1#!/usr/bin/perl 2# Copyright (c) 2010 Sampo Kellomaki (sampo@iki.fi), All Rights Reserved. 3# This is confidential unpublished proprietary source code of the author. 4# NO WARRANTY, not even implied warranties. Contains trade secrets. 5# Distribution prohibited unless authorized in writing. 6# Licensed under Apache License 2.0, see file COPYING. 7# $Id$ 8# 9# 17.2.2010, created --Sampo 10# 11# Dash idea: show four field of icons 12# 1. Who (humans) have accessed, tried to access, could access 13# 2. What systems have accessed, tried to access, could access 14# 3. Why the access (which business processes), 15# which biz processes tried to access, which bp could access 16# 4. What data have been accessed, tried to access, could be accessed 17# 18# Web GUI CGI for exploring ZXID logs and audit trail 19# 20# CGI / QUERY_STRING variables 21# c $cmd Command 22# d $dir Path to ZXID config directory, e.g: /var/zxid/ or /var/zxid/idp 23# e $eid Filter logs by Entity ID 24# n $nid Filter logs by Name ID 25# s $sid Filter logs by session ID 26 27$usage = <<USAGE; 28Web GUI CGI for exploring ZXID logs and audit trail 29Usage: http://localhost:8081/zxidexplo.pl?QUERY_STRING 30 ./zxidexplo.pl -a QUERY_STRING 31 -a Ascii mode 32USAGE 33 ; 34 35die $USAGE if $ARGV[0] =~ /^-[Hh?]/; 36$ascii = shift if $ARGV[0] eq '-a'; 37syswrite STDOUT, "Content-Type: text/html\r\n\r\n" if !$ascii; 38 39$ENV{QUERY_STRING} ||= shift; 40$cgi = cgidec($ENV{QUERY_STRING}); 41$cmd = $$cgi{'c'}; 42$dir = $$cgi{'d'} || '/var/zxid/'; 43$eid = $$cgi{'e'}; 44$nid = $$cgi{'n'}; 45$sid = $$cgi{'s'}; 46 47sub cgidec { 48 my ($d) = @_; 49 my %qs; 50 for $nv (split '&', $d) { 51 ($n, $v) = split '=', $nv, 2; 52 $qs{$n} = $v; 53 } 54 return \%qs; 55} 56 57sub uridec { 58 my ($val) = @_; 59 $val =~ s/\+/ /g; 60 $val =~ s/%([0-9a-f]{2})/chr(hex($1))/gsex; # URI decode 61 return $val; 62} 63 64sub urienc { 65 my ($val) = @_; 66 $val =~ s/([^A-Za-z0-9.,_-])/sprintf("%%%02x",ord($1))/gsex; # URI enc 67 return $val; 68} 69 70sub read_log { 71 open LOG, "./zxlogview ${dir}pem/logsign-nopw-cert.pem ${dir}pem/logenc-nopw-cert.pem <${dir}log/act|" 72 or die "Cannot open log decoding pipe: $!"; 73 $/ = "\n"; 74 while ($line = <LOG>) { 75 # ----+ 104 PP - 20100217-151751.352 19700101-000000.501 -:- - - - - zxcall N W GOTMD http://idp.tas3.eu/zxididp?o=B - 76 ($pre, $len, $se, $sig, $ourts, $srcts, $ipport, $ent, $mid, $a7nid, $nid, $mm, $vvv, $res, $op, $para, @rest) = split /\s+/, $line; 77 78 syswrite STDOUT, "$ourts $op\n"; 79 } 80 close LOG; 81} 82 83sub show_log { 84 print "<title>ZXID SP Log Explorer Log listing</title><link type=\"text/css\" rel=stylesheet href=\"dash.css\">\n<pre>\n"; 85 read_log(); 86 syswrite STDOUT, "</pre>"; 87} 88 89sub readall { 90 my ($f) = @_; 91 my ($pkg, $srcfile, $line) = caller; 92 undef $/; # Read all in, without breaking on lines 93 open F, "<$f" or die "$srcfile:$line: Cant read($f): $!"; 94 binmode F; 95 my $x = <F>; 96 close F; 97 return $x; 98} 99 100sub show_templ { 101 my ($templ, $hr) = @_; 102 $templ = readall($templ); 103 $templ =~ s/!!(\w+)/$$hr{$1}/gs; 104 syswrite STDOUT, $templ; 105 exit; 106} 107 108show_templ("dash-main.html", $cgi); 109 110__END__ 111