Skip to content

Commit

Permalink
Phase 1 of adding security
Browse files Browse the repository at this point in the history
  • Loading branch information
@lattera
lattera committed Feb 7, 2012
1 parent 504a119 commit 232531b
Show file tree
Hide file tree
Showing 3 changed files with 76 additions and 11 deletions.
34 changes: 31 additions & 3 deletions jailadmin.module
View file
@@ -1,18 +1,39 @@
<?php

require_once('classes/Jail.php');
require_once('classes/Network.php');
require_once('classes/NetworkDevice.php');
require_once('classes/Service.php');
require_once('classes/Mount.php');

/**
* Implements hook_permission().
*/
function jailadmin_permission() {
$jails = Jail::LoadAll();

$perms = array(
'administer jails' => array(
'title' => t('Administer Wayfair Jail Admin'),
),
'start jails' => array(
'title' => t('Start/Stop jails'),
),
'view jails' => array(
'title' => t('View jails'),
),
);

foreach ($jails as $jail) {
$perms['config ' . $jail->name] = array(
'title' => t('Configure jail @jail', array('@jail' => $jail->name))
);

$perms['view ' . $jail->name . ' config'] = array(
'title' => t('View @jail\'s config', array('@jail' => $jail->name))
);
}

return $perms;
}

Expand Down Expand Up @@ -56,7 +77,7 @@ function jailadmin_menu() {
'page arguments' => array('jailadmin_status'),
'file' => 'jailstatus.inc',
'access callback' => 'user_access',
'access arguments' => array('adminster jails'),
'access arguments' => array('view jails'),
'type' => MENU_NORMAL_ITEM,
);

Expand All @@ -65,10 +86,17 @@ function jailadmin_menu() {
'page callback' => 'drupal_get_form',
'page arguments' => array('jailadmin_config', 1),
'file' => 'jailconfig.inc',
'access callback' => 'user_access',
'access arguments' => array('administer jails'),
'access callback' => 'jail_config_access',
'access arguments' => array(1),
'type' => MENU_NORMAL_ITEM,
);

return $items;
}

function jail_config_access($jail) {
if (user_access('view ' . $jail . ' config') || user_access('config ' . $jail))
return TRUE;

return FALSE;
}
47 changes: 40 additions & 7 deletions jailconfig.inc
View file
Expand Up @@ -12,6 +12,20 @@ function jailadmin_config($form, &$form_state) {
$network_devices = get_all_network_devices_for_select($jail);
$services = get_all_services_for_select($jail);
$mounts = get_all_mounts_for_select($jail);
$readonly = FALSE;

if (user_access('config ' . $jail->name) == FALSE)
$readonly = TRUE;

if ($readonly) {
if (user_access('view ' . $jail->name . ' config') == FALSE) {
drupal_set_message(t('Access denied'), 'error');
return;
}
}

if ($jail->IsOnline())
drupal_set_message(t('NOTE: Jail is online. All settings are read-only.'), 'status');

$form['base'] = array(
'#type' => 'fieldset',
Expand All @@ -24,23 +38,23 @@ function jailadmin_config($form, &$form_state) {
'#type' => 'textfield',
'#title' => t('ZFS Dataset'),
'#size' => 60,
'#disabled' => $jail->IsOnline(),
'#disabled' => $jail->IsOnline() || $readonly,
'#default_value' => $jail->dataset,
);

$form['base']['path'] = array(
'#type' => 'textfield',
'#title' => t('Path'),
'#size' => 60,
'#disabled' => $jail->IsOnline(),
'#disabled' => $jail->IsOnline() || $readonly,
'#default_value' => $jail->path,
);

$form['base']['route'] = array(
'#type' => 'textfield',
'#title' => t('Default Route'),
'#size' => 60,
'#disabled' => $jail->IsOnline(),
'#disabled' => $jail->IsOnline() || $readonly,
'#default_value' => $jail->route,
);

Expand All @@ -58,6 +72,7 @@ function jailadmin_config($form, &$form_state) {
'#multiple' => TRUE,
'#options' => get_all_network_devices_for_select($jail),
'#description' => t('Select one or more to delete'),
'#disabled' => $jail->IsOnline() || $readonly,
);
}

Expand All @@ -66,19 +81,22 @@ function jailadmin_config($form, &$form_state) {
'#title' => t('New Device Name'),
'#size' => 60,
'#description' => t('e.g. epair0'),
'#disabled' => $jail->IsOnline() || $readonly,
);

$form['network_devices']['new_network_ip'] = array(
'#type' => 'textfield',
'#title' => t('New IP'),
'#size' => 60,
'#description' => t('IPv4 or IPv6 IP'),
'#disabled' => $jail->IsOnline() || $readonly,
);

$form['network_devices']['new_network_network'] = array(
'#type' => 'select',
'#title' => 'Network',
'#options' => get_all_networks_for_select(),
'#disabled' => $jail->IsOnline() || $readonly,
);

$form['services'] = array(
Expand All @@ -94,13 +112,15 @@ function jailadmin_config($form, &$form_state) {
'#multiple' => TRUE,
'#description' => t('Select one or more to delete'),
'#options' => $services,
'#disabled' => $jail->IsOnline() || $readonly,
);
}

$form['services']['new_service'] = array(
'#type' => 'textfield',
'#title' => t('New Service'),
'#size' => 60,
'#disabled' => $jail->IsOnline() || $readonly,
);

$form['mounts'] = array(
Expand All @@ -117,33 +137,38 @@ function jailadmin_config($form, &$form_state) {
'#description' => t('Select one or more to delete'),
'#multiple' => TRUE,
'#options' => $mounts,
'#disabled' => $jail->IsOnline() || $readonly,
);
}

$form['mounts']['new_mount_source'] = array(
'#type' => 'textfield',
'#title' => t('New mount source'),
'#size' => 60,
'#disabled' => $jail->IsOnline() || $readonly,
);

$form['mounts']['new_mount_target'] = array(
'#type' => 'textfield',
'#title' => t('New mount target'),
'#description' => t('Without jail path prefix. (e.g. /mnt)'),
'#size' => 60,
'#disabled' => $jail->IsOnline() || $readonly,
);

$form['mounts']['new_mount_driver'] = array(
'#type' => 'textfield',
'#title' => t('New mount driver'),
'#description' => t('Driver for -t argument. (e.g. nullfs)'),
'#size' => 60,
'#disabled' => $jail->IsOnline() || $readonly,
);

$form['mounts']['new_mount_options'] = array(
'#type' => 'textfield',
'#title' => t('Extra options'),
'#size' => 60,
'#disabled' => $jail->IsOnline() || $readonly,
);

$form['jail_actions'] = array(
Expand All @@ -155,39 +180,41 @@ function jailadmin_config($form, &$form_state) {
'#type' => 'submit',
'#value' => t('Start Jail'),
'#submit' => array('jail_actions_start'),
'#disabled' => $jail->IsOnline(),
'#disabled' => $jail->IsOnline() || $readonly,
);

$form['jail_actions']['stop'] = array(
'#type' => 'submit',
'#value' => t('Stop Jail'),
'#submit' => array('jail_actions_stop'),
'#disabled' => !$jail->IsOnline(),
'#disabled' => !$jail->IsOnline() || $readonly,
);

$form['jail_actions']['snapshot'] = array(
'#type' => 'submit',
'#value' => t('Snapshot'),
'#submit' => array('jail_actions_snapshot'),
'#disabled' => $readonly,
);

$form['jail_actions']['upgrade'] = array(
'#type' => 'submit',
'#value' => t('Upgrade World'),
'#submit' => array('jail_actions_upgrade'),
'#disabled' => $jail->IsOnline(),
'#disabled' => $jail->IsOnline() || $readonly,
);

$form['jail_actions']['setup_services'] = array(
'#type' => 'submit',
'#value' => t('Setup Services'),
'#submit' => array('jail_actions_setup_services'),
'#disabled' => $jail->IsOnline(),
'#disabled' => $jail->IsOnline() || $readonly,
);

$form['submit'] = array(
'#type' => 'submit',
'#value' => t('Save Configuration'),
'#disabled' => $jail->IsOnline() || $readonly,
);

return $form;
Expand All @@ -197,6 +224,12 @@ function jailadmin_config_submit($form, &$form_state) {
$jail = Jail::Load($form_state['build_info']['args'][0]);
$dirty = FALSE;

if (user_access('config ' . $jail->name) == FALSE) {
drupal_set_message(t('Access denied'), 'error');
$form_state['rebuild'] = TRUE;
return;
}

if (isset($form_state['values']['route']) && strcmp($jail->route, $form_state['values']['route'])) {
$jail->route = $form_state['values']['route'];
$dirty = TRUE;
Expand Down
6 changes: 5 additions & 1 deletion jailstatus.inc
View file
Expand Up @@ -13,7 +13,11 @@ function jailadmin_status($form, &$form_state) {
$header = array('Jail Name', 'Status', 'Network Status');
$rows = array();
foreach ($jails as $jail) {
$name = l(t($jail->name), 'jailadmin/' . $jail->name . '/config');
if (user_access('config ' . $jail->name) || user_access('view ' . $jail->name . ' config'))
$name = l(t($jail->name), 'jailadmin/' . $jail->name . '/config');
else
$name = t('@name', array('@name' => $jail->name));

$rows[] = array($name, $jail->IsOnlineString(), $jail->NetworkStatus());
}

Expand Down

0 comments on commit 232531b

Please sign in to comment.