdminPanels = '' if ! defined ($AdminPanels);
+
+      if ( ! $AdminPanels )
+      {
+        print $q->Tr (esmith::cgi::genSmallCell ($q, 'Global'),
+                esmith::cgi::genSmallCell ($q, 'every user'),
+                esmith::cgi::genSmallCell ($q,
+              $q->a ({href => $q->url (-absolute => 1)
+                       . "?state=modifyAccess&acct="
+                       . 'globalUP'}, 'Change Access...')));
+
+      }
+      else
+      {
+        print $q->Tr (esmith::cgi::genSmallRedCell ($q, 'Global'),
+                esmith::cgi::genSmallRedCell ($q, 'every user'),
+                esmith::cgi::genSmallCell ($q,
+              $q->a ({href => $q->url (-absolute => 1)
+                       . "?state=modifyAccess&acct="
+                       . 'globalUP'}, 'Change Access...')));
+
+      }
+
+      print '</table>';
+    }
+
+    esmith::cgi::genFooter ($q);
+}
+
+sub genPanels ($$)
+{
+    my ($q, $user) = @_;
+
+    my %panelshash =  ();
+    my @selected =    ();
+    my @globalselected =    ();
+
+    my @panels;
+    opendir (DIR, "/etc/e-smith/web/functions")
+        || die "Can't open /etc/e-smith/web/functions directory.\n";
+    push (@panels, sort (grep (!/^(\.|userpanel-initial|userpanel-navigation|userpanel-noframes|pleasewait|index\.cgi|initial\.cgi|navigation|noframes)/, readdir(DIR))));
+    closedir (DIR);
+
+    my $panel;
+    foreach $panel (@panels)
+    {
+        $panelshash{$panel} = "Unknown";
+
+        unless (open (RD, "/etc/e-smith/web/functions/$panel"))
+        {
+            warn "Can't open file /etc/e-smith/web/functions/$panel: $!\n";
+            next;
+        }
+
+        while (<RD>)
+        {
+            if (/^\s*#\s*description\s*:\s*(.+?)\s*$/)
+            {
+                $panelshash{$panel} = $1;
+            }
+
+            last if ( $panelshash{$panel} ne "Unknown" );
+        }
+        close RD;
+    }
+
+    my $userAdminPanels = db_get_prop(\%accounts, $user, 'AdminPanels');
+    $userAdminPanels = '' if ! defined ($userAdminPanels);
+    @selected = split (/,/, $userAdminPanels);
+
+    my $globalAdminPanels = db_get_prop(\%accounts, 'globalUP', 'AdminPanels');
+    $globalAdminPanels = '' if ! defined ($globalAdminPanels);
+    @globalselected = split (/,/, $globalAdminPanels);
+
+    @panels = sort @panels;
+    my $count = scalar @panels;
+
+    my $out = '';
+
+    if ($count > 0)
+    {
+    $out .= '<table border=1 cellspacing=1 cellpadding=4>';
+
+    $out .= $q->Tr ($q->td ('&nbsp;'),
+                esmith::cgi::genSmallCell ($q, $q->b ('Panel')),
+                esmith::cgi::genSmallCell ($q, $q->b ('Description')));
+
+    my $panel;
+    foreach $panel (@panels)
+    {
+        my $checked = "";
+        if (grep (/^$panel$/, @selected) || grep (/^$panel$/, @globalselected))
+        {
+          $checked = "checked";
+        }
+
+        if (grep (/^$panel$/, @globalselected) && ($user ne 'globalUP'))
+        {
+            $out .=
+            $q->Tr (
+                $q->td (
+                    "<input type=\"checkbox\""
+                    . " name=\"panelAccess\""
+                    . " $checked value=\"$panel\">"
+                    ),
+                    esmith::cgi::genSmallRedCell ($q, $panel),
+                    esmith::cgi::genSmallRedCell (
+                    $q, $panelshash{$panel} . ' (Global)'));
+        } else {
+            $out .=
+            $q->Tr (
+                $q->td (
+                    "<input type=\"checkbox\""
+                    . " name=\"panelAccess\""
+                    . " $checked value=\"$panel\">"
+                    ),
+                    esmith::cgi::genSmallCell ($q, $panel),
+                    esmith::cgi::genSmallCell (
+                    $q, $panelshash{$panel}));
+        }
+    }
+
+    $out .= '</table>';
+    }
+
+    return $out;
+}
+
+
+sub modifyAccess ($)
+{
+    my ($q) = @_;
+
+    esmith::cgi::genHeaderNonCacheable ($q, \%conf, 'Modify user-manager access');
+
+    print
+    $q->startform (-method => 'POST', -action => $q->url (-absolute => 1));
+
+    my $acct = $q->param ('acct');
+
+    my $username = '';
+    if (db_get_type(\%accounts, $acct) eq "group")
+    {
+        $username =db_get_prop(\%accounts, $acct, "Description");
+    }
+    else
+    {
+        $username =db_get_prop(\%accounts, $acct, "FirstName")." ". db_get_prop(\%accounts, $acct, "LastName");
+    }
+
+    if (db_get(\%accounts, $acct))
+    {
+
+       print $q->table ({border => 0, cellspacing => 0, cellpadding => 4},
+
+            $q->Tr (esmith::cgi::genCell ($q, "Account name:"),
+                esmith::cgi::genCell ($q, $acct)),
+
+            $q->Tr (esmith::cgi::genCell ($q, "Name/Description:"),
+                esmith::cgi::genCell ($q, "$username")),
+
+            $q->Tr (esmith::cgi::genCell ($q, "Accessible Panels:"),
+                esmith::cgi::genCell ($q, genPanels ($q, $acct))),
+
+            esmith::cgi::genButtonRow ($q,
+                                   $q->submit (-name => 'action',
+                                               -value => 'Modify')));
+
+       print $q->hidden (-name => 'acct',
+              -override => 1,
+              -default => $acct);
+
+       print $q->hidden (-name => 'state',
+              -override => 1,
+              -default => 'performModifyAccess');
+
+    }
+
+    print $q->endform;
+    esmith::cgi::genFooter ($q);
+    return;
+}
+
+
+sub performModifyAccess ($)
+{
+    my ($q) = @_;
+    my $acct = $q->param ('acct');
+
+    my @adminPanels = $q->param ('panelAccess');
+    my @userPanels = ();
+
+    my $globalAdminPanels = db_get_prop(\%accounts, 'globalUP', 'AdminPanels');
+    $globalAdminPanels = '' if ! defined ($globalAdminPanels);
+    my @globalselected = split (/,/, $globalAdminPanels);
+
+    foreach my $panel (@adminPanels)
+    {
+        if ( ! grep (/^$panel$/, @globalselected) || ($acct eq 'globalUP'))
+        {
+            push(@userPanels, $panel);
+        }
+    }
+
+    my $adminPanels = join (',', @userPanels);
+
+    db_set_prop(\%accounts, $acct, 'AdminPanels', $adminPanels);
+
+    system ("/sbin/e-smith/signal-event", "conf-userpanel") == 0
+       or die ("Error occurred while updating userpanel configuration.\n");
+
+    showInitial ($q, "Successfully modified user account $acct.");
+}

root/etc/e-smith/web/panels/user/access.incl

@@ -0,0 +1,3 @@
+{
+}
+

root/etc/e-smith/web/panels/user/html/index.html

@@ -0,0 +1,36 @@
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
+
+<HTML>
+
+<HEAD>
+<TITLE>SME Server / user </TITLE>
+</HEAD>
+
+<FRAMESET FRAMESPACING="0" COLS="170,*" FRAMEBORDER="0" BORDER="0">
+
+<FRAME NAME="navigation" RESIZE="auto" MARGINHEIGHT="0" SRC="/user-manager/cgi-bin/userpanel-navigation"
+    FRAMEBORDER="no" SCROLLING="auto" MARGINWIDTH="0" BORDER="0">
+
+<FRAME NAME="main" RESIZE="auto" MARGINHEIGHT="0" SRC="/user-manager/cgi-bin/userpanel-initial"
+    FRAMEBORDER="no" SCROLLING="auto" MARGINWIDTH="0" BORDER="0">
+
+</FRAMESET>
+
+<NOFRAMES>
+<BODY>
+
+<H1>Welcome to the user manager panel</H1>
+
+<P><A HREF="/user-manager/cgi-bin/userpanel-noframes">Click here</A> for a
+list of available functions.
+
+<P>As part of our commitment to open-source software, you are welcome
+to copy and redistribute this software.
+
+<P>
+<HR>
+
+</BODY>
+</NOFRAMES>
+
+</HTML>

root/var/lib/lemonldap-ng/handler/MyAdminHandler.pm

@@ -0,0 +1,10 @@
+package My::Package;
+use Lemonldap::NG::Handler::SharedConf;
+@ISA = qw(Lemonldap::NG::Handler::SharedConf);
+
+__PACKAGE__->init(
+    {   
+        configStorage => { confFile => '/etc/lemonldap-ng/lemonldap-ng-admin.ini' },
+    }
+);
+1;

root/var/lib/lemonldap-ng/handler/MyPkiHandler.pm

@@ -0,0 +1,10 @@
+package My::Package;
+use Lemonldap::NG::Handler::SharedConf;
+@ISA = qw(Lemonldap::NG::Handler::SharedConf);
+
+__PACKAGE__->init(
+    {   
+        configStorage => { confFile => '/etc/lemonldap-ng/lemonldap-ng-pki.ini' },
+    }
+);
+1;