From d0eab47413629412b0007bcb1b5f59aeff730d84 Mon Sep 17 00:00:00 2001
From: Jon Langseth <jon.langseth@hig.no>
Date: Fri, 16 Aug 2013 14:48:16 +0200
Subject: [PATCH] First stab at a naive permissions-tool

---
 guc-clients/sippermissions | 238 +++++++++++++++++++++++++++++++++++++
 1 file changed, 238 insertions(+)
 create mode 100755 guc-clients/sippermissions

diff --git a/guc-clients/sippermissions b/guc-clients/sippermissions
new file mode 100755
index 0000000..05b1029
--- /dev/null
+++ b/guc-clients/sippermissions
@@ -0,0 +1,238 @@
+#!/usr/bin/perl
+use strict;
+
+use Data::Dumper;
+
+#TODO: Add support for assigning phone number
+#TODO: Add support for overriding default domain ...
+
+use Getopt::Long;
+use Net::LDAP;
+use Net::LDAP::Control::Paged;
+use Net::LDAP::Constant qw( LDAP_CONTROL_PAGED );
+use LWP;
+use JSON;
+use AppConfig;
+use Text::Iconv;
+
+my $api_key;
+
+my $help;
+my $username;
+my $permission = undef;
+my $configfile = undef;
+my ($g_ua, $session, $api_key, $auth_key, $data, $domain);
+
+my $config = AppConfig->new({ CREATE => 1 });
+
+$config->define("api_url=s");
+$config->define("api_keyfile=s");
+
+$config->define("default_domain=s");
+$config->default_domain("hig.no");
+
+$config->define("numbers_local_prefix=s");
+$config->define("numbers_local_series=s");
+$config->define("numbers_countrycode=s");
+
+foreach ( 
+	"/usr/local/etc/hermes/hermes_config",
+	"/usr/local/etc/hermes/config",
+	"/etc/hermes/config",
+	$ENV{"HOME"} . "/.hermes/config",
+	$ENV{"HOME"} . "/.hermes_config",
+) { $configfile = $_ if ( -f $_ ); }
+
+GetOptions(
+	"help"		=> \$help,
+	"configfile=s" 	=> \$configfile,
+	"username=s"  	=> \$username,
+	"permission=s" 	=> \$permission,
+);
+
+if (
+	(not $username) ||
+	(not $configfile) ||
+	(( $configfile ) && ( not -f $configfile )) 
+)
+{
+	$help = 1;
+}
+
+$config->file( $configfile );
+
+if (    ( not  $config->api_url ) ||
+	( not  $config->api_keyfile ) ||
+	( $config->api_keyfile && not -f $config->api_keyfile ) 
+)
+{
+	$help = 1;
+}
+
+if ( $help ) {
+print <<END_HELP;
+Verify that the following options are set:
+	--username=s|--user|-u
+ 	--permission=s|-p (use to set, leave to show)
+
+Verify the contents of the configuration file.
+Verify that the key-file exists.
+END_HELP
+exit; }
+
+open KEY, "<" . $config->api_keyfile;
+chomp( $api_key = <KEY> );
+close KEY;
+
+if ( not $username =~ m/\w+/ )
+{ print "Illegal username\n"; exit; }
+
+$g_ua = LWP::UserAgent->new;
+$g_ua->cookie_jar({}); # In-memory jar, look at HTTP::Cookies for persistant
+
+login_apikey();
+
+# First: fetch a supported domain from the API...
+$data = exec_apinode("domain/list", undef);
+if ( $data->{'response'} eq 'ok' )
+{
+	$domain = $data->{'list'}[0];
+}
+else
+{
+	printf("Unable to get domain name. Aborting\n");
+	logout();
+	exit;
+}
+
+if ( $username =~ /@/ ) 
+{
+	( $username, $domain ) = split /@/, $username;
+}
+
+$data = exec_apinode("user/available", { 'username' => $username, 'domain' => $domain });
+if ( $data->{'response'} eq 'ok' )
+{
+	printf("Username is not registered.\n");
+	logout();
+	exit;
+}
+
+if ( not $data->{'cause'} eq 'exists' )
+{
+	printf("Username lookup failed, cause: %s.\n", $data->{'cause'});
+	logout();
+	exit;
+}
+undef $data;
+
+if ( not $permission )
+{
+
+	undef $data;
+	$data = exec_apinode("permissions/get", { 'username' => $username, 'domain' => $domain });
+	if ( $data->{'response'} eq 'ok' )
+	{
+		printf("Current permission number is %d\n", $data->{'permission'});
+		logout();
+		exit;
+	}
+	else
+	{
+		printf("Failed lookup. cause: %s\n", $data->{'cause'});
+		logout();
+		exit;
+	}
+}
+else
+{
+	if ( not $permission =~ m/^\d+$/ )
+	{
+		printf("Provided permission not a number.\n");
+		logout();
+		exit;
+	}
+	if ( ($permission < 1) || ( $permission > 256 ) )
+	{
+		printf("Provided permission is outside valid range.\n");
+		logout();
+		exit;
+	}
+
+	undef $data;
+	$data = exec_apinode("permissions/set", { 'username' => $username, 'domain' => $domain, 'permission' => $permission });
+	if ( $data->{'response'} eq 'ok' )
+	{
+		printf("Set permission to: %d\n", $data->{'permission'});
+		logout();
+		exit;
+	}
+	else
+	{
+		printf("Failed setting permission cause: %s\n", $data->{'cause'});
+		logout();
+		exit;
+	}
+}
+
+logout();
+################################################################################################
+sub exec_apinode($$)
+{
+	my $node = shift;
+	my $param = shift;
+
+	my ( $response, $data );
+
+	$session = "" if not defined $session;
+	$auth_key = "" if not defined $auth_key;
+	my $url = $config->api_url . "/" . $node;
+
+	$param->{'session'} = $session;
+	$param->{'auth_key'} = $auth_key;
+
+	$response = $g_ua->post( $url, $param );
+	if ( $response->is_success )
+	{
+		if ( $response->content =~ m/\s*{/ )
+		{
+			$data = decode_json( $response->content);
+		}
+		else
+		{
+			$data = $response->content;
+		}
+
+	}
+	return $data;
+}
+
+sub login_apikey
+{
+	my $response = $g_ua->post( $config->api_url . "/auth/login",
+		[ "api_key" => $api_key ] );
+
+	my $data = decode_json( $response->content) if $response->is_success;
+	die("HTTP error") unless $response->is_success;
+
+	if ( $data->{'response'} eq "ok" )
+	{
+		$session = $data->{'session'};
+		$auth_key = $data->{'auth_key'};
+	}
+	else
+	{
+		print "Unable to log in to Hermes API\n";
+		exit;
+	}
+	undef $data; undef $response;
+}
+
+sub logout
+{
+	my $response = $g_ua->post( $config->api_url . "/auth/logout",
+		[ "session" => $session ] );
+	die("HTTP error") unless $response->is_success;
+	undef $session; undef $auth_key;
+}
+
-- 
2.39.2