From bac67141633eddcc8980467cd107f5e0a6b231f6 Mon Sep 17 00:00:00 2001 From: Christian Hofmaier Date: Fri, 26 Jan 2018 19:56:42 +0100 Subject: [systemstatus] implemented permission-system. alot of show-permissions to view things. and a server-reboot permission. --- modules-available/systemstatus/page.inc.php | 552 +++++++++++---------- .../systemstatus/permissions/permissions.json | 13 + .../systemstatus/templates/_page.html | 2 +- 3 files changed, 316 insertions(+), 251 deletions(-) create mode 100644 modules-available/systemstatus/permissions/permissions.json diff --git a/modules-available/systemstatus/page.inc.php b/modules-available/systemstatus/page.inc.php index 8a0e5f87..7c529b71 100644 --- a/modules-available/systemstatus/page.inc.php +++ b/modules-available/systemstatus/page.inc.php @@ -15,7 +15,13 @@ class Page_SystemStatus extends Page } if (Request::post('action') === 'reboot') { - $this->rebootTask = Taskmanager::submit('Reboot'); + if (User::hasPermission("serverreboot")) { + $this->rebootTask = Taskmanager::submit('Reboot'); + } else { + Message::addError('main.no-permission'); + Util::redirect('?do=Main'); + } + } } @@ -33,6 +39,7 @@ class Page_SystemStatus extends Page 'name' => Dictionary::translate('tab_' . $tab) ); } + $data['allowedToReboot'] = User::hasPermission("serverreboot"); Render::addTemplate('_page', $data); } @@ -54,109 +61,123 @@ class Page_SystemStatus extends Page protected function ajaxDmsdUsers() { - $ret = Download::asStringPost('http://127.0.0.1:9080/status/fileserver', false, 2, $code); - $args = array(); - if ($code != 200) { - $args['dmsd_error'] = true; - } else { - $data = @json_decode($ret, true); - if (is_array($data)) { - $args['uploads'] = $data['activeUploads']; - $args['downloads'] = $data['activeDownloads']; + if (User::hasPermission("show.overview.dmsdusers")) { + $ret = Download::asStringPost('http://127.0.0.1:9080/status/fileserver', false, 2, $code); + $args = array(); + if ($code != 200) { + $args['dmsd_error'] = true; + } else { + $data = @json_decode($ret, true); + if (is_array($data)) { + $args['uploads'] = $data['activeUploads']; + $args['downloads'] = $data['activeDownloads']; + } } + if (file_exists('/run/reboot-required.pkgs')) { + $lines = file('/run/reboot-required.pkgs', FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES); + $lines = array_unique($lines); + $args['packages'] = implode(', ', $lines); + } + echo Render::parse('ajax-reboot', $args); + } else { + echo "No permission to view this section."; } - if (file_exists('/run/reboot-required.pkgs')) { - $lines = file('/run/reboot-required.pkgs', FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES); - $lines = array_unique($lines); - $args['packages'] = implode(', ', $lines); - } - echo Render::parse('ajax-reboot', $args); } protected function ajaxDiskStat() { - $task = Taskmanager::submit('DiskStat'); - if ($task === false) - return; - $task = Taskmanager::waitComplete($task, 3000); + if (User::hasPermission("show.overview.diskstat")) { + $task = Taskmanager::submit('DiskStat'); + if ($task === false) + return; + $task = Taskmanager::waitComplete($task, 3000); - if (!isset($task['data']['list']) || empty($task['data']['list'])) { - Taskmanager::addErrorMessage($task); - return; - } - $store = Property::getVmStoreUrl(); - $storeUsage = false; - $systemUsage = false; - if ($store !== false) { - if ($store === '') - $storePoint = '/'; - else - $storePoint = CONFIG_VMSTORE_DIR; - // Determine free space - foreach ($task['data']['list'] as $entry) { - if ($entry['mountPoint'] === $storePoint) { - $storeUsage = array( - 'percent' => $entry['usedPercent'], - 'size' => Util::readableFileSize($entry['sizeKb'] * 1024), - 'free' => Util::readableFileSize($entry['freeKb'] * 1024), - 'color' => $this->usageColor($entry['usedPercent']) - ); + if (!isset($task['data']['list']) || empty($task['data']['list'])) { + Taskmanager::addErrorMessage($task); + return; + } + $store = Property::getVmStoreUrl(); + $storeUsage = false; + $systemUsage = false; + if ($store !== false) { + if ($store === '') + $storePoint = '/'; + else + $storePoint = CONFIG_VMSTORE_DIR; + // Determine free space + foreach ($task['data']['list'] as $entry) { + if ($entry['mountPoint'] === $storePoint) { + $storeUsage = array( + 'percent' => $entry['usedPercent'], + 'size' => Util::readableFileSize($entry['sizeKb'] * 1024), + 'free' => Util::readableFileSize($entry['freeKb'] * 1024), + 'color' => $this->usageColor($entry['usedPercent']) + ); + } + if ($entry['mountPoint'] === '/') { + $systemUsage = array( + 'percent' => $entry['usedPercent'], + 'size' => Util::readableFileSize($entry['sizeKb'] * 1024), + 'free' => Util::readableFileSize($entry['freeKb'] * 1024), + 'color' => $this->usageColor($entry['usedPercent']) + ); + } } - if ($entry['mountPoint'] === '/') { - $systemUsage = array( - 'percent' => $entry['usedPercent'], - 'size' => Util::readableFileSize($entry['sizeKb'] * 1024), - 'free' => Util::readableFileSize($entry['freeKb'] * 1024), - 'color' => $this->usageColor($entry['usedPercent']) - ); + $data = array( + 'store' => $storeUsage, + 'system' => $systemUsage + ); + // Determine if proper vm store is being used + if ($store !== '') { + $data['storeMissing'] = $store; } - } - $data = array( - 'store' => $storeUsage, - 'system' => $systemUsage - ); - // Determine if proper vm store is being used - if ($store !== '') { - $data['storeMissing'] = $store; - } - foreach ($task['data']['list'] as $entry) { - if ($entry['mountPoint'] !== CONFIG_VMSTORE_DIR) - continue; - if ($store !== $entry['fileSystem']) { - $data['wrongStore'] = $entry['fileSystem']; - break; + foreach ($task['data']['list'] as $entry) { + if ($entry['mountPoint'] !== CONFIG_VMSTORE_DIR) + continue; + if ($store !== $entry['fileSystem']) { + $data['wrongStore'] = $entry['fileSystem']; + break; + } + $data['storeMissing'] = false; } - $data['storeMissing'] = false; + } else { + $data['notConfigured'] = true; } + echo Render::parse('diskstat', $data); } else { - $data['notConfigured'] = true; + echo "No permission to view this section."; } - echo Render::parse('diskstat', $data); + } protected function ajaxAddressList() { - $task = Taskmanager::submit('LocalAddressesList'); - if ($task === false) - return; - $task = Taskmanager::waitComplete($task, 3000); + if (User::hasPermission("show.overview.adresses")) { + $task = Taskmanager::submit('LocalAddressesList'); + if ($task === false) + return; + $task = Taskmanager::waitComplete($task, 3000); - if (!isset($task['data']['addresses']) || empty($task['data']['addresses'])) { - Taskmanager::addErrorMessage($task); - return; - } + if (!isset($task['data']['addresses']) || empty($task['data']['addresses'])) { + Taskmanager::addErrorMessage($task); + return; + } - $sort = array(); - $primary = Property::getServerIp(); - foreach ($task['data']['addresses'] as &$addr) { - $sort[] = $addr['type'] . $addr['ip']; - if ($addr['ip'] === $primary) - $addr['primary'] = true; + $sort = array(); + $primary = Property::getServerIp(); + foreach ($task['data']['addresses'] as &$addr) { + $sort[] = $addr['type'] . $addr['ip']; + if ($addr['ip'] === $primary) + $addr['primary'] = true; + } + array_multisort($sort, SORT_STRING, $task['data']['addresses']); + echo Render::parse('addresses', array( + 'addresses' => $task['data']['addresses'] + )); + } else { + echo "No permission to view this section."; } - array_multisort($sort, SORT_STRING, $task['data']['addresses']); - echo Render::parse('addresses', array( - 'addresses' => $task['data']['addresses'] - )); + } private function sysInfo() @@ -178,39 +199,43 @@ class Page_SystemStatus extends Page protected function ajaxSystemInfo() { - $cpuInfo = file_get_contents('/proc/cpuinfo'); - $uptime = file_get_contents('/proc/uptime'); - $cpuCount = preg_match_all('/\bprocessor\s/', $cpuInfo, $out); - //$cpuCount = count($out); - $data = array( - 'cpuCount' => $cpuCount, - 'memTotal' => '???', - 'memFree' => '???', - 'swapTotal' => '???', - 'swapUsed' => '???', - 'uptime' => '???' - ); - if (preg_match('/^(\d+)\D/', $uptime, $out)) { - $data['uptime'] = floor($out[1] / 86400) . ' ' . Dictionary::translate('lang_days') . ', ' . floor(($out[1] % 86400) / 3600) . ' ' . Dictionary::translate('lang_hours'); - } - $info = $this->sysInfo(); - if (isset($info['MemTotal']) && isset($info['MemFree']) && isset($info['SwapTotal'])) { - $data['memTotal'] = Util::readableFileSize($info['MemTotal'] * 1024); - $data['memFree'] = Util::readableFileSize(($info['MemFree'] + $info['Buffers'] + $info['Cached']) * 1024); - $data['memPercent'] = 100 - round((($info['MemFree'] + $info['Buffers'] + $info['Cached']) / $info['MemTotal']) * 100); - $data['swapTotal'] = Util::readableFileSize($info['SwapTotal'] * 1024); - $data['swapUsed'] = Util::readableFileSize(($info['SwapTotal'] - $info['SwapFree']) * 1024); - $data['swapPercent'] = 100 - round(($info['SwapFree'] / $info['SwapTotal']) * 100); - $data['swapWarning'] = ($data['swapPercent'] > 50 || ($info['SwapTotal'] - $info['SwapFree']) > 200000); - } - if (isset($info['CpuIdle']) && isset($info['CpuSystem']) && isset($info['CpuTotal'])) { - $data['cpuLoad'] = 100 - round(($info['CpuIdle'] / $info['CpuTotal']) * 100); - $data['cpuSystem'] = round(($info['CpuSystem'] / $info['CpuTotal']) * 100); - $data['cpuLoadOk'] = true; - $data['CpuTotal'] = $info['CpuTotal']; - $data['CpuIdle'] = $info['CpuIdle']; + if (User::hasPermission("show.overview.systeminfo")) { + $cpuInfo = file_get_contents('/proc/cpuinfo'); + $uptime = file_get_contents('/proc/uptime'); + $cpuCount = preg_match_all('/\bprocessor\s/', $cpuInfo, $out); + //$cpuCount = count($out); + $data = array( + 'cpuCount' => $cpuCount, + 'memTotal' => '???', + 'memFree' => '???', + 'swapTotal' => '???', + 'swapUsed' => '???', + 'uptime' => '???' + ); + if (preg_match('/^(\d+)\D/', $uptime, $out)) { + $data['uptime'] = floor($out[1] / 86400) . ' ' . Dictionary::translate('lang_days') . ', ' . floor(($out[1] % 86400) / 3600) . ' ' . Dictionary::translate('lang_hours'); + } + $info = $this->sysInfo(); + if (isset($info['MemTotal']) && isset($info['MemFree']) && isset($info['SwapTotal'])) { + $data['memTotal'] = Util::readableFileSize($info['MemTotal'] * 1024); + $data['memFree'] = Util::readableFileSize(($info['MemFree'] + $info['Buffers'] + $info['Cached']) * 1024); + $data['memPercent'] = 100 - round((($info['MemFree'] + $info['Buffers'] + $info['Cached']) / $info['MemTotal']) * 100); + $data['swapTotal'] = Util::readableFileSize($info['SwapTotal'] * 1024); + $data['swapUsed'] = Util::readableFileSize(($info['SwapTotal'] - $info['SwapFree']) * 1024); + $data['swapPercent'] = 100 - round(($info['SwapFree'] / $info['SwapTotal']) * 100); + $data['swapWarning'] = ($data['swapPercent'] > 50 || ($info['SwapTotal'] - $info['SwapFree']) > 200000); + } + if (isset($info['CpuIdle']) && isset($info['CpuSystem']) && isset($info['CpuTotal'])) { + $data['cpuLoad'] = 100 - round(($info['CpuIdle'] / $info['CpuTotal']) * 100); + $data['cpuSystem'] = round(($info['CpuSystem'] / $info['CpuTotal']) * 100); + $data['cpuLoadOk'] = true; + $data['CpuTotal'] = $info['CpuTotal']; + $data['CpuIdle'] = $info['CpuIdle']; + } + echo Render::parse('systeminfo', $data); + } else { + echo "No permission to view this section."; } - echo Render::parse('systeminfo', $data); } protected function ajaxSysPoll() @@ -228,181 +253,208 @@ class Page_SystemStatus extends Page protected function ajaxServices() { - $data = array('services' => array()); - $tasks = array(); + if (User::hasPermission("show.overview.services")) { + $data = array('services' => array()); + $tasks = array(); - $todo = ['dmsd', 'atftpd']; - if (Module::isAvailable('dnbd3') && Dnbd3::isEnabled()) { - $todo[] = 'dnbd3-server'; - } + $todo = ['dmsd', 'atftpd']; + if (Module::isAvailable('dnbd3') && Dnbd3::isEnabled()) { + $todo[] = 'dnbd3-server'; + } - foreach ($todo as $svc) { + foreach ($todo as $svc) { + $tasks[] = array( + 'name' => $svc, + 'task' => Taskmanager::submit('Systemctl', ['service' => $svc, 'operation' => 'is-active']) + ); + } $tasks[] = array( - 'name' => $svc, - 'task' => Taskmanager::submit('Systemctl', ['service' => $svc, 'operation' => 'is-active']) + 'name' => 'LDAP/AD-Proxy', + 'task' => Trigger::ldadp() ); - } - $tasks[] = array( - 'name' => 'LDAP/AD-Proxy', - 'task' => Trigger::ldadp() - ); - $deadline = time() + 10; - do { - $done = true; - foreach ($tasks as &$task) { - if (!is_string($task['task']) && (Taskmanager::isFailed($task['task']) || Taskmanager::isFinished($task['task']))) - continue; - $task['task'] = Taskmanager::waitComplete($task['task'], 100); - if (!Taskmanager::isFailed($task['task']) && !Taskmanager::isFinished($task['task'])) { - $done = false; + $deadline = time() + 10; + do { + $done = true; + foreach ($tasks as &$task) { + if (!is_string($task['task']) && (Taskmanager::isFailed($task['task']) || Taskmanager::isFinished($task['task']))) + continue; + $task['task'] = Taskmanager::waitComplete($task['task'], 100); + if (!Taskmanager::isFailed($task['task']) && !Taskmanager::isFinished($task['task'])) { + $done = false; + } } - } - unset($task); - } while (!$done && time() < $deadline); - - foreach ($tasks as $task) { - $fail = Taskmanager::isFailed($task['task']); - $data['services'][] = array( - 'name' => $task['name'], - 'fail' => $fail, - 'data' => isset($task['data']) ? $task['data'] : null, - 'unknown' => $task['task'] === false - ); - } + unset($task); + } while (!$done && time() < $deadline); - echo Render::parse('services', $data); - } - - protected function ajaxDmsdLog() - { - $fh = @fopen('/var/log/dmsd.log', 'r'); - if ($fh === false) { - echo 'Error opening log file'; - return; - } - fseek($fh, -6000, SEEK_END); - $data = fread($fh, 6000); - @fclose($fh); - if ($data === false) { - echo 'Error reading from log file'; - return; - } - // If we could read less, try the .1 file too - $amount = 6000 - strlen($data); - if ($amount > 100) { - $fh = @fopen('/var/log/dmsd.log.1', 'r'); - if ($fh !== false) { - fseek($fh, -$amount, SEEK_END); - $data = fread($fh, $amount) . $data; - @fclose($fh); + foreach ($tasks as $task) { + $fail = Taskmanager::isFailed($task['task']); + $data['services'][] = array( + 'name' => $task['name'], + 'fail' => $fail, + 'data' => isset($task['data']) ? $task['data'] : null, + 'unknown' => $task['task'] === false + ); } - } - if (strlen($data) < 5990) { - $start = 0; + + echo Render::parse('services', $data); } else { - $start = strpos($data, "\n") + 1; + echo "No permission to view this section."; } - echo '
', htmlspecialchars(substr($data, $start), ENT_QUOTES | ENT_SUBSTITUTE, 'UTF-8'), '
'; } - protected function ajaxLighttpdLog() + protected function ajaxDmsdLog() { - $fh = @fopen('/var/log/lighttpd/error.log', 'r'); - if ($fh === false) { - echo 'Error opening log file'; - return; - } - fseek($fh, -6000, SEEK_END); - $data = fread($fh, 6000); - @fclose($fh); - if ($data === false) { - echo 'Error reading from log file'; - return; - } - // If we could read less, try the .1 file too - $amount = 6000 - strlen($data); - if ($amount > 100) { - $fh = @fopen('/var/log/lighttpd/error.log.1', 'r'); - if ($fh !== false) { - fseek($fh, -$amount, SEEK_END); - $data = fread($fh, $amount) . $data; - @fclose($fh); + if (User::hasPermission("show.logs.bwlpserver")) { + $fh = @fopen('/var/log/dmsd.log', 'r'); + if ($fh === false) { + echo 'Error opening log file'; + return; } - } - if (strlen($data) < 5990) { - $start = 0; + fseek($fh, -6000, SEEK_END); + $data = fread($fh, 6000); + @fclose($fh); + if ($data === false) { + echo 'Error reading from log file'; + return; + } + // If we could read less, try the .1 file too + $amount = 6000 - strlen($data); + if ($amount > 100) { + $fh = @fopen('/var/log/dmsd.log.1', 'r'); + if ($fh !== false) { + fseek($fh, -$amount, SEEK_END); + $data = fread($fh, $amount) . $data; + @fclose($fh); + } + } + if (strlen($data) < 5990) { + $start = 0; + } else { + $start = strpos($data, "\n") + 1; + } + echo '
', htmlspecialchars(substr($data, $start), ENT_QUOTES | ENT_SUBSTITUTE, 'UTF-8'), '
'; } else { - $start = strpos($data, "\n") + 1; + echo "No permission to view this section."; } - echo '
', htmlspecialchars(substr($data, $start), ENT_QUOTES | ENT_SUBSTITUTE, 'UTF-8'), '
'; } - protected function ajaxLdadpLog() + protected function ajaxLighttpdLog() { - $haveSysconfig = Module::isAvailable('sysconfig'); - $files = glob('/var/log/ldadp/*.log', GLOB_NOSORT); - if ($files === false || empty($files)) echo('No logs found'); - $now = time(); - foreach ($files as $file) { - $mod = filemtime($file); - if ($now - $mod > 86400) continue; - // New enough - handle - preg_match(',/(\d+)\.log,', $file, $out); - $module = $haveSysconfig ? ConfigModule::get($out[1]) : false; - if ($module === false) { - echo '

Module ', $out[1], '

'; - } else { - echo '

Module ', htmlspecialchars($module->title()), '

'; - } - $fh = @fopen($file, 'r'); + if (User::hasPermission("show.logs.lighttpd")) { + $fh = @fopen('/var/log/lighttpd/error.log', 'r'); if ($fh === false) { - echo '
Error opening log file
'; - continue; + echo 'Error opening log file'; + return; } - fseek($fh, -5000, SEEK_END); - $data = fread($fh, 5000); + fseek($fh, -6000, SEEK_END); + $data = fread($fh, 6000); @fclose($fh); if ($data === false) { - echo '
Error reading from log file
'; - continue; + echo 'Error reading from log file'; + return; } - if (strlen($data) < 4990) { + // If we could read less, try the .1 file too + $amount = 6000 - strlen($data); + if ($amount > 100) { + $fh = @fopen('/var/log/lighttpd/error.log.1', 'r'); + if ($fh !== false) { + fseek($fh, -$amount, SEEK_END); + $data = fread($fh, $amount) . $data; + @fclose($fh); + } + } + if (strlen($data) < 5990) { $start = 0; } else { $start = strpos($data, "\n") + 1; } echo '
', htmlspecialchars(substr($data, $start), ENT_QUOTES | ENT_SUBSTITUTE, 'UTF-8'), '
'; + } else { + echo "No permission to view this section."; + } + + } + + protected function ajaxLdadpLog() + { + if (User::hasPermission("show.logs.ldapad")) { + $haveSysconfig = Module::isAvailable('sysconfig'); + $files = glob('/var/log/ldadp/*.log', GLOB_NOSORT); + if ($files === false || empty($files)) echo('No logs found'); + $now = time(); + foreach ($files as $file) { + $mod = filemtime($file); + if ($now - $mod > 86400) continue; + // New enough - handle + preg_match(',/(\d+)\.log,', $file, $out); + $module = $haveSysconfig ? ConfigModule::get($out[1]) : false; + if ($module === false) { + echo '

Module ', $out[1], '

'; + } else { + echo '

Module ', htmlspecialchars($module->title()), '

'; + } + $fh = @fopen($file, 'r'); + if ($fh === false) { + echo '
Error opening log file
'; + continue; + } + fseek($fh, -5000, SEEK_END); + $data = fread($fh, 5000); + @fclose($fh); + if ($data === false) { + echo '
Error reading from log file
'; + continue; + } + if (strlen($data) < 4990) { + $start = 0; + } else { + $start = strpos($data, "\n") + 1; + } + echo '
', htmlspecialchars(substr($data, $start), ENT_QUOTES | ENT_SUBSTITUTE, 'UTF-8'), '
'; + } + } else { + echo "No permission to view this section."; } } protected function ajaxNetstat() { - $taskId = Taskmanager::submit('Netstat'); - if ($taskId === false) - return; - $status = Taskmanager::waitComplete($taskId, 3500); + if(User::hasPermission("show.logs.netstat")) { + $taskId = Taskmanager::submit('Netstat'); + if ($taskId === false) + return; + $status = Taskmanager::waitComplete($taskId, 3500); - if (isset($status['data']['messages'])) - $data = $status['data']['messages']; - else - $data = 'Taskmanager error'; + if (isset($status['data']['messages'])) + $data = $status['data']['messages']; + else + $data = 'Taskmanager error'; + + echo '
', htmlspecialchars($data, ENT_QUOTES | ENT_SUBSTITUTE, 'UTF-8'), '
'; + } else { + echo "No permission to view this section."; + } - echo '
', htmlspecialchars($data, ENT_QUOTES | ENT_SUBSTITUTE, 'UTF-8'), '
'; } protected function ajaxPsList() { - $taskId = Taskmanager::submit('PsList'); - if ($taskId === false) - return; - $status = Taskmanager::waitComplete($taskId, 3500); + if (User::hasPermission("show.logs.pslist")) { + $taskId = Taskmanager::submit('PsList'); + if ($taskId === false) + return; + $status = Taskmanager::waitComplete($taskId, 3500); + + if (isset($status['data']['messages'])) + $data = $status['data']['messages']; + else + $data = 'Taskmanager error'; - if (isset($status['data']['messages'])) - $data = $status['data']['messages']; - else - $data = 'Taskmanager error'; + echo '
', htmlspecialchars($data, ENT_QUOTES | ENT_SUBSTITUTE, 'UTF-8'), '
'; + } else { + echo "No permission to view this section."; + } - echo '
', htmlspecialchars($data, ENT_QUOTES | ENT_SUBSTITUTE, 'UTF-8'), '
'; } private function usageColor($percent) diff --git a/modules-available/systemstatus/permissions/permissions.json b/modules-available/systemstatus/permissions/permissions.json new file mode 100644 index 00000000..0333564b --- /dev/null +++ b/modules-available/systemstatus/permissions/permissions.json @@ -0,0 +1,13 @@ +[ + "show.overview.diskstat", + "show.overview.services", + "show.overview.adresses", + "show.overview.systeminfo", + "show.overview.dmsdusers", + "show.logs.bwlpserver", + "show.logs.netstat", + "show.logs.pslist", + "show.logs.ldapad", + "show.logs.lighttpd", + "serverreboot" +] \ No newline at end of file diff --git a/modules-available/systemstatus/templates/_page.html b/modules-available/systemstatus/templates/_page.html index 0de94cad..715fd233 100644 --- a/modules-available/systemstatus/templates/_page.html +++ b/modules-available/systemstatus/templates/_page.html @@ -86,7 +86,7 @@
- +