From e7a6d9b2fcf276225e1ad2f081e5f6e9e99fe221 Mon Sep 17 00:00:00 2001
From: Daniel Berteaud <daniel@firewall-services.com>
Date: Tue, 12 Nov 2013 16:51:40 +0100
Subject: [PATCH] Initial import

---
 COPYING                                            | 340 +++++++++++++++++
 createlinks                                        |  21 ++
 ipasserelle-userpanel.spec                         |  87 +++++
 .../db/configuration/migrate/LemonLDAPSOAPAccess   |  26 ++
 .../e-smith/events/actions/conf-userpanelsymlinks  |  92 +++++
 .../events/actions/ipasserelle-init-config-domain  |  51 +++
 .../etc/lemonldap-ng/lemonldap-ng-admin.ini        |   4 +
 .../etc/lemonldap-ng/lemonldap-ng-pki.ini          |   4 +
 .../admin-conf/httpd.conf/20LoadModule80mod_perl   |   8 +
 .../httpd/admin-conf/httpd.conf/25LemonLDAPHandler |  20 +
 .../admin-conf/httpd.conf/80Aliases05userpanel     |   9 +
 .../admin-conf/httpd.conf/90e-smithAccess30user    |  76 ++++
 .../conf/httpd.conf/UserManagerVirtualHost/00Setup |  10 +
 .../httpd.conf/UserManagerVirtualHost/02ServerName |   1 +
 .../UserManagerVirtualHost/25SSLDirectives         |  15 +
 .../UserManagerVirtualHost/26RewriteTraceAndTrack  |   8 +
 .../UserManagerVirtualHost/40ApacheIconAlias       |   3 +
 .../httpd.conf/UserManagerVirtualHost/50Content    |  18 +
 .../UserManagerVirtualHost/template-begin          |   3 +
 .../httpd.conf/UserManagerVirtualHost/template-end |   2 +
 .../httpd.conf/VirtualHosts/28UserManagerProxyPass |   9 +
 .../pki-conf/httpd.conf/20LoadModule80mod_perl     |   8 +
 .../httpd/pki-conf/httpd.conf/25LemonLDAPHandler   |  19 +
 .../etc/httpd/pki-conf/httpd.conf/95phpkisso       |  16 +
 .../etc/lemonldap-ng/lemonldap-ng-admin.ini/05All  |   9 +
 .../etc/lemonldap-ng/lemonldap-ng-pki.ini/05All    |   9 +
 .../var/lib/lemonldap-ng/conf/lmConf/030userportal |  25 ++
 root/etc/e-smith/web/common/ipasserelle_logo.jpg   | Bin 0 -> 14636 bytes
 root/etc/e-smith/web/functions/userpanel-initial   |  83 +++++
 .../etc/e-smith/web/functions/userpanel-navigation | 313 ++++++++++++++++
 root/etc/e-smith/web/functions/userpanel-noframes  | 268 ++++++++++++++
 root/etc/e-smith/web/functions/userpanelaccess     | 411 +++++++++++++++++++++
 root/etc/e-smith/web/panels/user/access.incl       |   3 +
 root/etc/e-smith/web/panels/user/html/index.html   |  36 ++
 .../var/lib/lemonldap-ng/handler/MyAdminHandler.pm |  10 +
 root/var/lib/lemonldap-ng/handler/MyPkiHandler.pm  |  10 +
 36 files changed, 2027 insertions(+)
 create mode 100644 COPYING
 create mode 100644 createlinks
 create mode 100644 ipasserelle-userpanel.spec
 create mode 100644 root/etc/e-smith/db/configuration/migrate/LemonLDAPSOAPAccess
 create mode 100644 root/etc/e-smith/events/actions/conf-userpanelsymlinks
 create mode 100644 root/etc/e-smith/events/actions/ipasserelle-init-config-domain
 create mode 100644 root/etc/e-smith/templates.metadata/etc/lemonldap-ng/lemonldap-ng-admin.ini
 create mode 100644 root/etc/e-smith/templates.metadata/etc/lemonldap-ng/lemonldap-ng-pki.ini
 create mode 100644 root/etc/e-smith/templates/etc/httpd/admin-conf/httpd.conf/20LoadModule80mod_perl
 create mode 100644 root/etc/e-smith/templates/etc/httpd/admin-conf/httpd.conf/25LemonLDAPHandler
 create mode 100644 root/etc/e-smith/templates/etc/httpd/admin-conf/httpd.conf/80Aliases05userpanel
 create mode 100644 root/etc/e-smith/templates/etc/httpd/admin-conf/httpd.conf/90e-smithAccess30user
 create mode 100644 root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/UserManagerVirtualHost/00Setup
 create mode 100644 root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/UserManagerVirtualHost/02ServerName
 create mode 100644 root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/UserManagerVirtualHost/25SSLDirectives
 create mode 100644 root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/UserManagerVirtualHost/26RewriteTraceAndTrack
 create mode 100644 root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/UserManagerVirtualHost/40ApacheIconAlias
 create mode 100644 root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/UserManagerVirtualHost/50Content
 create mode 100644 root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/UserManagerVirtualHost/template-begin
 create mode 100644 root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/UserManagerVirtualHost/template-end
 create mode 100644 root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/VirtualHosts/28UserManagerProxyPass
 create mode 100644 root/etc/e-smith/templates/etc/httpd/pki-conf/httpd.conf/20LoadModule80mod_perl
 create mode 100644 root/etc/e-smith/templates/etc/httpd/pki-conf/httpd.conf/25LemonLDAPHandler
 create mode 100644 root/etc/e-smith/templates/etc/httpd/pki-conf/httpd.conf/95phpkisso
 create mode 100644 root/etc/e-smith/templates/etc/lemonldap-ng/lemonldap-ng-admin.ini/05All
 create mode 100644 root/etc/e-smith/templates/etc/lemonldap-ng/lemonldap-ng-pki.ini/05All
 create mode 100644 root/etc/e-smith/templates/var/lib/lemonldap-ng/conf/lmConf/030userportal
 create mode 100755 root/etc/e-smith/web/common/ipasserelle_logo.jpg
 create mode 100644 root/etc/e-smith/web/functions/userpanel-initial
 create mode 100644 root/etc/e-smith/web/functions/userpanel-navigation
 create mode 100644 root/etc/e-smith/web/functions/userpanel-noframes
 create mode 100644 root/etc/e-smith/web/functions/userpanelaccess
 create mode 100644 root/etc/e-smith/web/panels/user/access.incl
 create mode 100644 root/etc/e-smith/web/panels/user/html/index.html
 create mode 100644 root/var/lib/lemonldap-ng/handler/MyAdminHandler.pm
 create mode 100644 root/var/lib/lemonldap-ng/handler/MyPkiHandler.pm

diff --git a/COPYING b/COPYING
new file mode 100644
index 0000000..196760e
--- /dev/null
+++ b/COPYING
@@ -0,0 +1,340 @@
+		    GNU GENERAL PUBLIC LICENSE
+		       Version 2, June 1991
+
+ Copyright (C) 1989, 1991 Free Software Foundation, Inc.
+     59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+			    Preamble
+
+  The licenses for most software are designed to take away your
+freedom to share and change it.  By contrast, the GNU General Public
+License is intended to guarantee your freedom to share and change free
+software--to make sure the software is free for all its users.  This
+General Public License applies to most of the Free Software
+Foundation's software and to any other program whose authors commit to
+using it.  (Some other Free Software Foundation software is covered by
+the GNU Library General Public License instead.)  You can apply it to
+your programs, too.
+
+  When we speak of free software, we are referring to freedom, not
+price.  Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+this service if you wish), that you receive source code or can get it
+if you want it, that you can change the software or use pieces of it
+in new free programs; and that you know you can do these things.
+
+  To protect your rights, we need to make restrictions that forbid
+anyone to deny you these rights or to ask you to surrender the rights.
+These restrictions translate to certain responsibilities for you if you
+distribute copies of the software, or if you modify it.
+
+  For example, if you distribute copies of such a program, whether
+gratis or for a fee, you must give the recipients all the rights that
+you have.  You must make sure that they, too, receive or can get the
+source code.  And you must show them these terms so they know their
+rights.
+
+  We protect your rights with two steps: (1) copyright the software, and
+(2) offer you this license which gives you legal permission to copy,
+distribute and/or modify the software.
+
+  Also, for each author's protection and ours, we want to make certain
+that everyone understands that there is no warranty for this free
+software.  If the software is modified by someone else and passed on, we
+want its recipients to know that what they have is not the original, so
+that any problems introduced by others will not reflect on the original
+authors' reputations.
+
+  Finally, any free program is threatened constantly by software
+patents.  We wish to avoid the danger that redistributors of a free
+program will individually obtain patent licenses, in effect making the
+program proprietary.  To prevent this, we have made it clear that any
+patent must be licensed for everyone's free use or not licensed at all.
+
+  The precise terms and conditions for copying, distribution and
+modification follow.
+
+		    GNU GENERAL PUBLIC LICENSE
+   TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
+
+  0. This License applies to any program or other work which contains
+a notice placed by the copyright holder saying it may be distributed
+under the terms of this General Public License.  The "Program", below,
+refers to any such program or work, and a "work based on the Program"
+means either the Program or any derivative work under copyright law:
+that is to say, a work containing the Program or a portion of it,
+either verbatim or with modifications and/or translated into another
+language.  (Hereinafter, translation is included without limitation in
+the term "modification".)  Each licensee is addressed as "you".
+
+Activities other than copying, distribution and modification are not
+covered by this License; they are outside its scope.  The act of
+running the Program is not restricted, and the output from the Program
+is covered only if its contents constitute a work based on the
+Program (independent of having been made by running the Program).
+Whether that is true depends on what the Program does.
+
+  1. You may copy and distribute verbatim copies of the Program's
+source code as you receive it, in any medium, provided that you
+conspicuously and appropriately publish on each copy an appropriate
+copyright notice and disclaimer of warranty; keep intact all the
+notices that refer to this License and to the absence of any warranty;
+and give any other recipients of the Program a copy of this License
+along with the Program.
+
+You may charge a fee for the physical act of transferring a copy, and
+you may at your option offer warranty protection in exchange for a fee.
+
+  2. You may modify your copy or copies of the Program or any portion
+of it, thus forming a work based on the Program, and copy and
+distribute such modifications or work under the terms of Section 1
+above, provided that you also meet all of these conditions:
+
+    a) You must cause the modified files to carry prominent notices
+    stating that you changed the files and the date of any change.
+
+    b) You must cause any work that you distribute or publish, that in
+    whole or in part contains or is derived from the Program or any
+    part thereof, to be licensed as a whole at no charge to all third
+    parties under the terms of this License.
+
+    c) If the modified program normally reads commands interactively
+    when run, you must cause it, when started running for such
+    interactive use in the most ordinary way, to print or display an
+    announcement including an appropriate copyright notice and a
+    notice that there is no warranty (or else, saying that you provide
+    a warranty) and that users may redistribute the program under
+    these conditions, and telling the user how to view a copy of this
+    License.  (Exception: if the Program itself is interactive but
+    does not normally print such an announcement, your work based on
+    the Program is not required to print an announcement.)
+
+These requirements apply to the modified work as a whole.  If
+identifiable sections of that work are not derived from the Program,
+and can be reasonably considered independent and separate works in
+themselves, then this License, and its terms, do not apply to those
+sections when you distribute them as separate works.  But when you
+distribute the same sections as part of a whole which is a work based
+on the Program, the distribution of the whole must be on the terms of
+this License, whose permissions for other licensees extend to the
+entire whole, and thus to each and every part regardless of who wrote it.
+
+Thus, it is not the intent of this section to claim rights or contest
+your rights to work written entirely by you; rather, the intent is to
+exercise the right to control the distribution of derivative or
+collective works based on the Program.
+
+In addition, mere aggregation of another work not based on the Program
+with the Program (or with a work based on the Program) on a volume of
+a storage or distribution medium does not bring the other work under
+the scope of this License.
+
+  3. You may copy and distribute the Program (or a work based on it,
+under Section 2) in object code or executable form under the terms of
+Sections 1 and 2 above provided that you also do one of the following:
+
+    a) Accompany it with the complete corresponding machine-readable
+    source code, which must be distributed under the terms of Sections
+    1 and 2 above on a medium customarily used for software interchange; or,
+
+    b) Accompany it with a written offer, valid for at least three
+    years, to give any third party, for a charge no more than your
+    cost of physically performing source distribution, a complete
+    machine-readable copy of the corresponding source code, to be
+    distributed under the terms of Sections 1 and 2 above on a medium
+    customarily used for software interchange; or,
+
+    c) Accompany it with the information you received as to the offer
+    to distribute corresponding source code.  (This alternative is
+    allowed only for noncommercial distribution and only if you
+    received the program in object code or executable form with such
+    an offer, in accord with Subsection b above.)
+
+The source code for a work means the preferred form of the work for
+making modifications to it.  For an executable work, complete source
+code means all the source code for all modules it contains, plus any
+associated interface definition files, plus the scripts used to
+control compilation and installation of the executable.  However, as a
+special exception, the source code distributed need not include
+anything that is normally distributed (in either source or binary
+form) with the major components (compiler, kernel, and so on) of the
+operating system on which the executable runs, unless that component
+itself accompanies the executable.
+
+If distribution of executable or object code is made by offering
+access to copy from a designated place, then offering equivalent
+access to copy the source code from the same place counts as
+distribution of the source code, even though third parties are not
+compelled to copy the source along with the object code.
+
+  4. You may not copy, modify, sublicense, or distribute the Program
+except as expressly provided under this License.  Any attempt
+otherwise to copy, modify, sublicense or distribute the Program is
+void, and will automatically terminate your rights under this License.
+However, parties who have received copies, or rights, from you under
+this License will not have their licenses terminated so long as such
+parties remain in full compliance.
+
+  5. You are not required to accept this License, since you have not
+signed it.  However, nothing else grants you permission to modify or
+distribute the Program or its derivative works.  These actions are
+prohibited by law if you do not accept this License.  Therefore, by
+modifying or distributing the Program (or any work based on the
+Program), you indicate your acceptance of this License to do so, and
+all its terms and conditions for copying, distributing or modifying
+the Program or works based on it.
+
+  6. Each time you redistribute the Program (or any work based on the
+Program), the recipient automatically receives a license from the
+original licensor to copy, distribute or modify the Program subject to
+these terms and conditions.  You may not impose any further
+restrictions on the recipients' exercise of the rights granted herein.
+You are not responsible for enforcing compliance by third parties to
+this License.
+
+  7. If, as a consequence of a court judgment or allegation of patent
+infringement or for any other reason (not limited to patent issues),
+conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License.  If you cannot
+distribute so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you
+may not distribute the Program at all.  For example, if a patent
+license would not permit royalty-free redistribution of the Program by
+all those who receive copies directly or indirectly through you, then
+the only way you could satisfy both it and this License would be to
+refrain entirely from distribution of the Program.
+
+If any portion of this section is held invalid or unenforceable under
+any particular circumstance, the balance of the section is intended to
+apply and the section as a whole is intended to apply in other
+circumstances.
+
+It is not the purpose of this section to induce you to infringe any
+patents or other property right claims or to contest validity of any
+such claims; this section has the sole purpose of protecting the
+integrity of the free software distribution system, which is
+implemented by public license practices.  Many people have made
+generous contributions to the wide range of software distributed
+through that system in reliance on consistent application of that
+system; it is up to the author/donor to decide if he or she is willing
+to distribute software through any other system and a licensee cannot
+impose that choice.
+
+This section is intended to make thoroughly clear what is believed to
+be a consequence of the rest of this License.
+
+  8. If the distribution and/or use of the Program is restricted in
+certain countries either by patents or by copyrighted interfaces, the
+original copyright holder who places the Program under this License
+may add an explicit geographical distribution limitation excluding
+those countries, so that distribution is permitted only in or among
+countries not thus excluded.  In such case, this License incorporates
+the limitation as if written in the body of this License.
+
+  9. The Free Software Foundation may publish revised and/or new versions
+of the General Public License from time to time.  Such new versions will
+be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+Each version is given a distinguishing version number.  If the Program
+specifies a version number of this License which applies to it and "any
+later version", you have the option of following the terms and conditions
+either of that version or of any later version published by the Free
+Software Foundation.  If the Program does not specify a version number of
+this License, you may choose any version ever published by the Free Software
+Foundation.
+
+  10. If you wish to incorporate parts of the Program into other free
+programs whose distribution conditions are different, write to the author
+to ask for permission.  For software which is copyrighted by the Free
+Software Foundation, write to the Free Software Foundation; we sometimes
+make exceptions for this.  Our decision will be guided by the two goals
+of preserving the free status of all derivatives of our free software and
+of promoting the sharing and reuse of software generally.
+
+			    NO WARRANTY
+
+  11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
+FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW.  EXCEPT WHEN
+OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
+PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
+OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.  THE ENTIRE RISK AS
+TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU.  SHOULD THE
+PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
+REPAIR OR CORRECTION.
+
+  12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
+REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
+INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
+OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
+TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
+YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
+PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGES.
+
+		     END OF TERMS AND CONDITIONS
+
+	    How to Apply These Terms to Your New Programs
+
+  If you develop a new program, and you want it to be of the greatest
+possible use to the public, the best way to achieve this is to make it
+free software which everyone can redistribute and change under these terms.
+
+  To do so, attach the following notices to the program.  It is safest
+to attach them to the start of each source file to most effectively
+convey the exclusion of warranty; and each file should have at least
+the "copyright" line and a pointer to where the full notice is found.
+
+    <one line to give the program's name and a brief idea of what it does.>
+    Copyright (C) 19yy  <name of author>
+
+    This program is free software; you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation; either version 2 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program; if not, write to the Free Software
+    Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+
+
+Also add information on how to contact you by electronic and paper mail.
+
+If the program is interactive, make it output a short notice like this
+when it starts in an interactive mode:
+
+    Gnomovision version 69, Copyright (C) 19yy name of author
+    Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
+    This is free software, and you are welcome to redistribute it
+    under certain conditions; type `show c' for details.
+
+The hypothetical commands `show w' and `show c' should show the appropriate
+parts of the General Public License.  Of course, the commands you use may
+be called something other than `show w' and `show c'; they could even be
+mouse-clicks or menu items--whatever suits your program.
+
+You should also get your employer (if you work as a programmer) or your
+school, if any, to sign a "copyright disclaimer" for the program, if
+necessary.  Here is a sample; alter the names:
+
+  Yoyodyne, Inc., hereby disclaims all copyright interest in the program
+  `Gnomovision' (which makes passes at compilers) written by James Hacker.
+
+  <signature of Ty Coon>, 1 April 1989
+  Ty Coon, President of Vice
+
+This General Public License does not permit incorporating your program into
+proprietary programs.  If your program is a subroutine library, you may
+consider it more useful to permit linking proprietary applications with the
+library.  If this is what you want to do, use the GNU Library General
+Public License instead of this License.
diff --git a/createlinks b/createlinks
new file mode 100644
index 0000000..050940c
--- /dev/null
+++ b/createlinks
@@ -0,0 +1,21 @@
+#!/usr/bin/perl -w
+
+use esmith::Build::CreateLinks qw(:all);
+
+panel_link("userpanelaccess", "manager");
+
+event_link("conf-userpanelsymlinks", "conf-userpanel", "20");
+event_link("conf-userpanelsymlinks", "webapps-update", "20");
+
+foreach my $event (qw/ipasserelle-update bootstrap-ldap-save webapps-update/){
+    event_link("ipasserelle-init-config-domain", "$event", "25");
+    templates2events("/etc/lemonldap-ng/lemonldap-ng-admin.ini", "$event");
+    templates2events("/etc/lemonldap-ng/lemonldap-ng-pki.ini", "$event");
+}
+
+# Create language symlinks
+foreach my $lang qw(bg da de el en-us es et fr he hu id it ja nb
+                    nl pl pt pt-br ro ru sl sv th tr zh-cn zh-tw){
+    safe_symlink("/etc/e-smith/locale/$lang/etc/e-smith/web/functions",
+                 "root/etc/e-smith/locale/$lang/etc/e-smith/web/panels/user/cgi-bin");
+}
diff --git a/ipasserelle-userpanel.spec b/ipasserelle-userpanel.spec
new file mode 100644
index 0000000..5d05489
--- /dev/null
+++ b/ipasserelle-userpanel.spec
@@ -0,0 +1,87 @@
+Summary: iPasserelle User Panel module
+%define name ipasserelle-userpanel
+Name: %{name}
+%define version 0.2.0
+%define release 1
+Version: %{version}
+Release: %{release}%{?dist}
+License: GPL
+URL: http://www.ipasserelle.com
+Group: SMEserver/addon
+Source: %{name}-%{version}.tar.gz
+
+BuildArch: noarch
+BuildRoot: /var/tmp/%{name}-%{version}
+
+Requires: e-smith-base >= 5.2.0-62
+Requires: ipasserelle-base
+Requires: smeserver-lemonldap-ng => 0.1-15
+Requires: smeserver-webapps-common >= 0.1-10
+
+BuildRequires: e-smith-devtools
+
+Obsoletes: smeserver-userpanel
+Obsoletes: ipasserelle-user-portal
+Provides: smeserver-userpanel
+
+%description
+iPasserelle User Portal provides a user oriented
+portal where they can set their own settings
+Admins can also delegate panels to users
+This module is based on smeserver-userpanel
+
+%changelog
+* Tue Nov 12 2013 Daniel Berteaud <daniel@firewall-services.com> 0.2.0-1
+- Import in GIT
+
+* Mon Nov 14 2011 Daniel Berteaud <daniel@firewall-services.com> 0.1-6
+- create language symlinks
+
+* Tue Jul 19 2011 Daniel Berteaud <daniel@firewall-services.com> 0.1-5
+- Move SetEnvIf directives
+- Add SSO protected access to PHPki
+- Don't send $cn as header as it prevent access if username contains accent
+
+* Mon Jul 18 2011 Daniel Berteaud <daniel@firewall-services.com> 0.1-4
+- Rewrite userpanel-navigation (based on the current server-manager's one)
+
+* Mon Jul 11 2011 Daniel Berteaud <daniel@firewall-services.com> 0.1-3
+- Add httpd-admin handler to the list of handler which need a reload
+
+* Wed Jul 06 2011 Daniel Berteaud <daniel@firewall-services.com> 0.1-2
+- Expand LL::NG conf also in bootstrap-ldap-save and ipasserelle-update
+
+* Tue Jun 28 2011 Daniel Berteaud <daniel@firewall-services.com> 0.1-1
+- initial release (based on smeserver-userpanel-0.9-11)
+
+
+%prep
+%setup
+
+%build
+perl createlinks
+
+%{__mkdir_p} root/etc/e-smith/web/panels/user/cgi-bin
+
+%install
+rm -rf $RPM_BUILD_ROOT
+(cd root   ; find . -depth -print | cpio -dump $RPM_BUILD_ROOT)
+rm -f %{name}-%{version}-filelist
+/sbin/e-smith/genfilelist $RPM_BUILD_ROOT > %{name}-%{version}-filelist
+echo "%doc COPYING"  >> %{name}-%{version}-filelist
+
+%clean
+cd ..
+rm -rf %{name}-%{version}
+
+%pre
+
+%preun
+
+%post
+
+%postun
+
+%files -f %{name}-%{version}-filelist
+%defattr(-,root,root)
+
diff --git a/root/etc/e-smith/db/configuration/migrate/LemonLDAPSOAPAccess b/root/etc/e-smith/db/configuration/migrate/LemonLDAPSOAPAccess
new file mode 100644
index 0000000..b36caf4
--- /dev/null
+++ b/root/etc/e-smith/db/configuration/migrate/LemonLDAPSOAPAccess
@@ -0,0 +1,26 @@
+{
+
+my $llng = $DB->get("lemonldap") ||
+        $DB->new_record("lemonldap", { type => "service" });
+
+my @soapaccess = split(/[;,]/, ($llng->prop('SoapAllowFrom') || ''));
+my $internal = $DB->get('InternalInterface')->prop('IPAddress');
+push @soapaccess, $internal if (!grep {$internal eq $_} @soapaccess);
+$llng->set_prop('SoapAllowFrom', join(',',@soapaccess));
+
+# httpd-admin handler
+my @reload =  split(/[;,]/, ($llng->prop('Reload') || ''));
+my $reloadurl = 'localhost:980=http://localhost:980/lm-reload';
+push @reload, $reloadurl if (!grep {$reloadurl eq $_} @reload);
+
+# httpd-pki handler
+$reloadurl = 'localhost:940=http://localhost:940/lm-reload';
+my $phpki = $DB->get('httpd-pki');
+if($phpki){
+    my $status = $phpki->prop('status') || 'disabled';
+    push @reload, $reloadurl if ((!grep {$reloadurl eq $_} @reload) && ($status eq 'enabled'));
+}
+
+$llng->set_prop('Reload', join(',',@reload));
+
+}
diff --git a/root/etc/e-smith/events/actions/conf-userpanelsymlinks b/root/etc/e-smith/events/actions/conf-userpanelsymlinks
new file mode 100644
index 0000000..5f8e0bd
--- /dev/null
+++ b/root/etc/e-smith/events/actions/conf-userpanelsymlinks
@@ -0,0 +1,92 @@
+#!/usr/bin/perl -w
+
+#----------------------------------------------------------------------
+#
+# Copyright (c) 2001 Daniel van Raay
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.	See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307  USA
+#----------------------------------------------------------------------
+
+package esmith;
+
+use strict;
+use Errno;
+use esmith::config;
+use esmith::util;
+use esmith::db;
+
+my %conf;
+tie %conf, 'esmith::config';
+
+my %accounts;
+tie %accounts, 'esmith::config', '/home/e-smith/db/accounts';
+
+#---------------------------------------------------------------------------
+# clear and re-create all the user panel symlinks
+#---------------------------------------------------------------------------
+
+#clear
+opendir (DIR, "/etc/e-smith/web/panels/user/cgi-bin/") or
+    die "Can't open directory /etc/e-smith/web/panels/user/cgi-bin/\n";
+my @symlinks = grep (!/^\./, readdir (DIR));
+closedir (DIR);
+
+foreach my $link (@symlinks)
+{
+    -e "/etc/e-smith/web/panels/user/cgi-bin/$link" && unlink("/etc/e-smith/web/panels/user/cgi-bin/$link");
+}
+
+#always link userpanels
+my %newsymlinks;
+opendir (DIR, "/etc/e-smith/web/functions/") or
+    die "Can't open directory /etc/e-smith/web/functions/\n";
+foreach my $userpanels ( grep (/^(userpanel-initial|userpanel-navigation|userpanel-noframes|pleasewait)$/, readdir (DIR)) )
+{
+    $newsymlinks{$userpanels} = 'Yes';
+}
+closedir (DIR);
+
+#also add needed panels
+foreach my $user (sort keys %accounts)
+{
+    my $userAdminPanels = db_get_prop(\%accounts, $user, "AdminPanels");
+    $userAdminPanels = '' if ! defined ($userAdminPanels);
+
+    foreach my $panels (split (/,/, $userAdminPanels))
+    {
+        $newsymlinks{$panels} = 'Yes';
+    }
+}
+
+foreach my $link ( sort keys %newsymlinks )
+{
+    if ( -e "/etc/e-smith/web/functions/$link" &&
+         ! -e "/etc/e-smith/web/panels/user/cgi-bin/$link" )
+    {
+	#symlink("../../../functions/$link", "/etc/e-smith/web/panels/user/cgi-bin/$link") ||
+	link("/etc/e-smith/web/functions/$link", "/etc/e-smith/web/panels/user/cgi-bin/$link") ||
+	    warn "Couldn't link('functions/$link' to '/etc/e-smith/web/panels/user/cgi-bin/$link'): $!\n";
+    }
+}
+
+  system("/sbin/e-smith/expand-template /etc/httpd/admin-conf/httpd.conf") == 0
+      or warn ("Error expanding httpd.conf \n");
+
+  #system("/etc/rc.d/init.d/httpd-admin restart") == 0
+  #   or warn ("Error occurred restarting httpd-admin \n");
+  esmith::util::backgroundCommand (1, "/usr/local/bin/svc", "-h", "/service/httpd-admin");# == 0
+
+exit (0);
+
diff --git a/root/etc/e-smith/events/actions/ipasserelle-init-config-domain b/root/etc/e-smith/events/actions/ipasserelle-init-config-domain
new file mode 100644
index 0000000..45c9002
--- /dev/null
+++ b/root/etc/e-smith/events/actions/ipasserelle-init-config-domain
@@ -0,0 +1,51 @@
+#!/usr/bin/perl -w
+#----------------------------------------------------------------------
+# copyright (C) 2011 Firewall-Services
+# daniel@firewall-services.com
+# 
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307  USA
+# 
+# Technical support for this program is available from Mitel Networks 
+# Please visit our web site www.mitel.com/sme/ for details.
+#----------------------------------------------------------------------
+
+use strict;
+use warnings;
+use esmith::DomainsDB;
+use esmith::ConfigDB;
+
+my $d = esmith::DomainsDB->open or die "Couldn't open DomainsDB\n";
+my $c = esmith::ConfigDB->open_ro() or die "Couldn't open ConfigDB\n";
+
+my $domain = $c->get('DomainName')->value;
+my $vhost;
+
+$vhost = $d->get("config.$domain");
+
+exit (0) if ($vhost);
+
+$d->new_record("config.$domain",{
+        type         => 'domain',
+        Content      => 'Primary',
+        Description  => "Accès à la configuration de l'iPasserelle",
+        Nameservers  => 'internet',
+        TemplatePath => 'UserManagerVirtualHost',
+        Removable    => 'no',
+});
+
+unless ( system("/sbin/e-smith/signal-event", "domain-create", "config.$domain") == 0 ){
+    die "Failed to create domain ip.$domain\n";
+}
+
diff --git a/root/etc/e-smith/templates.metadata/etc/lemonldap-ng/lemonldap-ng-admin.ini b/root/etc/e-smith/templates.metadata/etc/lemonldap-ng/lemonldap-ng-admin.ini
new file mode 100644
index 0000000..78fb537
--- /dev/null
+++ b/root/etc/e-smith/templates.metadata/etc/lemonldap-ng/lemonldap-ng-admin.ini
@@ -0,0 +1,4 @@
+PERMS=0640
+UID="root"
+GID="admin"
+
diff --git a/root/etc/e-smith/templates.metadata/etc/lemonldap-ng/lemonldap-ng-pki.ini b/root/etc/e-smith/templates.metadata/etc/lemonldap-ng/lemonldap-ng-pki.ini
new file mode 100644
index 0000000..a44e774
--- /dev/null
+++ b/root/etc/e-smith/templates.metadata/etc/lemonldap-ng/lemonldap-ng-pki.ini
@@ -0,0 +1,4 @@
+PERMS=0640
+UID="root"
+GID="phpki"
+
diff --git a/root/etc/e-smith/templates/etc/httpd/admin-conf/httpd.conf/20LoadModule80mod_perl b/root/etc/e-smith/templates/etc/httpd/admin-conf/httpd.conf/20LoadModule80mod_perl
new file mode 100644
index 0000000..1484ba6
--- /dev/null
+++ b/root/etc/e-smith/templates/etc/httpd/admin-conf/httpd.conf/20LoadModule80mod_perl
@@ -0,0 +1,8 @@
+{
+    my $status = $modPerl{status};
+
+    return "# modPerl disabled" unless ($status and $status eq "enabled");
+
+    return "LoadModule perl_module      modules/mod_perl.so";
+}
+
diff --git a/root/etc/e-smith/templates/etc/httpd/admin-conf/httpd.conf/25LemonLDAPHandler b/root/etc/e-smith/templates/etc/httpd/admin-conf/httpd.conf/25LemonLDAPHandler
new file mode 100644
index 0000000..1d7909d
--- /dev/null
+++ b/root/etc/e-smith/templates/etc/httpd/admin-conf/httpd.conf/25LemonLDAPHandler
@@ -0,0 +1,20 @@
+# Load LemonLDAP::NG Handler
+PerlOptions +GlobalRequest
+PerlRequire /var/lib/lemonldap-ng/handler/MyAdminHandler.pm
+
+# Common error page and security parameters
+ErrorDocument 403 http://auth.{$DomainName}/?lmError=403
+ErrorDocument 500 http://auth.{$DomainName}/?lmError=500
+
+
+# Configuration reload mechanism (only 1 per physical server is
+# needed): choose your URL to avoid restarting Apache when
+# configuration change
+<Location /lm-reload>
+    Order deny,allow
+    Deny from all
+    Allow from localhost
+    PerlHeaderParserHandler My::Package->refresh
+    Satisfy any
+</Location>
+
diff --git a/root/etc/e-smith/templates/etc/httpd/admin-conf/httpd.conf/80Aliases05userpanel b/root/etc/e-smith/templates/etc/httpd/admin-conf/httpd.conf/80Aliases05userpanel
new file mode 100644
index 0000000..93648f8
--- /dev/null
+++ b/root/etc/e-smith/templates/etc/httpd/admin-conf/httpd.conf/80Aliases05userpanel
@@ -0,0 +1,9 @@
+
+# Aliases for the e-smith-user panel:
+
+    ScriptAlias /user-manager/cgi-bin /etc/e-smith/web/panels/user/cgi-bin
+    Alias /user-manager /etc/e-smith/web/panels/user/html
+
+    ScriptAlias /user/cgi-bin /etc/e-smith/web/panels/user/cgi-bin
+    Alias /user /etc/e-smith/web/panels/user/html
+
diff --git a/root/etc/e-smith/templates/etc/httpd/admin-conf/httpd.conf/90e-smithAccess30user b/root/etc/e-smith/templates/etc/httpd/admin-conf/httpd.conf/90e-smithAccess30user
new file mode 100644
index 0000000..83e9b6f
--- /dev/null
+++ b/root/etc/e-smith/templates/etc/httpd/admin-conf/httpd.conf/90e-smithAccess30user
@@ -0,0 +1,76 @@
+#------------------------------------------------------------
+# e-smith-user panel
+#------------------------------------------------------------
+{
+    use esmith::AccountsDB;
+    my $a = esmith::AccountsDB->open_ro;
+
+    my %panelshash;
+    opendir (DIR, "/etc/e-smith/web/panels/user/cgi-bin")
+        || die "Can't open /etc/e-smith/web/panels/user/cgi-bin directory.\n";
+
+    my @files = sort (grep (!/(^\.\.?$)|(^pleasewait$)|(^userpanel-[a-z][\-\_a-z0-9]*)/, readdir(DIR)));
+
+    closedir (DIR);
+
+# TODO: globalPanels
+#    my $globalpanels = db_get_prop(\%accounts, 'globalUP', 'AdminPanels');
+#    $globalpanels = '' if ( ! defined ($globalpanels) );
+#    my @globalpanels = split (/,/, $globalpanels, -1);
+
+    foreach $file (@files){
+        next if ($globalpanels && grep (/^$file$/, @globalpanels));
+        foreach my $user ($a->users){
+            my $key = $user->key;
+            push @{$panelshash{$file}}, $key
+                if ((grep {$file eq $_} split(/[;,]/, ($user->prop('AdminPanels') || '')))
+                    && (!grep {$key eq $_} @{$panelshash{$file}}));
+        }
+        foreach my $group ($a->groups){
+            foreach my $member (split(/[;,]/,($group->prop('Members') || ''))){
+                push @{$panelshash{$file}}, $member
+                    if ((grep {$file eq $_} split(/[;,]/, ($group->prop('AdminPanels') || '')))
+                        && (!grep {$member eq $_} @{$panelshash{$file}}));
+            }
+        }
+    }
+
+    $OUT .= <<HERE;
+
+<Directory \"/etc/e-smith/web/panels/user/html\" >
+    Options Includes Indexes FollowSymLinks
+    AllowOverride None
+    order deny,allow
+    deny from all
+    allow from $localAccess
+    PerlHeaderParserHandler My::Package
+    Satisfy all
+</Directory>
+
+<Directory \"/etc/e-smith/web/panels/user/cgi-bin\" >
+    Options Includes Indexes FollowSymLinks
+    AllowOverride None
+    order deny,allow
+    deny from all
+    allow from $localAccess
+    PerlHeaderParserHandler My::Package
+    Satisfy all
+
+HERE
+
+    foreach my $file (@files){
+        next unless ( defined ($panelshash{$file}) );
+        foreach my $u (@{$panelshash{$file}}){
+            $OUT .= "    SetEnvIf Auth-User \"$u\" allow_$file\n";
+        }
+        $OUT .= "\n";
+        $OUT .= "    <Files $file>\n";
+        $OUT .= "         order deny,allow\n";
+        $OUT .= "         deny from all\n";
+        $OUT .= "         allow from env=allow_$file\n";
+        $OUT .= "    </Files>\n";
+    }
+
+    $OUT .= "</Directory>\n";
+}
+
diff --git a/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/UserManagerVirtualHost/00Setup b/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/UserManagerVirtualHost/00Setup
new file mode 100644
index 0000000..e00a95b
--- /dev/null
+++ b/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/UserManagerVirtualHost/00Setup
@@ -0,0 +1,10 @@
+{
+    use esmith::DomainsDB;
+    # Convert the passed hash for the domain object back into an object.
+    $domain = bless \%domain, 'esmith::DB::db::Record';
+
+    # Make scalars from some of the properties of the domain
+    $virtualHost = $domain->key;
+    $OUT = "";
+}
+
diff --git a/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/UserManagerVirtualHost/02ServerName b/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/UserManagerVirtualHost/02ServerName
new file mode 100644
index 0000000..38f4ddf
--- /dev/null
+++ b/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/UserManagerVirtualHost/02ServerName
@@ -0,0 +1 @@
+    ServerName {$virtualHost}
diff --git a/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/UserManagerVirtualHost/25SSLDirectives b/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/UserManagerVirtualHost/25SSLDirectives
new file mode 100644
index 0000000..01d0a5f
--- /dev/null
+++ b/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/UserManagerVirtualHost/25SSLDirectives
@@ -0,0 +1,15 @@
+{
+    my $ssl = $domain->prop('RequireSSL') || 'disabled';
+
+    if (($modSSL{TCPPort} || "443") eq $port){
+        $OUT .= "    SSLEngine on\n";
+    }
+    else {
+        $OUT .=<<'EOF';
+    RewriteEngine on
+    RewriteRule ^/(.*|$) https://%{HTTP_HOST}/$1 [L,R]
+
+EOF
+    }
+}
+
diff --git a/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/UserManagerVirtualHost/26RewriteTraceAndTrack b/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/UserManagerVirtualHost/26RewriteTraceAndTrack
new file mode 100644
index 0000000..2d3653d
--- /dev/null
+++ b/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/UserManagerVirtualHost/26RewriteTraceAndTrack
@@ -0,0 +1,8 @@
+{
+    $OUT =<<'HERE';
+    RewriteEngine on
+    RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
+    RewriteRule .* - [F]
+HERE
+}
+
diff --git a/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/UserManagerVirtualHost/40ApacheIconAlias b/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/UserManagerVirtualHost/40ApacheIconAlias
new file mode 100644
index 0000000..d3c2f4b
--- /dev/null
+++ b/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/UserManagerVirtualHost/40ApacheIconAlias
@@ -0,0 +1,3 @@
+    # alias for Apache icons
+    Alias /icons/ /var/www/icons/
+
diff --git a/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/UserManagerVirtualHost/50Content b/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/UserManagerVirtualHost/50Content
new file mode 100644
index 0000000..84bf4c7
--- /dev/null
+++ b/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/UserManagerVirtualHost/50Content
@@ -0,0 +1,18 @@
+{
+
+$OUT .=<<"EOF";
+
+    ProxyPreserveHost on
+    RewriteEngine on
+    RewriteRule (^/(user/cgi-bin/.*)|(user-manager(.*)?)|(server-common/.*))\$ http://localhost:980/\$1 [P,L]
+    RewriteRule ^/phpki(sso)?(/.*)\$ http://localhost:940/phpkisso\$2 [P,L]
+
+    <Location />
+        Order deny,allow
+        Deny from all
+        Allow from $localAccess $externalSSLAccess
+    </Location>
+
+EOF
+
+}
diff --git a/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/UserManagerVirtualHost/template-begin b/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/UserManagerVirtualHost/template-begin
new file mode 100644
index 0000000..992a19e
--- /dev/null
+++ b/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/UserManagerVirtualHost/template-begin
@@ -0,0 +1,3 @@
+
+<VirtualHost {$ipAddress}:{$port}>
+
diff --git a/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/UserManagerVirtualHost/template-end b/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/UserManagerVirtualHost/template-end
new file mode 100644
index 0000000..50d3d92
--- /dev/null
+++ b/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/UserManagerVirtualHost/template-end
@@ -0,0 +1,2 @@
+</VirtualHost>
+
diff --git a/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/VirtualHosts/28UserManagerProxyPass b/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/VirtualHosts/28UserManagerProxyPass
new file mode 100644
index 0000000..381324e
--- /dev/null
+++ b/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/VirtualHosts/28UserManagerProxyPass
@@ -0,0 +1,9 @@
+{
+    # vim: ft=perl:
+
+    $OUT = '';
+    foreach $place ('user-manager','user')
+    {
+        $OUT .= "    RewriteRule ^/$place(/.*|\$)    https://config.$DomainName/$place\$1 [L,R]\n";
+    }
+}
diff --git a/root/etc/e-smith/templates/etc/httpd/pki-conf/httpd.conf/20LoadModule80mod_perl b/root/etc/e-smith/templates/etc/httpd/pki-conf/httpd.conf/20LoadModule80mod_perl
new file mode 100644
index 0000000..1484ba6
--- /dev/null
+++ b/root/etc/e-smith/templates/etc/httpd/pki-conf/httpd.conf/20LoadModule80mod_perl
@@ -0,0 +1,8 @@
+{
+    my $status = $modPerl{status};
+
+    return "# modPerl disabled" unless ($status and $status eq "enabled");
+
+    return "LoadModule perl_module      modules/mod_perl.so";
+}
+
diff --git a/root/etc/e-smith/templates/etc/httpd/pki-conf/httpd.conf/25LemonLDAPHandler b/root/etc/e-smith/templates/etc/httpd/pki-conf/httpd.conf/25LemonLDAPHandler
new file mode 100644
index 0000000..11b7187
--- /dev/null
+++ b/root/etc/e-smith/templates/etc/httpd/pki-conf/httpd.conf/25LemonLDAPHandler
@@ -0,0 +1,19 @@
+# Load LemonLDAP::NG Handler
+PerlOptions +GlobalRequest
+PerlRequire /var/lib/lemonldap-ng/handler/MyPkiHandler.pm
+
+# Common error page and security parameters
+ErrorDocument 403 http://auth.{$DomainName}/?lmError=403
+ErrorDocument 500 http://auth.{$DomainName}/?lmError=500
+
+
+# Configuration reload mechanism (only 1 per physical server is
+# needed): choose your URL to avoid restarting Apache when
+# configuration change
+<Location /lm-reload>
+    Order deny,allow
+    Deny from all
+    Allow from localhost
+    PerlHeaderParserHandler My::Package->refresh
+</Location>
+
diff --git a/root/etc/e-smith/templates/etc/httpd/pki-conf/httpd.conf/95phpkisso b/root/etc/e-smith/templates/etc/httpd/pki-conf/httpd.conf/95phpkisso
new file mode 100644
index 0000000..60f248c
--- /dev/null
+++ b/root/etc/e-smith/templates/etc/httpd/pki-conf/httpd.conf/95phpkisso
@@ -0,0 +1,16 @@
+
+Alias /phpkisso /opt/phpki/html/
+
+<Location /phpkisso/ca>
+    PerlHeaderParserHandler My::Package
+{
+my @users = split(/\s/, getUsersList("phpki"));
+foreach my $u (@users){
+   $OUT .= "    SetEnvIf Auth-User \"$u\" allow_phpki\n";
+}
+}
+    order deny,allow
+    deny from all
+    allow from env=allow_phpki
+</Location>
+
diff --git a/root/etc/e-smith/templates/etc/lemonldap-ng/lemonldap-ng-admin.ini/05All b/root/etc/e-smith/templates/etc/lemonldap-ng/lemonldap-ng-admin.ini/05All
new file mode 100644
index 0000000..277ef1c
--- /dev/null
+++ b/root/etc/e-smith/templates/etc/lemonldap-ng/lemonldap-ng-admin.ini/05All
@@ -0,0 +1,9 @@
+[all]
+
+[configuration]
+type = SOAP
+proxy = https://lemonsoap:{$lemonldap{'SoapPassword'};}@soapsso.{$DomainName}/index.pl/config
+proxyOptions = \{ timeout => 5 \}
+localStorage=Cache::FileCache
+localStorageOptions=\{ 'namespace' => 'LemonLDAPngAdmin', 'default_expires_in' => 600, 'directory_umask' => '007', 'cache_root' => '/tmp', 'cache_depth' => 5, \}
+
diff --git a/root/etc/e-smith/templates/etc/lemonldap-ng/lemonldap-ng-pki.ini/05All b/root/etc/e-smith/templates/etc/lemonldap-ng/lemonldap-ng-pki.ini/05All
new file mode 100644
index 0000000..d7ea5a1
--- /dev/null
+++ b/root/etc/e-smith/templates/etc/lemonldap-ng/lemonldap-ng-pki.ini/05All
@@ -0,0 +1,9 @@
+[all]
+
+[configuration]
+type = SOAP
+proxy = https://lemonsoap:{$lemonldap{'SoapPassword'};}@soapsso.{$DomainName}/index.pl/config
+proxyOptions = \{ timeout => 5 \}
+localStorage=Cache::FileCache
+localStorageOptions=\{ 'namespace' => 'LemonLDAPngPki', 'default_expires_in' => 600, 'directory_umask' => '007', 'cache_root' => '/tmp', 'cache_depth' => 5, \}
+
diff --git a/root/etc/e-smith/templates/var/lib/lemonldap-ng/conf/lmConf/030userportal b/root/etc/e-smith/templates/var/lib/lemonldap-ng/conf/lmConf/030userportal
new file mode 100644
index 0000000..d0e028c
--- /dev/null
+++ b/root/etc/e-smith/templates/var/lib/lemonldap-ng/conf/lmConf/030userportal
@@ -0,0 +1,25 @@
+{
+
+$conf->{'locationRules'}->{"config.$domain"} = {
+             '(?#001common)^/server-common' => 'unprotect',
+             '(?#010phpki)^/phpkisso/ca' => '$groups =~ /\\b(equipe|admins)\\b/ and ($localAccess or $externalSSLAccess)',
+             'default' => 'deny',
+             '(?#005usermanager)^/user(/cgi\\-bin/|\\-manager)' => '$groups =~ /\\b(equipe|admins)\\b/ and ($localAccess or $externalSSLAccess)'
+} unless $conf->{'locationRules'}->{"config.$domain"};
+
+$conf->{'exportedHeaders'}->{"config.$domain"} = {
+             'Auth-User' => '$uid',
+} unless $conf->{'exportedHeaders'}->{"config.$domain"};
+
+$conf->{'applicationList'}->{'020utils'}->{'usermanager'} = {
+             'options' => {
+                      'logo' => 'configure.png',
+                      'name' => 'Configuration',
+                      'description' => 'Configuration iPasserelle',
+                      'uri' => "https://config.$domain/user-manager",
+                      'display' => 'auto'
+             },
+             'type' => 'application'
+} unless $conf->{'applicationList'}->{'020utils'}->{'usermanager'};
+
+}
diff --git a/root/etc/e-smith/web/common/ipasserelle_logo.jpg b/root/etc/e-smith/web/common/ipasserelle_logo.jpg
new file mode 100755
index 0000000000000000000000000000000000000000..56258ef32493f9844af1989a5a5501fbd48ad146
GIT binary patch
literal 14636
zcmeIZcT`m0mM*%<IVm6@Pznf02?&BnEP^Bv$vNjxf&>WyQXqngNE8s1oCOMyoCL`N
zk|pPyC5NKI+x*VyKKI;r$LsF*x?kTv?q)0)d(>v_^{qA6H@`X8EZjJ59-w`sq^bnq
z;Q;_1_ygdk00n@Qn3#l^h?Incgp7=ooRXf3l7fPg`N~xqdNvjaI~xlt>kTdeo*Nu@
zI9XYF#ctoZD<mQ!0^t#tejqF*a8E?|vJ*TqGBQdEN+v2QCgGc`H--Ph7p@tgBgMOo
z-$j7O0pQc&5zyh`+5iYRP9nU&F5vGM9zFpf5itoV894>`KqW1Jk4Hd&Pe?#SL`Voe
z{Sy2fAfzL@a#Ki-_^Or_35PqqaBxfpDW`nd4+ibQJ+6D!9<RvA8Lu%hv)tn5;l0f#
zB6?r!fw+XiLq#QJ71c*Nx_bHshDOFVws!Uoj!w>=&%L~Td|&v5ybcX}^Y&eMY~08A
zgv3ut$(dQ%Ik|cH1z*3FS5#J2*VNXvw6?W(bawsh9vU9`Jvuf%F}bj~w7jyqw!X2s
ze{gtod~$krj=IE!2N3)X7Wn&b!2Ty(bRaH#LP7#Ul1p58_&#7Gpd%!@DMWllPK(6K
z{VIoWFe$x!Oh(xcGR}M2dkoedgXD}{A`7?nFQNT~?B56M)&DDG{|f9MxF!Kg0z7c>
z2<QM9aEjv13?l#k+;Sz09F4~LBC}IJ0w^f=Qk$P>Rlv-Xak>%cF6SO|(FFQsM(Zh8
zDgw2}4m-M|FWjabd7%98?x*lHO31Vqy#bY2+h@K0n7m#b@TcqAxqW`mKKDlX^2R{k
z#Q`G@An!0lOI#@HdPLZMZ~yLi<Ol7sSmZA4TnYQ7T=5if;*7*fjhQf|-a<VTM{kKG
zX`1~?P!9K>2<SJ?YzR7=YvYO)Y-S(GgPiT~pt)yn;(+uwSh*-1@U8$mk~M*atXiB<
z^PFd$HXTU63g5>8XX*_KI6#gD9Rk4tSD#p1KMV5uPIVj#Yl+%<B%QW^wZeqF!#ZOA
zprgz)8<M2_ktMSU*VfK5S+RQdu(x&J=A|1yN0~*?U_*7w`DkisxY`BgUTo4Eq;&4{
zJv)czD$VV78=zPkY1-Zscc$2Qr0vqqEf^PhvthEx>>hMsqS_HjQ(C4Y?BWAC3rMcF
zC@E!>eI@_#FTO2&D*1_@ScnM0IXm2OEKe{@?T@%aXo<#Bhy|xoxU3uy5~F7PiHKfH
z_P@0;P__5oA4qb&rIN*FG!8%$M*?2vOkPPSytNz>742dHF10M2FTP;d{GzOpRn&QR
zWN~6l_u93)#vQgb$q%Bv94tw;%q{YL{}|MFHxEvB4xhpk(EUg4R)iy>@K^HFvuaym
z(Kx_(A=Tmf<QLa|;{-)5r1OxL1p-Yl{3pOY(+FK4IbE|uzIOZoQtUaFc7@0F&NipU
zN$$(J^v=VgdKmtek7<L}lweW+)OxLGlhfWT5io1fwKhagf%-CPK78F^K_A=jt1(jV
z%~?(_76<ewe5&6MtM`e1mV67=N=g>h=4p5^ZEB`MIjnZ?h-kbFmg4uTBt!&i3MqS0
zymgNeBM}&1_RJ3MSW{gUMz_Igg@}ht9DhYzL41asbg)Ezyd9{r|NiAw-MSxdH0s<j
z3v>jB8^)TxoaUd4liQ@t6(L=5=8cMQR%G%_m6a5>{>(aYwqNM|LSO#4@Qm?|Bkf-p
zBD1K4f-Ql3nfD|(z|K5G@##0T#Kzf|p+2D~CzIvKn=;qOgAeCS%fL@%aR5tc6ZMh%
zD0~#v)iek%$*eGxpxFM@(8G9|-=`OVmy!R&BupmP0$VAFz99iYAEsfkV>*fkza4P^
zALrIt$@v-fFaZa=CIL4{swWPZn}nlbgV&j^L8DY*Z3YI4f?o%*x)6(YM1SY$7f-ar
z(Dhrcg1TuZV+1&W?dw6n{R-ITG1(YqnF`A=J*d6+95TUg?^}5?u@)O3`q80#WUw)n
z6=9qu*jj9cC)DqBW9Q8cY-XcU_^*`_h(_D2c%Oh|HxA(PJ({H)OaFO+=O)?7QH3xa
zwd+XCH@2NNGHoOAi3m2|P_(&&{CsBH_sQWnv6B#cjCFWzGB;~%vpuHMiUUlSq3A;A
zu@2Nu*>$A07k0agX7et5MBsTLMgQ6Px9X3m2FtX*vfT!X4AbSJE3&htUCQeoP*}b}
z9$Fk5Ha9sgG1r-Q#)Ey_R(=-SKrtf~We|Lbg6t#1dOBEco#4+F31TKX`bYLrW0F35
z;|EWVftQTnEaroJ*4(gXU+WNeq9IMPFFRF!=7r%s8K1PEcWpxcIDT3}hZa9*G6{4*
zDs!kYJ-6)kqxGOtHD{(8&C2e3sAFo}CC*2ta~8FajBH(G%y|~t5C+YGw4XwbmX3-G
zR-ezt>5CWIdSw;gzAadfC0X<fW%%VZD>`^g3GH*Sg|)&6u&52QD|KDL(P7%cq|)#@
z1}iOd>a{ri&_{v^*~Sn>di^jtMS4xV|6iKjX5DUDmU7*$8*5a8=*rYOH28OePySpS
z)vN1<pXM1>mC*iykQ7h-_Mxoo)W*nd0Sk+(MGT2PWpkUxyD8b+TRrhg9S?01VREB2
z#X5_(db4wrTyL1CKF#tBG$YwEs(Th9nxco^3cbJH$*mT02sxv%=w}$;NF^G23cMIB
zxpkbl3mURCOlpir21>UlpzBATU=f1lJc&J+LVrK(XOwnm6O(*3J*z@3#u{(24$T<G
zvYD%eHPuBDZG97JY-$dyT;ErUxuG(s1uW=VlE)%b&D14F0($$9K1N7mAuWrso;~p%
z2$5sLjjK;xSrPPWJ{!YF#b=q3Ol|HQnbhG~fbK_w=eOm_2lb`CR&MI~6mYkM^A-yK
zN1QWsdSc34`P=HOc-#dtJ!-VJ2M6Feo?2Gms~JdPw^tCH7$Gw=hWJM!n*onjN8Cm8
z>xbi%6P($B-~8W3i`gb=cF`Zs*<r?=)lH*PFgGo(no3I#>*#<yEWR%qKDpWWJEwA4
zMz5Fd7v$7Tj-g$uPHZ)YJ85&MZ*`2DgHH{0&Z?BS&v2b?GhvEG<379cVjc?8QZLD-
z)UW;KS9wjO?XK<-D)M))GlHh#BD&v-a}s8jx2AwmUNenf4MCoH+qk{w3&jBmC%<CO
zmZD`UWu~sa!Sbz|4L+j^Zr_qOjoropB|p(omYEGp%4eY>c2>Ww4-N8Cm|AJR9>Kz(
z4W%P4qLK)SzUT3h@lsLwJ7yK`B3pv)n=d|nVF<W~SsZSXpP|<>`4aqJX4(wBTUf#J
z!4L&T0RhwtXJ3uesAoBfk7DxJog_JpMV$51Zi#xk&di#On^c_YaA^tZdxp<@rLj+&
ziB}FT*;0DHd$clz8Js%D@LhjNW47<rGV3f{!HCf<U6*En6=2|1LsF7?j%88bnkj2q
zAERs0{x6B##SPj5*th+Ur9~;ZDU8z^((Jw+W4|j?<@!Q&e{)?t$%C2{ru<sHGE}`V
zwT~{W9YRayI+0TqmmXe{>Akeh>ILH?{Uf)J1<vtv-X4pdEN36Mw(I$6wG<hK+(Q2o
z)CB8p;XDSa+j9<c_;R=^FBG>c!Ls;AO02}!d46U>@+Zqt@?1V-M=);{`a2)_s7As|
z)L3Ty=<a!nA2j~E<B0=R#u@5%_m4u}FomJ#kejH;Ig1suA`h;zcbs;%R?*!aRF+#Z
zw8LI*Lwqljmk(FlB+^daD4@4ubrxv|)w|D62v5W#aDX0cE%~QjvBIOe&N__xEQBgz
zjPl$LT~d-IEfd~37@%N-l&hOL>CRdUt+B%abbm}3X2?3=$pY&Kn>s1t57dp)GsF4b
z{zo?EzxiyWsy5T4Dzg^7Z8<BR=Iorw#%PJB7hfkiwc!}==wxDqsjB;`kz?};=lY?4
z+F?|QaYwPag*V^94%R`DoPE&q*Fn204p5wlahBm65#34{4v>f{&rY=PfhdgoA0HL7
zQT#|SHWv^m^YR(<q>0xk#pYHQJ>`EsWmjDhYW>b%@c3BNwLFadVC^eNg+%KvI?Rs#
zcO+J#7BLp<^jeButT+F&H;h(;(;YiD1t=x0A4_aFuvm#8-1)qNqR$;&d9pzJ^fnH7
zjss|h^M-N<rHuRCM1Hy6g9qd}+A|rTP*=}cwzdQf2DZHl5dxcnpJ-wg7vk38F$>cW
zX*P&!6go=&LAyR*>MgV9FAdI1IJLu<Tm(zdP(Gv06{N_jq*bF<9HjgLkqSpfK1>#k
zy-yt>TtqF$P$}^>P~A1s`G}3je^$`G3NdE=h&QwH?!UQ!|DF&k4}qXgd20XVi!I;R
zi1M;^VAr{)s*S(m3w4l(^T+#758wBcvbYJccp1taogTx6a@Du11;{0PZ0=KWxajYQ
zQrY<`e7aK}|9+;aVJ_#nuGS-3&2cZj?kt0er}d!L*S7~33iz*TiXuYO4+kHG@0Yeh
zDPKX;)J&o%yNu_0Ylg^r6ndna>Q14Xl3vJ!@OQ)7V-C}!DF%d##~NN3uS1S-!?kyI
z?|v`2$J<HKX^%QjrpVaGPH0R_ud2|$9LB6*vzoN}&G_71b|1!CQ2$V**Sqpxh2p=z
zUkh>cOB@ih*@OKNg9Fwl90}IDp`adhh&oS#?M&eS=dqf<gcq?0_Rii)PFupM1U8;>
zziNUr_CVB*vy5<=#R1Ko%76nhJ}cpX=Ch`=ujl@qIN(6j>kkT>hy&z{3`MrK^3gqT
z$#-#Fu8|zAuuy`s<MI8p(071uqB7SPOAEz*thBLy@`rd7V|hb$t=25FLe$WA(U+Xs
zAJl&4&16OvSy_^7=*_3XjS?Jh#opFkmU^lej0(r^ocd_cZ;pTV6Jg~=ow8^&x!c}1
z=#B27sfR3Dm>x)@3<gxT_(+r}i|{C^<>*OY{wKJOe>0HvI6Q0Ws)>b^uJw4-9=d-)
zG{f_efzQY$HKbxI4)M1QgR5U5$bkYJK$eFA1D69a9AKk=CqVCHYP|S+dwK7JnbkE&
zj`r^cF_*lJI5TCDqQRZ!r<TjX7&s63eDq8n<~d~aQ<PF>_-#tw%y0mj+_3L3A;?{Q
z0p=(8yLZ8t1~LqdQjLWcyCQRHUaV4aGTyKOl7XCmdZ+f}S@n*X+m93e?@z-&H%u?_
zu*VZ;EW9_7mhpd`YCVXQeeeSoZ@GauVEhIuo!2;Epy2IM9dBkds0P#V|CbF)(8138
z<_C(vd5m$$RO#CtJ5Eb#!;1l8jN5nNGmBi`F~j%Tjo%wysm#+7y>TU_{FN%VwkisW
z!&W&biz9*t9MDvtj22;x2Sakn{tMJc${nezd)U_IIoAuSnO~h#QjOTa+54^?cS%k^
zc>V71y}C$M68Q@UOcdEyUO*D-d)=n0cQ>L=)xDpSUQW(A#Xp&2iQCy#Fkr)K{AHbT
zkM?i?m{$2IH`cU;vcQlxw$5vy<IZ81H$=P;g<*Kieq!qmr2RzrUGY+g<_{tBj!#~$
zQ)Q=b%FyD-x^Th(jeNuYTxWy(*VMi(&MJi~ZsKXnmE_1!!oR^~2*Syx8zuvCr+5lv
z@ie;Fn)X=so8Av7leFy^Dk)v>_Q*O@eRuEt7!7a4q|SWrEXg3TjK!z+<$BY9Ku>uB
z&UG*my}{Ld-&9O)EU&lh*LDwLLo5%Pm!K-Mp~YmXpwF&0zP~>1@zvf4^6vS_g;J++
z8tu%Q>yRrJlMk+_IJ~c`T|3+|EB>%85&CUfc0%U|Nxn>2G@~OpGrXDKj#I3q`G_Qa
zde6s`Iu~E&6KIDY`WM@1)?3@wy3ssTsG#XCIRA!t+4LvtNwZ%L!)mm1^+_9(>k8n_
zA9KzQE#EuIlF6|?FeRFes^*i}<1M`ovf2%D-l827{isJ()U5#@qThY7#Q~v!<Dj{x
zPx0opi1uAJdK^IL;0RfpEqDQ%R=+Y1_+Bthqm$XtNA(Cb9zr!z7&&zS6Nn!_^VF>w
zN&mcaUG1SPCGoxFJH()3R>2SF%fX;oyvj8sEvW%ELlikst>|`bmb0nB`icUfS;D>k
zMZZy_WPPqA*0_;`Uy^v6&ka6LZjOyUr4$p4+7-H!{gTSt_<kj0AsHcI3Q2F$)~<AZ
zDa*)TV+XU4&{rd(DN6j0HXrOR>lvl!5;Oy&8)HO~A#jo6)#>geJ)S@QY0lmR>6s0a
zfAqgMdf3$jK<0HSl^67e7Ja9M)j3Mn6`~zW*|QWqWte{>|JcROuCxVTb+Z=Vnyqt|
zrPtD&o^E$=9qwD;)QVLH)D_+8-n{!GFkW1L-M8N5qH`0`QZ~8hU~TTil$u?o4g%0M
zNSbmsNQj^m6Bdwk<$|>4cuR19PfpzB#uJe3XJhr(vb?{Z84h->2-uz_Vihk+&PcGY
zp-}@kU|Gxw2bhr@BU{^=4g_Zq&9I}Jrh#v8z|DFM)H<wKgd|H#kv`~hyIi*ZG1xMh
z515wt<(6!L4lQchT7Vt#?H>1^<D21tv3sW6AhF+s3!=_6FyzSuL;vzxdacJkhFK2Y
z<l(}q4**Sqb)=Z?zV1-HqSZwW>c#7T&W#O2;hE{)sqC8g{z7r?l%QjBXz$I&y5MRB
zcRq*%r|5`dDwmjWaq;dT=gXf!v(5U;^-?zJzg8S%oKh*P1>XRx^!st{p0^rYIJ(S5
z30E{4pAE{gOX2{^iyXv&#~~JT>&2V4XCzZ+JZ<+;E|nwIxB0*JnJWUX%*I#|^%jO>
zeFz9**$=e4Qd<P-zA^EK{)r{5y~c$%4w$UmWmv!g<(=r>w38hiPzj&ry?QCQWaPn2
zEczpxKeh=Z(SgEg8A6aXU~zxD)oy_O6Uh`uk)U;cOI^>bN_4PtkW#Ww44A664U(kW
zknJyUrs(PMr%-j>T~%>e&^}OE!_)N<ou>l(Z@Z;p234bqBr_s~oE^J==RFHq6l6?)
zquoFOuZP(Odn=~}uI+ONl_|H^P3%L$kNFMpuPj>IkmSpST68)x?4$ulYt?(X8G)P1
zle<+&|F67jhxU+A-^4H}!2;iM!zhhmt2?U1Mk<mwE&d4M0P!6Q<8@={k~c?^(tN#i
zL`7EgsoBR|7qO~nM`9<?BuJs3tM;<hC4c$feA%n=fttj8tz;#9gEyVL)ak^#`NjP~
zo*KEdz8rr?F6|OZ*Szu@9EIwI8+$@m%-Tq|uX6?JSzxcIb6t@c8^$J8pJ@`4yc2OO
zdNng8FrHNP&6{LuDqMqXrouR;if1|L2}#Y`xqZo2@@R^GwmRX}KOf`y?%&;&R?dZ!
z$V+<l$iteV28P!;2OTrR703_!X-!2tD&17OBF-)SY(NK<d?a!B!I_h~+&kMci6Srn
z%*Q%XziIW8E-O>}xnyJ;cT0gX6j(Y$MstKt(i0sKgs(}77nx9yZm-2yCkV^labt3j
zhG!Gfl8V!RqIa!;Q#3!U>SDqHSE!25!(HQYkn!|oT%m(=Ze7c6P^G`^6=?9jXsdeh
zqwE!HylYcI8e3+^FaEsEbgb-&R;E-S*osldD_baLpEc3)cV~)EdaGy^4M@8mBhxv)
z?vUf7@Y+4uSw{IY%NY%>+;NR~#P~p)MmjLJ&P{>$#w!|k)nM%{)zSt+br)uyv!F?Y
zkmiPj{06sIr2KxD9NrsF=3)t6ATyj7D3KZyy_&x%&^-}KX4qL>vSfxVflXArFOd5|
z7fq8Pg)ly>;SjqfBrnmmpggjeOpvvQ4Q6Xod*Pd;(CeQ1+An!Cc9wL^S%D>go0d{1
z>x1<NEn)^)O=%!+h=9Uy4}C4+&#ekIwl3!DN(2`yOGN^+Ehy;gKCN0dVaf2L&BK@0
zH;K!<n3(Y8-8WL5(xn;LY(JP$>jm9Fg}=1-4YZI{sI>Nwk4L|Q3{`9ZplRW)Cg-6;
zOAuS&emmle?H*k+s*fakN+??^^;!#yFpkm%rB3A^OaKfUYUc2IN1yFZpYpGJSJSLI
z4}S?U7E4Lz8K)ByC6)C&5_8zw&{4~B8osIjEr<ZqMvf3NSkJx(Q6Ct7JaQ|UnJjc^
zs<JL5W^SnJGB#QWP%jXjxiHBJT*X%+@&0rE967qGMO0MI9+M@6CVJs7WN**I6{{+(
znj18;hkaca=ISbUA@PL|2Y@ye>aArw)e_9{N<?d%H`j2ALXwHUxicY%)khjMxN;TB
z6b<>xk(<_KMLP5GF-qd6$4CZaIJ8tr+tK2Hv(hirjh*|gBJ#0pvs*DrN7jeY2kPU%
z&~g-`U^A3g1S5ZBJ6M$()71@Az`#ACFV!Zq%q>u)2X0~UK$%UxbObx6nnaArVc@0v
zg6Q|B7JD=pQUgc^4(M_n#@5knspGBxt0M#P-uqwkc73BKRyGlF+&e}FGFq2$5B57K
zjO25J{!(~<sa%g#{*g}%r60;-zH3XOXtvG`49uMh`dq!#lHPSWk&=wN!5%qMuy99D
z=KQ35^n;zE6f0l<8BSrM(xUK;1+SChC)znNY^VMEd$JA|(=H99U*M-=KPLKT&p%6^
zb*qzyby8<h!dT`7i<V0pV`ut|Xeb|aZNrD*k^3LzT#M~H1wuWKU>HBz>nOJU5s{i4
z&!lV1o}0>N5iCPUogW~BcTRKdACy8;5jkGZ|J8j#*I-fL;h7O)To{JA&i|76{}$#D
zx(4<`4uug@)!5%9ZY4CBRM;x0QL3L|3e6W}?}8hOU|H~gl!bLo0Gc<XBbCiXU)@+u
z>1u_HaSN*({hBy?Ww$R5z&@gG!~qsVU<{?V3&BS$r~Ul<?QPj!*qKAU1&S#b43D&M
zK)Zf!%HH)>@1df^>crC;*k;e$0gQJ9R;f`xoX8WVI{18s{FjSJJ+I3R5=k3VTU6Xg
zny2yK;}*(<hhf|?<9xh#+D`Cm_)W}eM(k{r9e0A8BUoKgplv=6<onW^^^t_wh=FD}
z4g*aXyaS$(=!P>B+c4X+r|ZZnJLOndP>r7K_F$HRnvx1zTk0}cvu(zInhoVEl7Gby
z4gxlwWX`|XnS1l6s5o`eE<)+kPny(h@~D4A9(8l{Dp%#>HH?^bUwWo(m?r!~NZ?De
zg!5+KEt2+Ezz%DP5c0P~SRT1=n0(YE`D8jVZS=k8E&IJMl#xwQ3J<R(>gSzayVAK`
z5^SE_%}U!$>-P#Ov!*bN{4w|RZRc6mb&ZWD^PY@>d`-d4Uy9oTUt2W^Vc;cY-$OJj
zjpm;g%!iCX6ik)MGrz}klzMVeyA>&Oj{j~Vov!eUn_63rC+n=i0bBNAoK=^B5)@)K
zs8q<(@RV^;D3m9IJ-$p4c=6$P=<m4rn&2hzW-d1b`^RyCUH(YRRF#Vb2!5kfkQ^bt
z^p?!p!(n9b9Gr>gEZPN@BN^O1>6@ilZM7!cml}B&aXF;nN+vI;l?czo$77v!c;x62
z_fS{DePNTb4wJ8Gi2b}X{gsSSMpkrrfwoN24IGeWOz5MlrFiobmixg#UZ+PBiWW)g
z;MU<e#pY=qvd9!s$2P$BQEXWb$*J~H;p=4W1AM*yYK~-l!J{Y?95slI!2#+B<70B(
z8g`4n-&jTJi}Nn0W`~&PDPALhwBA65lHLeO*g6(1`@6I|RM)}Ek2M{GArFed$C#Et
zp@QHd38U^-_dgKvE=Vu<#)vT?_23LedhJW+f*)Ci18(^Dqn78o8>Stkymri!@;ld@
z615_Wui_oIzbMjJ>5cW8Y+g*p*Z8La9<AK`Nb5n`KboT0d;rq?<=}@OJ?^~4nx=iv
zJO><S%HFGQ8;7s5Az~R!+tAGaUj53j!j)jH!S!Xe(YT>*m6K{@knUAvxAH);Bk<xv
zNvhYo!%rIrWFv+xMjI)VqgAse;@3I!&|$C~b8yQbP|6rlj8hKxQ&%HuX(jkbe&)Of
zJB^Y_eM+~I4V#kWn8m+p>;~u}O}pS#U(ZgK$hf?or&Xmd{0Ul^zdOc6!SqG&b}J9l
zI_J*Wi<-8XA=nQI;4xjx?tUWrq#Ps>chj_YXq|$yYV9b^-^Sdj4<7Q_L^)1Uh#lI<
zZu?bl?}I6H9!x!A$M}@|oTTNu*l57@lcw!Ap@C!Ny@wogDfQrTX0U9)7JPhru>M9k
zVE#e+otL7DzWps=6$1OseT(;yC%?I>;qJ}{!K@}v<g~{2OYGB?yUbxYAU31~F?Q61
zV(@>{oOaH0@YfBw!JD)HXBI@Ue+F~5H!h{hCA+5WKewyMpGFX-r)3b={-K`EL6*~b
zx76^e?xdy_`&_Fk@OR)Z$4p#fJ~|RzGf40pHx;>x9A%@i*}a`EEfGHNBBh=`*}*v-
zo6p4V9IL!|*Qq*?bHsHZBgR_$?n4D;^a~L~3iI0|qq{3E)&ZSlJ#+)rIKTuAhy8=c
z(imfI3?fCzK4#`?(MnxSAb>sA5&0MA>PUC#L~n)~ygHa&RF1r@mwKOXljcT9WW065
zl(xfrqk21grK`0>Pe{-635Fbz_;YP_UzmvPK2i?}Ak3-MdER^RXfs$UU{>TcHl4<)
zEUry+Oej2ywsj&{8lXHxjVg!Q2o@K5tBj|uVBp-U4vjU_+lP<W2x__OpV2t+=T26{
z(Hy;VGxVC2=B29!w<43C<1?4FWEGqE$7QiaNy~IQ`tUwckNqv5#}u4ohOZu^(<o;)
zVCUNWQofU<-qIRSsc$l`v_hNZ*WA>eq4}DD%^ohj&VHvx<*1D8Mg#J$^cx*h91yl7
z46j;#Zr1y<Ml?;jy?v+SJY^;RErC>8OT8eq<Bru;Q&UQf8xX-$lDyF%v3zig3Ogn^
zrt&ZwXy>iNdtF^-`!-b|VISW1KOV~;rFkoIFQ2!jnqY@dDC$qter`}@rt`Z3qk=n9
zM@%s<F@a%~(4P3bZ#CT&(Y<d-&Qwl{eH#o4l+uO5bT&7zOqtC-dd9oh$qwn$t9;bW
z$1pil-C6FDRc*pTS{#t;6oP@@P1;>u>rK{|*=`%Olon@IWvN+jrqjqT4mNT87(p9E
z>+h~T^p~0a64f}TFb6}{)=SSkvyM0*tiS<C>zaRJLO%#Pm>;(FDYtn5bQG7`6fj8M
ztWvki|Aj~5XswyL>1U9muT-6tTi{AgTTM#c;s>!&$0G?lepp|wW?;z^>PB+<@i}a$
zy0B+Ca<O|2Uf3$k8rkMQn$3QDWI>ZcnfEvb)=F<keUMRG7dFJnbx`Ce88=#!)Sy$)
zO==K%2TXy8-~iT9-EaLq0vqhAwo;TSm)L~KhE`{|BVr@PZgW<u=^kY}9u?|(@%6C0
z%C?N;TLJSdnL)hpyPrR>Z{8JtZ1<*?6$d;z+*18jynHV>jsJJqCNXpb8ayWAByy3M
zz{UMLQUNbIwIi9JF3fTFrmD4DSL@9;ez6VRQ=0V^L@v8rAN+QxI#+aXfU7g&@Ir8v
zx0L;ZqVT;>(W&z~e^c!ST0zrJV?w+=B2TYvMM8gNd~6l*DABcS-Gq*8h3yl+zm?N7
z-4a^-CE)?{IHDz)puDOka&v~~?Fy?cOL9ZUBzCi(V|G#H$8zXXeCN)S)jS*k`-ZiC
z4~kY@#;5&u1hqXP&Z^RVe15VFExxH;Q_i`THIeQ$kdt~G5Vd4Bqdju8ek^(a)e{<B
z#BQ1~(7cDt56^9}Cx{({SZHD3MJ2)wWi`XQlm?`F<?&Vn7a;~N4ax<^>2i1Dl>rqo
zoBgdPEz<Z&Tm_W&s%%;$w?562FLLeMXD?AKcOWJdFrG#R*Q&)n)Ghjaj0^$~XT$tN
zbGEMyiX{ALWC-8wz~d+y<q6G<<>$P@c~e*jFN};;f99{HAYZE#B=m(FG$mYU4i+N?
zayrgU**XDU48SljD9f6MhFTDV$%94*Fpx;w&%!d4gdo<<K~Dd!aW-b42zaFJ6$e}g
zMfh<V<^a(Vb*BHF3Z!bke(X7H$;^x%?@jg@taXxMp?>J7(BI@ks8m;{<dX*&s0T=?
zpBwgQLcJ({B6p7@Rgv5t2P)kjy?$}V$xlAyIqKUFt5rmfPS+v?ggTZ+u<;rHd^p2k
zzS%u{BArNE^nQvn=15x6Ff-_`MT@cLeT63>gQhme4EAHKbuNV@v@aqhn5nk|*`WI2
zK)5eQZD?i^LC1J^YFMFSw$t9DZ|!gvi7$nCLnVJN`I2*Yc;+o6Mb|}gn)sk#J)P1h
zfIp{e!f-hX(+L|Bz2d9<L?`x?274H_4h;+k@|<#w3=f~VzMYvWK=+G+z%Dm3knd3W
zYQwvq(j!V))7hDqfW?Ah!{f`_RM;s5?aZ(j`6chxE|cFi$b!j{CJ|Jcue)t^c1Ex1
z`wLi7VZ}d+&lm)bw$$c{e$}aV>Wl<R!-deda%;PshS!%+Atoc5#9Zc#!<;uNJXE9p
zG@V&j@^A0#Tytp<>VQp{+UNbFIFVO1%juwNNY&}Oq>w$Ahiaj_A}ie;ts4)ug0d=A
z|9NH&>b_Mqs8`cwhg2;L?-vzF-OjDO6|jDY8QVAyF{#ibW(}ktrhV0O=M(l2BxC54
z$(EsB>)F`{eL~R<X`RJJ|9CCAJOMuG(riLFkcpB>;j}Bt=+A$Q;Cpt$o`eHrv;y_O
zMZEz4B=`w`pS4Tv7Llx!cDrYyMRijiFRlAC=1nf5|D#2`qn0e?L&HHZ##aK^LS_E;
z5BRs!!x!(d4i>%jE2Iqnnb<OE`#N5g69>41k(Ow+B4C;K`snwKgcKYw>y816ubc6;
z^o9@>Ik%p@?Fn>9uK#D~mzl`_)BZc=K<|&hVp(PEqRnf$xJc{>p04v#)X(9?5Z{MX
zT%Y%=_d16goeZGV<<jM!Cqzp4CcTMPnC~cCBf5|&VA{r3iOA5FZW_$rW`1?PHt00^
z%w0gm96vG}rAbr={T$V1;I4Xg&XCE)?tu}pFKSFxmPpe@!M>b5ZN(wL+##txk0&CK
zA+R>Z_{h*Vfw`e7{(Da)onJZQQ%w?eMayw`B29jA%5mPra<m<dtRHIh7&H?@RBGu-
zqN)?z)m6aA$At|@rwWJCJQ>YP#sS-6qu(EHQwT`VnS2D@v*qmBD>WA-f2Lx}VSzy=
z63KVWtDrC`GJ_f=?Cz>b)<5G|Fz^=t!B7cSo$9k;E2RuN`dY?zuJZOAw+s-kFucp%
zDt?JLQK}M>$Pge~F=Vx_S_f&SwQ+Qp@wn({%c4S!sVDA>U?t$H1s)=N6=jIwdfVzw
z*A|odI}hyBK$5%3U*ub5XmIK*hk}adq0LZ`1Rq~&5`sO)wwg4@L&c6K<EZd*tn^?r
zXsA<zstVX%lp$5v*74gJdO<m_h`5sTt0P(aS63@R7YQ0=pcMIyqwY%~Aa_g;pm@JZ
zq-HTDIXXl$a_#7`84eJ7`+YWd7Q4Se%uy}*I0uy`D|GzFSg&_t^I%++#cU&UXx6*S
zJ(cYE*YgqZl@6PenNHq4Hx;-dr?g1Gh$2JL(s(OT{sihG-?NSNp(_RJFi>E!zr48e
zs{7X&Bc>o)Kw(Y1kC#9xJRKEm<}68bhj#D$^Wku;5K8az$=a!Yx?e;iC#A+O%9YLl
z+hrdqO%g>#1sA9~oF4g^c|gc?jhR6d(3D6JjmdjqW^*X@Yc7`$<G`lCvN`?&+G~RD
zJv=IA0lO*{@T#wBNT8DF>8JgovX=Xjmmn~_f5=O8WJhgVsOv-7z=>#vERp@DaZ*|G
zB<cKNPL0dg`je%(jADHGSE|hfQYT1jb$j^xtQQVB=Yz83?>>un2KZ@`=qTz9|H&G8
zI<$BvXh!##WT+TCy;ksYOQ;&sxG72J!)gFVFl1CHC4ubWM-y?U!OP^pMt-g$U;h;~
z=I#fSH2ETzQ2&<M{rCKZrtRC%S-EDY5r45$-gomwzWOGm=yYo|>64sr%c3GdLFcp4
zpnJ$l_*S8~OJt}=AqPVr(-K&Fx??<frMph_TW@46?~TF;x>xQf>u(PGkJR(Ft0J}h
zmK-%3uTP=$G2u@V?iTkXe&L<fC<cs*Xy_KzJ_yg$Myf?K`5i$<tGBMT=@0cdFtkzB
znK(TRqW1lRp#q%DCR$&*TGp5i#!};TK1$N%3nc(3@l4xy8${JqwznCzJcTs<pZ*!G
za~$q@M_cBSPMMk;1Thp7DoVXq$>rcuW_4cqOrLA+;K2_ZVE*R361ZowWIXtG)6NQ2
z{7j#*7Cin*xsI)?J~W;Ik7c~5<U1da^uBXFwCD;}QJ6wU{%$m_pXto;&D?}nTE^X&
zxM8{<jAcqEjXhXBY^w_>pA;=^CDh+kq8X~2T#n2*0dwr*rf(<s-wCz#2{p_wV{OT|
z9DyPVMUoEV5V}|nQ-8PkCd2!Pg9n?i<DanD0X#RMB}r5F&o*ZVzZ(t3AO{j)&H{{U
zCkp+7$eZ`(Y3}E^1zt?kdX9TyMVm}(!I;W<Ov%yK-z4{tA^Q0<jl&&T#ux@E`xPaM
zDOZ`b2iW*V)2c)-{<U|Liz>-CZ`BGFdQHWIoQ>(o61gWo$@6k_P30Gc=O$PiKkU1=
zF@RdzNA}g4zy}vF@|&YOtR`KnDk(~ceycN0!sMrk2JD>v)uqY5x!xB3(Rro(oh0Y^
z@6hbo8E3x_?E?Y{eD^ydB&tER4(qFS1d#IA3vmEd`49fGgy9!_OOY~717pU`@i$nn
zNT3YvIh0`DaaaC+T`VEQJeATCBzp9s2ze(WLFnz$9UpF?u+w6emc2HCs<=LzgV+~p
z9iKWF!A>t_(^rYctT`v0sSLbns@h#S5|rL%|0vPeiD}1RlD#IA%jQeOBjAUbvmu8G
zm3@1JFS!X*7yAs&f|+{l+o=w#&X2lJJ0E)^tq<E6$57%`2e$A6z%0~HjCD*QSN5dN
zu0r_bQ3S!ZBmRu13};fD?y!9G@b;}XHMDY6$tB=LUVDvio3uB*D?N;qy>I~MaXKYN
zN9+4Yk@@&~BCp}AlCTFiqE3`+kO@CiiuflLEmuXSnJhyh;rNGb+^7dT6&bv>@j*YC
zrnbzutYSs=U3vkcD1;yI($X1FTWk~-TVY^sK3xXC9$|7ET#{Wirtg=nVrml0MKK1R
zc=8;kQ^5<F1Ou9+)m}VdBYp6rP_%d2Ic>^7zbg4fl5Dgp6f@0>1CGIR@{N3;h)oQu
zl%j+Ajg_x1{FJ)?{MnUhb+@Qx(+*NQ=4CMXK9)`qhv-@&!T3Q|e^;AUhAvs0We7A>
zsU$Pfxz5M4;Q*;ibFp$F&1++6cpcE)osRLuGSnL;!_Z;JX{hzI3sJyj5Ip;M1(tnC
zD1&=zZe;Y>vI!j-1NL5hEZQhb<l&)~?;D6(8J+4YPgdZTm2#M?UNW=u)ZB8(H8(Tf
z`~bB&eR$ys)<?ibgG5B&_0aLv<RL);rKjE5o^ff|M&~i<g?8cTxw$(^yxi_91x#Jc
zt92|uMp2nM%TDl*gD&)05x<y0eZ}y67#ri_L%oF#w~0Te@a)Fw3$u?W=bfKI<&Ka(
z8vBHPF7L`4!}U^WKJr3*z0)ZInN^oee(+Z$tPlNp=*7vrGrVDP9G4-zJnG`^yZsnx
zL?7W|{<~O~K@_UrIGk6lO&~FUb<1?xxcB5P1(kVwgzVF463quFNb{KDSBivThYL>O
zzH5BSI+1g4i^v)jT)Z+XD`F&PL;{VpYtQQ(V8y`m(OkyLcg1@*`N%CTt#iLhDArGI
z+#l$^yP0-Z`ki>;rL(*AvH$Ld#}sz+X0+1h{(Yj=?7uU;bvuiY-3PrW?Q4X?>!99t
zCElKQ0CSdrNIusUJkAV`6tI6Cc9Cd24(L)j<zkv5AZ9&Jl|_)=`N#{bOjjqz<HC!Z
zqu=Dkt5@<2PBYcX2YXrL8nqibhJNy5h?%#aAs`|l7@orc#b#`x@rG7GoYR`b)Dc6@
z5{-Rd2SwaI(zP*pD3@%Y#^h9piHZ0D`pyqrrYhmB0};dP>BK>FvH&1~H+eY_-Di{@
zwB{n#5?5;5|EFL>>1Kq?J_|9djo$uWuzlbNzkiEUkq3E=xd6--kjo3-b#hE6=F(~-
zRrw8@G1a*QY|{}-DFLOf;S@pf;$_g=kQ0O7@cSDy0AGcGXSh+~Z$8m=@XNfz7zi{S
z|I@y*fLKRK<mbc(d4sZ~;CIsQ-gX50`mp$J{9Z?dvb+J8?#I81$MCeyh0aqQ5<cUA
W#tLv?LH{WgjF({kH)$~3#Qz0I2vwy3

literal 0
HcmV?d00001

diff --git a/root/etc/e-smith/web/functions/userpanel-initial b/root/etc/e-smith/web/functions/userpanel-initial
new file mode 100644
index 0000000..eed19be
--- /dev/null
+++ b/root/etc/e-smith/web/functions/userpanel-initial
@@ -0,0 +1,83 @@
+#!/usr/bin/perl -wT
+
+#----------------------------------------------------------------------
+#
+# Copyright (c) 2011-2013 Firewall-Services
+# daniel@firewall-services.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307  USA
+#----------------------------------------------------------------------
+
+package esmith;
+
+use strict;
+use CGI ':all';
+use CGI::Carp qw(fatalsToBrowser);
+
+BEGIN
+{   
+    # Clear PATH and related environment variables so that calls to
+    # external programs do not cause results to be tainted. See
+    # "perlsec" manual page for details.
+
+    $ENV {'PATH'} = '';
+    $ENV {'SHELL'} = '/bin/bash';
+    delete $ENV {'ENV'};
+}
+
+$CGI::POST_MAX=1024 * 100;  # max 100K posts
+$CGI::DISABLE_UPLOADS = 1;  # no uploads
+
+my $q = new CGI;
+
+print $q->header (-EXPIRES => '+-20y', charset => 'UTF-8');
+
+print $q->start_html (-TITLE        => 'Portail de configuration iPasserelle',
+                      -AUTHOR       => 'daniel@firewall-services.com',
+                      -META         => {'copyright' => 'Copyright 2011-2013 Firewall-Services'},
+                      -CLASS        => "main",
+                      -STYLE        => {
+                            -code => '@import url("/server-common/css/sme_main.css");',
+                            -src => '/server-common/css/sme_core.css'
+                     });
+
+
+my $user = $ENV{'REMOTE_USER'};
+my $name = $ENV{'HTTP_USER_NAME'} || $user;
+
+print $q->h1("Portail de configuration iPasserelle");
+print $q->h2("Bienvenue $name");
+
+print <<"EOF";
+<p><p>
+Vous pouvez modifier les param&egrave;tres de votre compte
+en cliquant sur les diff&eacute;rents menus sur la gauche.
+<ul>
+<center>
+<img src=/server-common/ipasserelle_logo.jpg><p>
+</center>
+
+EOF
+
+print $q->endform;
+
+print $q->p
+    ($q->hr ({-CLASS => "sme-copyrightbar"}),
+    $q->div ({-CLASS => "sme-copyright"},
+    "Portail de configuration iPasserelle<BR>" .
+    "Copyright 2011-2013 Firewall-Services.<BR>"));
+print '</DIV>';
+print $q->end_html;
+
diff --git a/root/etc/e-smith/web/functions/userpanel-navigation b/root/etc/e-smith/web/functions/userpanel-navigation
new file mode 100644
index 0000000..d80e220
--- /dev/null
+++ b/root/etc/e-smith/web/functions/userpanel-navigation
@@ -0,0 +1,313 @@
+#!/usr/bin/perl -wT
+
+#----------------------------------------------------------------------
+# User manager functions: navigation
+#
+# copyright (C) 2011 Firewall Services
+# daniel@firewall-services.com
+# 
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+# 		
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+# 		
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307  USA
+# 
+#----------------------------------------------------------------------
+package esmith;
+
+use strict;
+use CGI ':no_xhtml', ':all';
+use CGI::Carp qw(fatalsToBrowser);
+
+use esmith::cgi;
+use esmith::config;
+use esmith::AccountsDB;
+use esmith::NavigationDB;
+use esmith::util;
+use esmith::I18N;
+
+sub showNavigation ($);
+
+BEGIN
+{
+    # Clear PATH and related environment variables so that calls to
+    # external programs do not cause results to be tainted. See
+    # "perlsec" manual page for details.
+
+    $ENV {'PATH'} = '';
+    $ENV {'SHELL'} = '/bin/bash';
+    delete $ENV {'ENV'};
+}
+
+esmith::util::setRealToEffective ();
+
+$CGI::POST_MAX=1024 * 100;  # max 100K posts
+$CGI::DISABLE_UPLOADS = 1;  # no uploads
+
+# Use the one script for navigation and noframes
+my $NO_FRAMES = ($0 =~ /noframes/);
+
+my %conf;
+tie %conf, 'esmith::config';
+
+my $accdb = esmith::AccountsDB->open_ro || die "Couldn't open AccountsDB\n";
+
+my $q = new CGI;
+
+showNavigation ($q);
+exit (0);
+
+#------------------------------------------------------------
+# subroutine to display navigation bar
+#------------------------------------------------------------
+
+sub showNavigation ($)
+{
+    my $q = shift;
+ 
+    # enable utf8 binmode so new translations work
+    binmode STDOUT, ":utf8";
+
+    my $acctName = $ENV{'REMOTE_USER'};
+    my $user = $accdb->get($acctName) || die "User $acctName not found in AccountsDB\n";
+    my $availablePanels = $user->prop('AdminPanels') || '';
+    foreach ($accdb->user_group_list($acctName)){
+        my $group = $accdb->get($_) || die "Group $_ not found in AccountsDB\n";
+        $availablePanels .= ',' . ($group->prop('AdminPanels') || '');
+    }
+    my $glob = $accdb->get('globalUP');
+    my $globalPanels = $glob->prop('AdminPanels') || '';
+
+    my @adminpanels;
+    if ( defined ($availablePanels) && defined ($globalPanels) )
+    {   
+        @adminpanels = ((split (/,/, $availablePanels, -1)),(split (/,/, $globalPanels, -1)));
+    }
+    elsif ( defined ($globalPanels) )
+    {   
+        @adminpanels = split (/,/, $globalPanels, -1);
+    }
+    elsif ( defined ($availablePanels) )
+    {   
+        @adminpanels = split (/,/, $availablePanels, -1);
+    }
+
+    # Use this variable throughout to keep track of files
+    # list of just the files
+    my $c = "1";
+    my @files = ();
+    my %files_hash = ();
+	
+    #-----------------------------------------------------
+    # Determine the directory where the functions are kept
+    #-----------------------------------------------------
+
+    my $navigation_ignore =
+        "(\.\.?|navigation|noframes|online-manual|(internal|pleasewait)(-.*)?)";
+
+    my $cgidir = '/etc/e-smith/web/panels/user/cgi-bin/';
+
+    if (opendir (DIR, $cgidir))
+    {   
+        @files = grep (!/^(\..*|userpanel-navigation|userpanel-noframes|userpanel-initial|pleasewait)$/,
+        readdir (DIR));
+        closedir (DIR);
+    }
+    else
+    {   
+        warn "Can't open directory $cgidir\n";
+    }
+
+    foreach my $file (@files)
+    {
+        foreach my $adminpanel (@adminpanels)
+        {
+            if ( $file eq $adminpanel )
+            {
+                $files_hash{$file} = $cgidir;
+            }
+        }
+    }
+
+    #-------------------------------------------------- 
+    # For each script, extract the description and category
+    # information. Build up an associative array mapping headings
+    # to heading structures. Each heading structure contains the
+    # total weight for the heading, the number of times the heading
+    # has been encountered, and another associative array mapping
+    # descriptions to description structures. Each description
+    # structure contains the filename of the particular cgi script
+    # and a weight.
+    #-------------------------------------------------- 
+    my %nav = ();
+
+    use constant NAVIGATIONDIR => '/home/e-smith/db/navigation';
+    use constant WEBFUNCTIONS  => '/etc/e-smith/web/functions';
+
+    my $i18n = new esmith::I18N;
+
+    my $language = $i18n->preferredLanguage( $ENV{HTTP_ACCEPT_LANGUAGE} );
+
+    my $navinfo = NAVIGATIONDIR . "/navigation.$language";
+
+    my $navdb = esmith::NavigationDB->open_ro( $navinfo ) or
+	die "Couldn't open $navinfo\n";
+
+    # Check the navdb for anything with a UrlPath, which means that it doesn't
+    # have a cgi file to be picked up by the above code. Ideally, only pages
+    # that exist should be in the db, but that's not the case. Anything
+    # without a cgi file will have to remove themselves on uninstall from the
+    # navigation dbs.
+    foreach my $rec ($navdb->get_all)
+    {
+	if ($rec->prop('UrlPath'))
+	{
+	    $files_hash{$rec->{key}} = $cgidir;
+	}
+    }
+
+    foreach my $file (keys %files_hash)
+    {
+	my $heading = 'Unknown';
+	my $description = $file;
+	my $headingWeight = 99999;
+	my $descriptionWeight = 99999;
+	my $urlpath = '';
+
+	my $rec = $navdb->get($file);
+
+	if (defined $rec)
+	{
+	    $heading = $rec->prop('Heading');
+	    $description = $rec->prop('Description');
+	    $headingWeight = $rec->prop('HeadingWeight');
+	    $descriptionWeight = $rec->prop('DescriptionWeight');
+	    $urlpath = $rec->prop('UrlPath') || '';
+	}
+
+	#-------------------------------------------------- 
+	# add heading, description and weight information to data structure
+	#-------------------------------------------------- 
+
+	unless (exists $nav {$heading})
+	{
+	    $nav {$heading} = { COUNT => 0, WEIGHT => 0, DESCRIPTIONS => [] };
+	}
+
+	$nav {$heading} {'COUNT'} ++;
+	$nav {$heading} {'WEIGHT'} += $headingWeight;
+
+	# Check for manager panel, and assign the appropriate
+	#  cgi-bin prefix for the links.
+	# Grab the last 2 directories by splitting for '/'s and
+	#  then concatenating the last 2
+	# probably a better way, but I don't know it.
+	my @filename = split /\//, $files_hash{$file};
+	my $path = ($cgidir eq '/etc/e-smith/web/panels/user/cgi-bin/') ? 
+	    "/$filename[scalar @filename - 1]" : 
+	    "/$filename[scalar @filename - 2]/$filename[scalar @filename - 1]";
+	
+	push @{ $nav {$heading} {'DESCRIPTIONS'} },
+		{ DESCRIPTION => $description,
+		  WEIGHT => $descriptionWeight, 
+		  FILENAME => $urlpath ? $urlpath : "$path/$file",
+		  CGIPATH => $path
+		};
+    }
+
+    #-------------------------------------------------- 
+    # generate list of headings sorted by average weight
+    #-------------------------------------------------- 
+    if ( $NO_FRAMES )
+    {
+	esmith::cgi::genNoframesHeader ($q);
+    }
+    else
+    {
+        esmith::cgi::genNavigationHeader ($q, undef);
+	print "\n<TABLE BORDER=\"0\" CELLSPACING=\"0\" CELLPADDING=\"0\">\n";
+    }
+
+  print '<script language="JavaScript" type="text/javascript">
+  <!-- Hide script
+  //This swap the class of the selected item.
+    function swapClass() {
+    var i,x,tB,j=0,tA=new Array(),arg=swapClass.arguments;
+    if(document.getElementsByTagName){for(i=4;i<arg.length;i++){tB=document.getElementsByTagName(arg[i]);
+    for(x=0;x<tB.length;x++){tA[j]=tB[x];j++;}}for(i=0;i<tA.length;i++){
+    if(tA[i].className){if(tA[i].id==arg[1]){if(arg[0]==1){
+    tA[i].className=(tA[i].className==arg[3])?arg[2]:arg[3];}else{tA[i].className=arg[2];}
+    }else if(arg[0]==1 && arg[1]==\'none\'){if(tA[i].className==arg[2] || tA[i].className==arg[3]){
+    tA[i].className=(tA[i].className==arg[3])?arg[2]:arg[3];}
+    }else if(tA[i].className==arg[2]){tA[i].className=arg[3];}}}}}
+    ';
+    print "
+  //This swap the class of the selected item.
+    function swapClasses() {
+    var arg=swapClasses.arguments;
+    swapClass(0,'none','item-current','item','a');
+    swapClass(0,'none','warn-current','warn','a');
+    swapClass(0,arg[0],'item-current','item','a');
+    }
+
+    // End script hiding -->
+    </script>
+    ";
+
+    foreach my $h (sort {
+	 ($nav{$a}{'WEIGHT'}/$nav{$a}{'COUNT'}) <=>
+	($nav{$b}{'WEIGHT'}/$nav{$b}{'COUNT'}) } keys %nav)
+    {
+        if ( $NO_FRAMES )
+	{
+	    print $q->h2 ($h);
+	}
+	else
+	{
+	    print "\n", $q->Tr ($q->td({class => "section"},$q->span({class => "section"}, $h)));
+	}
+
+	#-------------------------------------------------- 
+	# generate list of descriptions sorted by weight
+	#-------------------------------------------------- 
+        print "<ul>\n" if ( $NO_FRAMES );
+
+	foreach (sort { $a->{'WEIGHT'} <=> $b->{'WEIGHT'} }  @{$nav {$h}{'DESCRIPTIONS'}})
+	{
+	    my $href = "/user-manager" .  $_->{'FILENAME'};
+	    if ( $NO_FRAMES )
+	    {
+		print $q->li ($q->a ({href => "$href?noframes=1"}, $_->{'DESCRIPTION'}));
+	    }
+	    else
+  	    {
+		print "\n",$q->Tr(
+			     $q->td ({-class => "menu-cell"},
+				     $q->a ({-id => "sme$c",
+                                            -class => "item",
+                                            -onClick => "swapClasses('sme$c')",
+                                            href => $href, 
+                                            target => 'main'}, 
+                                        $_->{'DESCRIPTION'})
+				     ));
+                        }
+                        $c++;
+                        
+	}
+        print "</ul>\n" if ($NO_FRAMES);
+    }
+
+    unless ( $NO_FRAMES )
+    {
+	print "\n</TABLE>\n";
+        esmith::cgi::genNavigationFooter ($q);
+    }
+}
diff --git a/root/etc/e-smith/web/functions/userpanel-noframes b/root/etc/e-smith/web/functions/userpanel-noframes
new file mode 100644
index 0000000..5702901
--- /dev/null
+++ b/root/etc/e-smith/web/functions/userpanel-noframes
@@ -0,0 +1,268 @@
+#!/usr/bin/perl -wT
+
+#----------------------------------------------------------------------
+# user manager functions: noframes
+#
+# Copyright (c) 2001 Daniel van Raay <danielvr@caa.org.au>
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307  USA
+#----------------------------------------------------------------------
+
+package esmith;
+
+use strict;
+use CGI ':all';
+use CGI::Carp qw(fatalsToBrowser);
+
+use esmith::cgi;
+use esmith::config;
+use esmith::util;
+use esmith::db;
+use esmith::AccountsDB;
+
+sub showNavigation ($);
+sub byweight;
+
+BEGIN
+{
+    # Clear PATH and related environment variables so that calls to
+    # external programs do not cause results to be tainted. See
+    # "perlsec" manual page for details.
+
+    $ENV {'PATH'} = '';
+    $ENV {'SHELL'} = '/bin/bash';
+    delete $ENV {'ENV'};
+}
+
+esmith::util::setRealToEffective ();
+
+$CGI::POST_MAX=1024 * 100;  # max 100K posts
+$CGI::DISABLE_UPLOADS = 1;  # no uploads
+
+my %conf;
+tie %conf, 'esmith::config';
+
+my %accounts;
+tie %accounts, 'esmith::config', '/home/e-smith/db/accounts';
+
+my $a = esmith::AccountsDB->open_ro || die "Error opening AccountsDB\n";
+
+my $q = new CGI;
+
+showNavigation ($q);
+exit (0);
+
+
+#------------------------------------------------------------
+# subroutine to display navigation bar
+#------------------------------------------------------------
+
+sub showNavigation ($)
+{
+    my $q = shift;
+
+    esmith::cgi::genNoframesHeader ($q);
+
+    my $acctName = $ENV{'REMOTE_USER'};
+    my $user = $a->get($acctName) || die "User $acctName not found in AccountsDB\n";
+    my $availablePanels = $user->prop('AdminPanels') || '';
+    foreach ($a->user_group_list($acctName)){
+        my $group = $a->get($_) || die "Group $_ not found in AccountsDB\n";
+        $availablePanels .= ','.$group->prop('AdminPanels') || '';
+    }
+    my $glob = $a->get('globalUP');
+    my $globalPanels = $glob->prop('AdminPanels') || '';
+
+    my @adminpanels;
+    if ( defined ($availablePanels) && defined ($globalPanels) )
+    {
+        @adminpanels = ((split (/,/, $availablePanels, -1)),(split (/,/, $globalPanels, -1)));
+    }
+    elsif ( defined ($globalPanels) )
+    {
+        @adminpanels = split (/,/, $globalPanels, -1);
+    }
+    elsif ( defined ($availablePanels) )
+    {
+        @adminpanels = split (/,/, $availablePanels, -1);
+    }
+
+    # Use this variable throughout to keep track of files
+    # list of just the files
+    my @files = ();
+    my %files_hash = ();
+
+    #-----------------------------------------------------
+    # Determine the directory where the functions are kept
+    # match available panels with delegated panels to this user
+    #-----------------------------------------------------
+
+    my $cgidir = '/etc/e-smith/web/panels/user/cgi-bin/';
+
+    if (opendir (DIR, $cgidir))
+    {
+        @files = grep (!/^(\..*|userpanel-navigation|userpanel-noframes|userpanel-initial|pleasewait)$/,
+        readdir (DIR));
+        closedir (DIR);
+    }
+    else
+    {
+        warn "Can't open directory $cgidir\n";
+    }
+
+    foreach my $file (@files)
+    {
+        foreach my $adminpanel (@adminpanels)
+        {
+            if ( $file eq $adminpanel )
+            {
+                $files_hash{$file} = $cgidir;
+            }
+        }
+    }
+
+    #--------------------------------------------------
+    # For each script, extract the description and category
+    # information. Build up an associative array mapping headings
+    # to heading structures. Each heading structure contains the
+    # total weight for the heading, the number of times the heading
+    # has been encountered, and another associative array mapping
+    # descriptions to description structures. Each description
+    # structure contains the filename of the particular cgi script
+    # and a weight.
+    #--------------------------------------------------
+
+    my %nav = ();
+
+    foreach my $file (keys %files_hash)
+    {
+        #--------------------------------------------------
+        # extract heading, description and weight information
+        # from CGI script
+        #--------------------------------------------------
+        my $heading = "Unknown";
+        my $headingWeight = 0;
+
+        my $description = "Unknown";
+        my $descriptionWeight = 0;
+
+          unless (open (RD, "$files_hash{$file}/$file"))
+          {
+              warn "Can't open file $files_hash{$file}/$file: $!\n";
+              next;
+          }
+
+        while (<RD>)
+        {
+        if (/^\s*#\s*heading\s*:\s*(.+?)\s*$/)
+        {
+                $heading = $1;
+        }
+
+        if (/^\s*#\s*description\s*:\s*(.+?)\s*$/)
+        {
+            $description = $1;
+        }
+
+        if (/^\s*#\s*navigation\s*:\s*(\d+?)\s+(\d+?)\s*$/)
+        {
+            $headingWeight = $1;
+            $descriptionWeight = $2;
+        }
+            last if ($heading ne "Unknown" && $headingWeight && $description ne "Unknown" && $descriptionWeight);
+        }
+        close RD;
+
+        #--------------------------------------------------
+        # add heading, description and weight information to data structure
+        #--------------------------------------------------
+
+        unless (exists $nav {$heading})
+        {
+            $nav {$heading} = { COUNT => 0, WEIGHT => 0, DESCRIPTIONS => [] };
+        }
+
+        $nav {$heading} {'COUNT'} ++;
+        $nav {$heading} {'WEIGHT'} += $headingWeight;
+
+        # Check for manager panel, and assign the appropriate
+        # cgi-bin prefix for the links.
+        # Grab the last 2 directories by splitting for '/'s and
+        # then concatenating the last 2
+        # probably a better way, but I don't know it.
+        my @filename = split /\//, $files_hash{$file};
+        my $path = "/user-manager/$filename[scalar @filename - 1]";
+
+        push @{ $nav {$heading} {'DESCRIPTIONS'} },
+                 { DESCRIPTION => $description,
+                   WEIGHT => $descriptionWeight,
+                   FILENAME => "$path/$file",
+                   CGIPATH => $path
+                 };
+    }
+
+    #--------------------------------------------------
+    # generate list of headings sorted by average weight
+    #--------------------------------------------------
+
+    my @unsortedheadings = keys %nav;
+
+    my $h;
+    local @esmith::weights = ();
+    foreach $h (@unsortedheadings)
+    {
+        push (@esmith::weights, ($nav {$h} {'WEIGHT'} / $nav {$h} {'COUNT'}));
+    }
+
+    my @sortedheadings = @unsortedheadings [sort byweight $[..$#unsortedheadings];
+
+    foreach $h (@sortedheadings)
+    {
+         print $q->h2 ($h);
+
+         #--------------------------------------------------
+         # generate list of descriptions sorted by weight
+         #--------------------------------------------------
+
+         my @unsorteddescriptions = @{ $nav {$h} {'DESCRIPTIONS'} };
+
+         my $d;
+         @esmith::weights = ();
+         foreach $d (@unsorteddescriptions)
+         {
+             push (@esmith::weights, $d->{'WEIGHT'});
+         }
+
+         my @indices = sort byweight $[..$#unsorteddescriptions;
+
+         print "<ul>\n";
+
+         my $i;
+         foreach $i (@indices)
+         {
+             my $href = $unsorteddescriptions [$i]->{'FILENAME'};
+             print $q->li ($q->a ({href => $href}, $unsorteddescriptions [$i]->{'DESCRIPTION'}));
+
+         }
+         print "</ul>\n";
+    }
+
+    esmith::cgi::genNavigationFooter ($q);
+}
+
+sub byweight
+{
+    $esmith::weights [$a] <=> $esmith::weights [$b];
+}
diff --git a/root/etc/e-smith/web/functions/userpanelaccess b/root/etc/e-smith/web/functions/userpanelaccess
new file mode 100644
index 0000000..98e1acf
--- /dev/null
+++ b/root/etc/e-smith/web/functions/userpanelaccess
@@ -0,0 +1,411 @@
+#!/usr/bin/perl -wT
+
+#----------------------------------------------------------------------
+# heading     : Security
+# description : User Panel Access
+# navigation  : 1000 1300
+#
+# Copyright (c) 2001 Daniel van Raay <danielvr@caa.org.au>
+# Modified (c) 2002 Stephen Noble <stephen@dungog.net>
+# Modified (c) 2002 Shad L. Lords <slords@mail.com>
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307  USA
+#----------------------------------------------------------------------
+
+package esmith;
+
+use strict;
+use CGI ':all';
+use CGI::Carp qw(fatalsToBrowser);
+
+use esmith::cgi;
+use esmith::config;
+use esmith::util;
+use esmith::db;
+use esmith::event;
+
+sub showInitial ($$);
+sub genPanels ($$);
+sub modifyAccess ($);
+sub performModifyAccess ($);
+
+BEGIN
+{
+    # Clear PATH and related environment variables so that calls to
+    # external programs do not cause results to be tainted. See
+    # "perlsec" manual page for details.
+
+    $ENV {'PATH'} = '';
+    $ENV {'SHELL'} = '/bin/bash';
+    delete $ENV {'ENV'};
+}
+
+esmith::util::setRealToEffective ();
+
+$CGI::POST_MAX=1024 * 100;  # max 100K posts
+$CGI::DISABLE_UPLOADS = 1;  # no uploads
+
+my %conf;
+tie %conf, 'esmith::config';
+
+my %accounts;
+tie %accounts, 'esmith::config', '/home/e-smith/db/accounts';
+
+#------------------------------------------------------------
+# examine state parameter and display the appropriate form
+#------------------------------------------------------------
+
+my $q = new CGI;
+
+if (! grep (/^state$/, $q->param))
+{
+    showInitial ($q, '');
+}
+
+elsif ($q->param ('state') eq "modifyAccess")
+{
+    modifyAccess ($q);
+}
+
+elsif ($q->param ('state') eq "performModifyAccess")
+{
+    performModifyAccess ($q);
+}
+
+else
+{
+    esmith::cgi::genStateError ($q, \%conf);
+}
+
+exit (0);
+
+#------------------------------------------------------------
+# subroutine to display initial form
+#------------------------------------------------------------
+
+sub showInitial ($$)
+{
+    my ($q, $msg) = @_;
+
+    if ($msg eq '')
+    {
+    esmith::cgi::genHeaderNonCacheable
+        ($q, \%conf, 'Change access to server-manager panels for user accounts');
+    }
+    else
+    {
+    esmith::cgi::genHeaderNonCacheable
+        ($q, \%conf, 'Operation status report');
+
+    print $q->p ($msg);
+    print $q->hr;
+    }
+
+    my @userAccounts = ('admin');
+
+    foreach (sort keys %accounts)
+    {
+      push (@userAccounts, $_) if (db_get_type(\%accounts, $_) eq "user");
+    }
+
+    foreach (sort keys %accounts)
+    {
+      push (@userAccounts, $_) if (db_get_type(\%accounts, $_) eq "group");
+    }
+
+    unless (scalar @userAccounts)
+    {
+      print $q->p ($q->b ('There are no user accounts in the system.'));
+    }
+    else
+    {
+      my $description = <<END_TEXT;
+You can modify individual users access to the server-manager
+panels below by clicking on the link next the account. You can assign
+panels to the members of a group with their link. Users or Groups
+in red have some form of extra access. You can globally assign
+a panel by editing the global account
+END_TEXT
+
+      print $q->p ($description);
+
+      print $q->p ($q->b ('Current List of User Accounts'));
+
+      print "<table border=1 cellspacing=1 cellpadding=4>";
+
+      print $q->Tr (esmith::cgi::genSmallCell ($q, $q->b ('Account')),
+                esmith::cgi::genSmallCell ($q, $q->b ('Name/Description')),
+                $q->td ('&nbsp;'));
+
+      my $user;
+
+      foreach $user (@userAccounts)
+      {
+          my $name = '';
+          if (db_get_type(\%accounts, $user) eq "group")
+          {
+              $name =db_get_prop(\%accounts, $user, "Description");
+          }
+          else
+          {
+              $name =db_get_prop(\%accounts, $user, "FirstName")." ". db_get_prop(\%accounts, $user, "LastName");
+          }
+
+          my $AdminPanels = db_get_prop(\%accounts, $user, "AdminPanels");
+          $AdminPanels = '' if ! defined ($AdminPanels);
+
+          if ( ! $AdminPanels )
+          {
+          print $q->Tr (esmith::cgi::genSmallCell ($q, $user),
+                    esmith::cgi::genSmallCell ($q, $name),
+                    esmith::cgi::genSmallCell ($q,
+                  $q->a ({href => $q->url (-absolute => 1)
+                           . "?state=modifyAccess&acct="
+                           . $user}, 'Change Access...')));
+
+          }
+          else
+          {
+          print $q->Tr (esmith::cgi::genSmallRedCell ($q, $user),
+                    esmith::cgi::genSmallRedCell ($q, $name),
+                    esmith::cgi::genSmallCell ($q,
+                  $q->a ({href => $q->url (-absolute => 1)
+                           . "?state=modifyAccess&acct="
+                           . $user}, 'Change Access...')));
+
+          }
+
+      }
+
+      #global setting
+      if ( ! db_get( \%accounts, 'globalUP') )
+      {
+          db_set(\%accounts, 'globalUP', 'userpanelglobal', { FirstName => 'global user', LastName => 'panel access' });
+      }
+
+      my $AdminPanels = db_get_prop(\%accounts, 'globalUP', "AdminPanels");
+      $AdminPanels = '' if ! defined ($AdminPanels);
+
+      if ( ! $AdminPanels )
+      {
+        print $q->Tr (esmith::cgi::genSmallCell ($q, 'Global'),
+                esmith::cgi::genSmallCell ($q, 'every user'),
+                esmith::cgi::genSmallCell ($q,
+              $q->a ({href => $q->url (-absolute => 1)
+                       . "?state=modifyAccess&acct="
+                       . 'globalUP'}, 'Change Access...')));
+
+      }
+      else
+      {
+        print $q->Tr (esmith::cgi::genSmallRedCell ($q, 'Global'),
+                esmith::cgi::genSmallRedCell ($q, 'every user'),
+                esmith::cgi::genSmallCell ($q,
+              $q->a ({href => $q->url (-absolute => 1)
+                       . "?state=modifyAccess&acct="
+                       . 'globalUP'}, 'Change Access...')));
+
+      }
+
+      print '</table>';
+    }
+
+    esmith::cgi::genFooter ($q);
+}
+
+sub genPanels ($$)
+{
+    my ($q, $user) = @_;
+
+    my %panelshash =  ();
+    my @selected =    ();
+    my @globalselected =    ();
+
+    my @panels;
+    opendir (DIR, "/etc/e-smith/web/functions")
+        || die "Can't open /etc/e-smith/web/functions directory.\n";
+    push (@panels, sort (grep (!/^(\.|userpanel-initial|userpanel-navigation|userpanel-noframes|pleasewait|index\.cgi|initial\.cgi|navigation|noframes)/, readdir(DIR))));
+    closedir (DIR);
+
+    my $panel;
+    foreach $panel (@panels)
+    {
+        $panelshash{$panel} = "Unknown";
+
+        unless (open (RD, "/etc/e-smith/web/functions/$panel"))
+        {
+            warn "Can't open file /etc/e-smith/web/functions/$panel: $!\n";
+            next;
+        }
+
+        while (<RD>)
+        {
+            if (/^\s*#\s*description\s*:\s*(.+?)\s*$/)
+            {
+                $panelshash{$panel} = $1;
+            }
+
+            last if ( $panelshash{$panel} ne "Unknown" );
+        }
+        close RD;
+    }
+
+    my $userAdminPanels = db_get_prop(\%accounts, $user, 'AdminPanels');
+    $userAdminPanels = '' if ! defined ($userAdminPanels);
+    @selected = split (/,/, $userAdminPanels);
+
+    my $globalAdminPanels = db_get_prop(\%accounts, 'globalUP', 'AdminPanels');
+    $globalAdminPanels = '' if ! defined ($globalAdminPanels);
+    @globalselected = split (/,/, $globalAdminPanels);
+
+    @panels = sort @panels;
+    my $count = scalar @panels;
+
+    my $out = '';
+
+    if ($count > 0)
+    {
+    $out .= '<table border=1 cellspacing=1 cellpadding=4>';
+
+    $out .= $q->Tr ($q->td ('&nbsp;'),
+                esmith::cgi::genSmallCell ($q, $q->b ('Panel')),
+                esmith::cgi::genSmallCell ($q, $q->b ('Description')));
+
+    my $panel;
+    foreach $panel (@panels)
+    {
+        my $checked = "";
+        if (grep (/^$panel$/, @selected) || grep (/^$panel$/, @globalselected))
+        {
+          $checked = "checked";
+        }
+
+        if (grep (/^$panel$/, @globalselected) && ($user ne 'globalUP'))
+        {
+            $out .=
+            $q->Tr (
+                $q->td (
+                    "<input type=\"checkbox\""
+                    . " name=\"panelAccess\""
+                    . " $checked value=\"$panel\">"
+                    ),
+                    esmith::cgi::genSmallRedCell ($q, $panel),
+                    esmith::cgi::genSmallRedCell (
+                    $q, $panelshash{$panel} . ' (Global)'));
+        } else {
+            $out .=
+            $q->Tr (
+                $q->td (
+                    "<input type=\"checkbox\""
+                    . " name=\"panelAccess\""
+                    . " $checked value=\"$panel\">"
+                    ),
+                    esmith::cgi::genSmallCell ($q, $panel),
+                    esmith::cgi::genSmallCell (
+                    $q, $panelshash{$panel}));
+        }
+    }
+
+    $out .= '</table>';
+    }
+
+    return $out;
+}
+
+
+sub modifyAccess ($)
+{
+    my ($q) = @_;
+
+    esmith::cgi::genHeaderNonCacheable ($q, \%conf, 'Modify user-manager access');
+
+    print
+    $q->startform (-method => 'POST', -action => $q->url (-absolute => 1));
+
+    my $acct = $q->param ('acct');
+
+    my $username = '';
+    if (db_get_type(\%accounts, $acct) eq "group")
+    {
+        $username =db_get_prop(\%accounts, $acct, "Description");
+    }
+    else
+    {
+        $username =db_get_prop(\%accounts, $acct, "FirstName")." ". db_get_prop(\%accounts, $acct, "LastName");
+    }
+
+    if (db_get(\%accounts, $acct))
+    {
+
+       print $q->table ({border => 0, cellspacing => 0, cellpadding => 4},
+
+            $q->Tr (esmith::cgi::genCell ($q, "Account name:"),
+                esmith::cgi::genCell ($q, $acct)),
+
+            $q->Tr (esmith::cgi::genCell ($q, "Name/Description:"),
+                esmith::cgi::genCell ($q, "$username")),
+
+            $q->Tr (esmith::cgi::genCell ($q, "Accessible Panels:"),
+                esmith::cgi::genCell ($q, genPanels ($q, $acct))),
+
+            esmith::cgi::genButtonRow ($q,
+                                   $q->submit (-name => 'action',
+                                               -value => 'Modify')));
+
+       print $q->hidden (-name => 'acct',
+              -override => 1,
+              -default => $acct);
+
+       print $q->hidden (-name => 'state',
+              -override => 1,
+              -default => 'performModifyAccess');
+
+    }
+
+    print $q->endform;
+    esmith::cgi::genFooter ($q);
+    return;
+}
+
+
+sub performModifyAccess ($)
+{
+    my ($q) = @_;
+    my $acct = $q->param ('acct');
+
+    my @adminPanels = $q->param ('panelAccess');
+    my @userPanels = ();
+
+    my $globalAdminPanels = db_get_prop(\%accounts, 'globalUP', 'AdminPanels');
+    $globalAdminPanels = '' if ! defined ($globalAdminPanels);
+    my @globalselected = split (/,/, $globalAdminPanels);
+
+    foreach my $panel (@adminPanels)
+    {
+        if ( ! grep (/^$panel$/, @globalselected) || ($acct eq 'globalUP'))
+        {
+            push(@userPanels, $panel);
+        }
+    }
+
+    my $adminPanels = join (',', @userPanels);
+
+    db_set_prop(\%accounts, $acct, 'AdminPanels', $adminPanels);
+
+    system ("/sbin/e-smith/signal-event", "conf-userpanel") == 0
+       or die ("Error occurred while updating userpanel configuration.\n");
+
+    showInitial ($q, "Successfully modified user account $acct.");
+}
diff --git a/root/etc/e-smith/web/panels/user/access.incl b/root/etc/e-smith/web/panels/user/access.incl
new file mode 100644
index 0000000..82213a6
--- /dev/null
+++ b/root/etc/e-smith/web/panels/user/access.incl
@@ -0,0 +1,3 @@
+{
+}
+
diff --git a/root/etc/e-smith/web/panels/user/html/index.html b/root/etc/e-smith/web/panels/user/html/index.html
new file mode 100644
index 0000000..389abf1
--- /dev/null
+++ b/root/etc/e-smith/web/panels/user/html/index.html
@@ -0,0 +1,36 @@
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
+
+<HTML>
+
+<HEAD>
+<TITLE>SME Server / user </TITLE>
+</HEAD>
+
+<FRAMESET FRAMESPACING="0" COLS="170,*" FRAMEBORDER="0" BORDER="0">
+
+<FRAME NAME="navigation" RESIZE="auto" MARGINHEIGHT="0" SRC="/user-manager/cgi-bin/userpanel-navigation"
+    FRAMEBORDER="no" SCROLLING="auto" MARGINWIDTH="0" BORDER="0">
+
+<FRAME NAME="main" RESIZE="auto" MARGINHEIGHT="0" SRC="/user-manager/cgi-bin/userpanel-initial"
+    FRAMEBORDER="no" SCROLLING="auto" MARGINWIDTH="0" BORDER="0">
+
+</FRAMESET>
+
+<NOFRAMES>
+<BODY>
+
+<H1>Welcome to the user manager panel</H1>
+
+<P><A HREF="/user-manager/cgi-bin/userpanel-noframes">Click here</A> for a
+list of available functions.
+
+<P>As part of our commitment to open-source software, you are welcome
+to copy and redistribute this software.
+
+<P>
+<HR>
+
+</BODY>
+</NOFRAMES>
+
+</HTML>
diff --git a/root/var/lib/lemonldap-ng/handler/MyAdminHandler.pm b/root/var/lib/lemonldap-ng/handler/MyAdminHandler.pm
new file mode 100644
index 0000000..dba9dc0
--- /dev/null
+++ b/root/var/lib/lemonldap-ng/handler/MyAdminHandler.pm
@@ -0,0 +1,10 @@
+package My::Package;
+use Lemonldap::NG::Handler::SharedConf;
+@ISA = qw(Lemonldap::NG::Handler::SharedConf);
+
+__PACKAGE__->init(
+    {   
+        configStorage => { confFile => '/etc/lemonldap-ng/lemonldap-ng-admin.ini' },
+    }
+);
+1;
diff --git a/root/var/lib/lemonldap-ng/handler/MyPkiHandler.pm b/root/var/lib/lemonldap-ng/handler/MyPkiHandler.pm
new file mode 100644
index 0000000..33a0dea
--- /dev/null
+++ b/root/var/lib/lemonldap-ng/handler/MyPkiHandler.pm
@@ -0,0 +1,10 @@
+package My::Package;
+use Lemonldap::NG::Handler::SharedConf;
+@ISA = qw(Lemonldap::NG::Handler::SharedConf);
+
+__PACKAGE__->init(
+    {   
+        configStorage => { confFile => '/etc/lemonldap-ng/lemonldap-ng-pki.ini' },
+    }
+);
+1;