Skip to content
Browse files

Phase 1 of adding security

  • Loading branch information...
1 parent 504a119 commit 232531b82069b4fb503c6253f5f51955ec483d42 @lattera committed Feb 7, 2012
Showing with 76 additions and 11 deletions.
  1. +31 −3 jailadmin.module
  2. +40 −7 jailconfig.inc
  3. +5 −1 jailstatus.inc
View
34 jailadmin.module
@@ -1,18 +1,39 @@
<?php
+require_once('classes/Jail.php');
+require_once('classes/Network.php');
+require_once('classes/NetworkDevice.php');
+require_once('classes/Service.php');
+require_once('classes/Mount.php');
+
/**
* Implements hook_permission().
*/
function jailadmin_permission() {
+ $jails = Jail::LoadAll();
+
$perms = array(
'administer jails' => array(
'title' => t('Administer Wayfair Jail Admin'),
),
'start jails' => array(
'title' => t('Start/Stop jails'),
),
+ 'view jails' => array(
+ 'title' => t('View jails'),
+ ),
);
+ foreach ($jails as $jail) {
+ $perms['config ' . $jail->name] = array(
+ 'title' => t('Configure jail @jail', array('@jail' => $jail->name))
+ );
+
+ $perms['view ' . $jail->name . ' config'] = array(
+ 'title' => t('View @jail\'s config', array('@jail' => $jail->name))
+ );
+ }
+
return $perms;
}
@@ -56,7 +77,7 @@ function jailadmin_menu() {
'page arguments' => array('jailadmin_status'),
'file' => 'jailstatus.inc',
'access callback' => 'user_access',
- 'access arguments' => array('adminster jails'),
+ 'access arguments' => array('view jails'),
'type' => MENU_NORMAL_ITEM,
);
@@ -65,10 +86,17 @@ function jailadmin_menu() {
'page callback' => 'drupal_get_form',
'page arguments' => array('jailadmin_config', 1),
'file' => 'jailconfig.inc',
- 'access callback' => 'user_access',
- 'access arguments' => array('administer jails'),
+ 'access callback' => 'jail_config_access',
+ 'access arguments' => array(1),
'type' => MENU_NORMAL_ITEM,
);
return $items;
}
+
+function jail_config_access($jail) {
+ if (user_access('view ' . $jail . ' config') || user_access('config ' . $jail))
+ return TRUE;
+
+ return FALSE;
+}
View
47 jailconfig.inc
@@ -12,6 +12,20 @@ function jailadmin_config($form, &$form_state) {
$network_devices = get_all_network_devices_for_select($jail);
$services = get_all_services_for_select($jail);
$mounts = get_all_mounts_for_select($jail);
+ $readonly = FALSE;
+
+ if (user_access('config ' . $jail->name) == FALSE)
+ $readonly = TRUE;
+
+ if ($readonly) {
+ if (user_access('view ' . $jail->name . ' config') == FALSE) {
+ drupal_set_message(t('Access denied'), 'error');
+ return;
+ }
+ }
+
+ if ($jail->IsOnline())
+ drupal_set_message(t('NOTE: Jail is online. All settings are read-only.'), 'status');
$form['base'] = array(
'#type' => 'fieldset',
@@ -24,23 +38,23 @@ function jailadmin_config($form, &$form_state) {
'#type' => 'textfield',
'#title' => t('ZFS Dataset'),
'#size' => 60,
- '#disabled' => $jail->IsOnline(),
+ '#disabled' => $jail->IsOnline() || $readonly,
'#default_value' => $jail->dataset,
);
$form['base']['path'] = array(
'#type' => 'textfield',
'#title' => t('Path'),
'#size' => 60,
- '#disabled' => $jail->IsOnline(),
+ '#disabled' => $jail->IsOnline() || $readonly,
'#default_value' => $jail->path,
);
$form['base']['route'] = array(
'#type' => 'textfield',
'#title' => t('Default Route'),
'#size' => 60,
- '#disabled' => $jail->IsOnline(),
+ '#disabled' => $jail->IsOnline() || $readonly,
'#default_value' => $jail->route,
);
@@ -58,6 +72,7 @@ function jailadmin_config($form, &$form_state) {
'#multiple' => TRUE,
'#options' => get_all_network_devices_for_select($jail),
'#description' => t('Select one or more to delete'),
+ '#disabled' => $jail->IsOnline() || $readonly,
);
}
@@ -66,19 +81,22 @@ function jailadmin_config($form, &$form_state) {
'#title' => t('New Device Name'),
'#size' => 60,
'#description' => t('e.g. epair0'),
+ '#disabled' => $jail->IsOnline() || $readonly,
);
$form['network_devices']['new_network_ip'] = array(
'#type' => 'textfield',
'#title' => t('New IP'),
'#size' => 60,
'#description' => t('IPv4 or IPv6 IP'),
+ '#disabled' => $jail->IsOnline() || $readonly,
);
$form['network_devices']['new_network_network'] = array(
'#type' => 'select',
'#title' => 'Network',
'#options' => get_all_networks_for_select(),
+ '#disabled' => $jail->IsOnline() || $readonly,
);
$form['services'] = array(
@@ -94,13 +112,15 @@ function jailadmin_config($form, &$form_state) {
'#multiple' => TRUE,
'#description' => t('Select one or more to delete'),
'#options' => $services,
+ '#disabled' => $jail->IsOnline() || $readonly,
);
}
$form['services']['new_service'] = array(
'#type' => 'textfield',
'#title' => t('New Service'),
'#size' => 60,
+ '#disabled' => $jail->IsOnline() || $readonly,
);
$form['mounts'] = array(
@@ -117,33 +137,38 @@ function jailadmin_config($form, &$form_state) {
'#description' => t('Select one or more to delete'),
'#multiple' => TRUE,
'#options' => $mounts,
+ '#disabled' => $jail->IsOnline() || $readonly,
);
}
$form['mounts']['new_mount_source'] = array(
'#type' => 'textfield',
'#title' => t('New mount source'),
'#size' => 60,
+ '#disabled' => $jail->IsOnline() || $readonly,
);
$form['mounts']['new_mount_target'] = array(
'#type' => 'textfield',
'#title' => t('New mount target'),
'#description' => t('Without jail path prefix. (e.g. /mnt)'),
'#size' => 60,
+ '#disabled' => $jail->IsOnline() || $readonly,
);
$form['mounts']['new_mount_driver'] = array(
'#type' => 'textfield',
'#title' => t('New mount driver'),
'#description' => t('Driver for -t argument. (e.g. nullfs)'),
'#size' => 60,
+ '#disabled' => $jail->IsOnline() || $readonly,
);
$form['mounts']['new_mount_options'] = array(
'#type' => 'textfield',
'#title' => t('Extra options'),
'#size' => 60,
+ '#disabled' => $jail->IsOnline() || $readonly,
);
$form['jail_actions'] = array(
@@ -155,39 +180,41 @@ function jailadmin_config($form, &$form_state) {
'#type' => 'submit',
'#value' => t('Start Jail'),
'#submit' => array('jail_actions_start'),
- '#disabled' => $jail->IsOnline(),
+ '#disabled' => $jail->IsOnline() || $readonly,
);
$form['jail_actions']['stop'] = array(
'#type' => 'submit',
'#value' => t('Stop Jail'),
'#submit' => array('jail_actions_stop'),
- '#disabled' => !$jail->IsOnline(),
+ '#disabled' => !$jail->IsOnline() || $readonly,
);
$form['jail_actions']['snapshot'] = array(
'#type' => 'submit',
'#value' => t('Snapshot'),
'#submit' => array('jail_actions_snapshot'),
+ '#disabled' => $readonly,
);
$form['jail_actions']['upgrade'] = array(
'#type' => 'submit',
'#value' => t('Upgrade World'),
'#submit' => array('jail_actions_upgrade'),
- '#disabled' => $jail->IsOnline(),
+ '#disabled' => $jail->IsOnline() || $readonly,
);
$form['jail_actions']['setup_services'] = array(
'#type' => 'submit',
'#value' => t('Setup Services'),
'#submit' => array('jail_actions_setup_services'),
- '#disabled' => $jail->IsOnline(),
+ '#disabled' => $jail->IsOnline() || $readonly,
);
$form['submit'] = array(
'#type' => 'submit',
'#value' => t('Save Configuration'),
+ '#disabled' => $jail->IsOnline() || $readonly,
);
return $form;
@@ -197,6 +224,12 @@ function jailadmin_config_submit($form, &$form_state) {
$jail = Jail::Load($form_state['build_info']['args'][0]);
$dirty = FALSE;
+ if (user_access('config ' . $jail->name) == FALSE) {
+ drupal_set_message(t('Access denied'), 'error');
+ $form_state['rebuild'] = TRUE;
+ return;
+ }
+
if (isset($form_state['values']['route']) && strcmp($jail->route, $form_state['values']['route'])) {
$jail->route = $form_state['values']['route'];
$dirty = TRUE;
View
6 jailstatus.inc
@@ -13,7 +13,11 @@ function jailadmin_status($form, &$form_state) {
$header = array('Jail Name', 'Status', 'Network Status');
$rows = array();
foreach ($jails as $jail) {
- $name = l(t($jail->name), 'jailadmin/' . $jail->name . '/config');
+ if (user_access('config ' . $jail->name) || user_access('view ' . $jail->name . ' config'))
+ $name = l(t($jail->name), 'jailadmin/' . $jail->name . '/config');
+ else
+ $name = t('@name', array('@name' => $jail->name));
+
$rows[] = array($name, $jail->IsOnlineString(), $jail->NetworkStatus());
}

0 comments on commit 232531b

Please sign in to comment.
Something went wrong with that request. Please try again.