Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse code

Phase 1 of adding security

  • Loading branch information...
commit 232531b82069b4fb503c6253f5f51955ec483d42 1 parent 504a119
Shawn Webb authored

Showing 3 changed files with 76 additions and 11 deletions. Show diff stats Hide diff stats

  1. +31 3 jailadmin.module
  2. +40 7 jailconfig.inc
  3. +5 1 jailstatus.inc
34 jailadmin.module
... ... @@ -1,9 +1,17 @@
1 1 <?php
2 2
  3 +require_once('classes/Jail.php');
  4 +require_once('classes/Network.php');
  5 +require_once('classes/NetworkDevice.php');
  6 +require_once('classes/Service.php');
  7 +require_once('classes/Mount.php');
  8 +
3 9 /**
4 10 * Implements hook_permission().
5 11 */
6 12 function jailadmin_permission() {
  13 + $jails = Jail::LoadAll();
  14 +
7 15 $perms = array(
8 16 'administer jails' => array(
9 17 'title' => t('Administer Wayfair Jail Admin'),
@@ -11,8 +19,21 @@ function jailadmin_permission() {
11 19 'start jails' => array(
12 20 'title' => t('Start/Stop jails'),
13 21 ),
  22 + 'view jails' => array(
  23 + 'title' => t('View jails'),
  24 + ),
14 25 );
15 26
  27 + foreach ($jails as $jail) {
  28 + $perms['config ' . $jail->name] = array(
  29 + 'title' => t('Configure jail @jail', array('@jail' => $jail->name))
  30 + );
  31 +
  32 + $perms['view ' . $jail->name . ' config'] = array(
  33 + 'title' => t('View @jail\'s config', array('@jail' => $jail->name))
  34 + );
  35 + }
  36 +
16 37 return $perms;
17 38 }
18 39
@@ -56,7 +77,7 @@ function jailadmin_menu() {
56 77 'page arguments' => array('jailadmin_status'),
57 78 'file' => 'jailstatus.inc',
58 79 'access callback' => 'user_access',
59   - 'access arguments' => array('adminster jails'),
  80 + 'access arguments' => array('view jails'),
60 81 'type' => MENU_NORMAL_ITEM,
61 82 );
62 83
@@ -65,10 +86,17 @@ function jailadmin_menu() {
65 86 'page callback' => 'drupal_get_form',
66 87 'page arguments' => array('jailadmin_config', 1),
67 88 'file' => 'jailconfig.inc',
68   - 'access callback' => 'user_access',
69   - 'access arguments' => array('administer jails'),
  89 + 'access callback' => 'jail_config_access',
  90 + 'access arguments' => array(1),
70 91 'type' => MENU_NORMAL_ITEM,
71 92 );
72 93
73 94 return $items;
74 95 }
  96 +
  97 +function jail_config_access($jail) {
  98 + if (user_access('view ' . $jail . ' config') || user_access('config ' . $jail))
  99 + return TRUE;
  100 +
  101 + return FALSE;
  102 +}
47 jailconfig.inc
@@ -12,6 +12,20 @@ function jailadmin_config($form, &$form_state) {
12 12 $network_devices = get_all_network_devices_for_select($jail);
13 13 $services = get_all_services_for_select($jail);
14 14 $mounts = get_all_mounts_for_select($jail);
  15 + $readonly = FALSE;
  16 +
  17 + if (user_access('config ' . $jail->name) == FALSE)
  18 + $readonly = TRUE;
  19 +
  20 + if ($readonly) {
  21 + if (user_access('view ' . $jail->name . ' config') == FALSE) {
  22 + drupal_set_message(t('Access denied'), 'error');
  23 + return;
  24 + }
  25 + }
  26 +
  27 + if ($jail->IsOnline())
  28 + drupal_set_message(t('NOTE: Jail is online. All settings are read-only.'), 'status');
15 29
16 30 $form['base'] = array(
17 31 '#type' => 'fieldset',
@@ -24,7 +38,7 @@ function jailadmin_config($form, &$form_state) {
24 38 '#type' => 'textfield',
25 39 '#title' => t('ZFS Dataset'),
26 40 '#size' => 60,
27   - '#disabled' => $jail->IsOnline(),
  41 + '#disabled' => $jail->IsOnline() || $readonly,
28 42 '#default_value' => $jail->dataset,
29 43 );
30 44
@@ -32,7 +46,7 @@ function jailadmin_config($form, &$form_state) {
32 46 '#type' => 'textfield',
33 47 '#title' => t('Path'),
34 48 '#size' => 60,
35   - '#disabled' => $jail->IsOnline(),
  49 + '#disabled' => $jail->IsOnline() || $readonly,
36 50 '#default_value' => $jail->path,
37 51 );
38 52
@@ -40,7 +54,7 @@ function jailadmin_config($form, &$form_state) {
40 54 '#type' => 'textfield',
41 55 '#title' => t('Default Route'),
42 56 '#size' => 60,
43   - '#disabled' => $jail->IsOnline(),
  57 + '#disabled' => $jail->IsOnline() || $readonly,
44 58 '#default_value' => $jail->route,
45 59 );
46 60
@@ -58,6 +72,7 @@ function jailadmin_config($form, &$form_state) {
58 72 '#multiple' => TRUE,
59 73 '#options' => get_all_network_devices_for_select($jail),
60 74 '#description' => t('Select one or more to delete'),
  75 + '#disabled' => $jail->IsOnline() || $readonly,
61 76 );
62 77 }
63 78
@@ -66,6 +81,7 @@ function jailadmin_config($form, &$form_state) {
66 81 '#title' => t('New Device Name'),
67 82 '#size' => 60,
68 83 '#description' => t('e.g. epair0'),
  84 + '#disabled' => $jail->IsOnline() || $readonly,
69 85 );
70 86
71 87 $form['network_devices']['new_network_ip'] = array(
@@ -73,12 +89,14 @@ function jailadmin_config($form, &$form_state) {
73 89 '#title' => t('New IP'),
74 90 '#size' => 60,
75 91 '#description' => t('IPv4 or IPv6 IP'),
  92 + '#disabled' => $jail->IsOnline() || $readonly,
76 93 );
77 94
78 95 $form['network_devices']['new_network_network'] = array(
79 96 '#type' => 'select',
80 97 '#title' => 'Network',
81 98 '#options' => get_all_networks_for_select(),
  99 + '#disabled' => $jail->IsOnline() || $readonly,
82 100 );
83 101
84 102 $form['services'] = array(
@@ -94,6 +112,7 @@ function jailadmin_config($form, &$form_state) {
94 112 '#multiple' => TRUE,
95 113 '#description' => t('Select one or more to delete'),
96 114 '#options' => $services,
  115 + '#disabled' => $jail->IsOnline() || $readonly,
97 116 );
98 117 }
99 118
@@ -101,6 +120,7 @@ function jailadmin_config($form, &$form_state) {
101 120 '#type' => 'textfield',
102 121 '#title' => t('New Service'),
103 122 '#size' => 60,
  123 + '#disabled' => $jail->IsOnline() || $readonly,
104 124 );
105 125
106 126 $form['mounts'] = array(
@@ -117,6 +137,7 @@ function jailadmin_config($form, &$form_state) {
117 137 '#description' => t('Select one or more to delete'),
118 138 '#multiple' => TRUE,
119 139 '#options' => $mounts,
  140 + '#disabled' => $jail->IsOnline() || $readonly,
120 141 );
121 142 }
122 143
@@ -124,6 +145,7 @@ function jailadmin_config($form, &$form_state) {
124 145 '#type' => 'textfield',
125 146 '#title' => t('New mount source'),
126 147 '#size' => 60,
  148 + '#disabled' => $jail->IsOnline() || $readonly,
127 149 );
128 150
129 151 $form['mounts']['new_mount_target'] = array(
@@ -131,6 +153,7 @@ function jailadmin_config($form, &$form_state) {
131 153 '#title' => t('New mount target'),
132 154 '#description' => t('Without jail path prefix. (e.g. /mnt)'),
133 155 '#size' => 60,
  156 + '#disabled' => $jail->IsOnline() || $readonly,
134 157 );
135 158
136 159 $form['mounts']['new_mount_driver'] = array(
@@ -138,12 +161,14 @@ function jailadmin_config($form, &$form_state) {
138 161 '#title' => t('New mount driver'),
139 162 '#description' => t('Driver for -t argument. (e.g. nullfs)'),
140 163 '#size' => 60,
  164 + '#disabled' => $jail->IsOnline() || $readonly,
141 165 );
142 166
143 167 $form['mounts']['new_mount_options'] = array(
144 168 '#type' => 'textfield',
145 169 '#title' => t('Extra options'),
146 170 '#size' => 60,
  171 + '#disabled' => $jail->IsOnline() || $readonly,
147 172 );
148 173
149 174 $form['jail_actions'] = array(
@@ -155,39 +180,41 @@ function jailadmin_config($form, &$form_state) {
155 180 '#type' => 'submit',
156 181 '#value' => t('Start Jail'),
157 182 '#submit' => array('jail_actions_start'),
158   - '#disabled' => $jail->IsOnline(),
  183 + '#disabled' => $jail->IsOnline() || $readonly,
159 184 );
160 185
161 186 $form['jail_actions']['stop'] = array(
162 187 '#type' => 'submit',
163 188 '#value' => t('Stop Jail'),
164 189 '#submit' => array('jail_actions_stop'),
165   - '#disabled' => !$jail->IsOnline(),
  190 + '#disabled' => !$jail->IsOnline() || $readonly,
166 191 );
167 192
168 193 $form['jail_actions']['snapshot'] = array(
169 194 '#type' => 'submit',
170 195 '#value' => t('Snapshot'),
171 196 '#submit' => array('jail_actions_snapshot'),
  197 + '#disabled' => $readonly,
172 198 );
173 199
174 200 $form['jail_actions']['upgrade'] = array(
175 201 '#type' => 'submit',
176 202 '#value' => t('Upgrade World'),
177 203 '#submit' => array('jail_actions_upgrade'),
178   - '#disabled' => $jail->IsOnline(),
  204 + '#disabled' => $jail->IsOnline() || $readonly,
179 205 );
180 206
181 207 $form['jail_actions']['setup_services'] = array(
182 208 '#type' => 'submit',
183 209 '#value' => t('Setup Services'),
184 210 '#submit' => array('jail_actions_setup_services'),
185   - '#disabled' => $jail->IsOnline(),
  211 + '#disabled' => $jail->IsOnline() || $readonly,
186 212 );
187 213
188 214 $form['submit'] = array(
189 215 '#type' => 'submit',
190 216 '#value' => t('Save Configuration'),
  217 + '#disabled' => $jail->IsOnline() || $readonly,
191 218 );
192 219
193 220 return $form;
@@ -197,6 +224,12 @@ function jailadmin_config_submit($form, &$form_state) {
197 224 $jail = Jail::Load($form_state['build_info']['args'][0]);
198 225 $dirty = FALSE;
199 226
  227 + if (user_access('config ' . $jail->name) == FALSE) {
  228 + drupal_set_message(t('Access denied'), 'error');
  229 + $form_state['rebuild'] = TRUE;
  230 + return;
  231 + }
  232 +
200 233 if (isset($form_state['values']['route']) && strcmp($jail->route, $form_state['values']['route'])) {
201 234 $jail->route = $form_state['values']['route'];
202 235 $dirty = TRUE;
6 jailstatus.inc
@@ -13,7 +13,11 @@ function jailadmin_status($form, &$form_state) {
13 13 $header = array('Jail Name', 'Status', 'Network Status');
14 14 $rows = array();
15 15 foreach ($jails as $jail) {
16   - $name = l(t($jail->name), 'jailadmin/' . $jail->name . '/config');
  16 + if (user_access('config ' . $jail->name) || user_access('view ' . $jail->name . ' config'))
  17 + $name = l(t($jail->name), 'jailadmin/' . $jail->name . '/config');
  18 + else
  19 + $name = t('@name', array('@name' => $jail->name));
  20 +
17 21 $rows[] = array($name, $jail->IsOnlineString(), $jail->NetworkStatus());
18 22 }
19 23

0 comments on commit 232531b

Please sign in to comment.
Something went wrong with that request. Please try again.