From 8d57b332ad02f70e19e2071a17d14c1e6839e04d Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Fri, 16 Feb 2018 11:39:40 +0100 Subject: [systemstatus] Use new permission helpers; disable non-accessible tabs --- modules-available/systemstatus/page.inc.php | 566 +++++++++++++--------------- 1 file changed, 265 insertions(+), 301 deletions(-) (limited to 'modules-available/systemstatus/page.inc.php') diff --git a/modules-available/systemstatus/page.inc.php b/modules-available/systemstatus/page.inc.php index df0548fc..816caa05 100644 --- a/modules-available/systemstatus/page.inc.php +++ b/modules-available/systemstatus/page.inc.php @@ -15,12 +15,8 @@ class Page_SystemStatus extends Page } if (Request::post('action') === 'reboot') { - if (User::hasPermission("serverreboot")) { - $this->rebootTask = Taskmanager::submit('Reboot'); - } else { - Message::addError('main.no-permission'); - Util::redirect('?do=Main'); - } + User::assertPermission("serverreboot"); + $this->rebootTask = Taskmanager::submit('Reboot'); } } @@ -35,10 +31,11 @@ class Page_SystemStatus extends Page foreach ($tabs as $tab) { $data['tabs'][] = array( 'type' => $tab, - 'name' => Dictionary::translate('tab_' . $tab) + 'name' => Dictionary::translate('tab_' . $tab), + 'enabled' => User::hasPermission('tab.' . $tab), ); } - $data['allowedToReboot'] = User::hasPermission("serverreboot"); + Permission::addGlobalTags($data['perms'], null, ['serverreboot']); Render::addTemplate('_page', $data); } @@ -60,122 +57,112 @@ class Page_SystemStatus extends Page protected function ajaxDmsdUsers() { - if (User::hasPermission("show.overview.dmsdusers")) { - $ret = Download::asStringPost('http://127.0.0.1:9080/status/fileserver', false, 2, $code); - $args = array(); - if ($code != 200) { - $args['dmsd_error'] = true; - } else { - $data = @json_decode($ret, true); - if (is_array($data)) { - $args['uploads'] = $data['activeUploads']; - $args['downloads'] = $data['activeDownloads']; - } - } - if (file_exists('/run/reboot-required.pkgs')) { - $lines = file('/run/reboot-required.pkgs', FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES); - $lines = array_unique($lines); - $args['packages'] = implode(', ', $lines); - } - echo Render::parse('ajax-reboot', $args); + User::assertPermission("show.overview.dmsdusers"); + $ret = Download::asStringPost('http://127.0.0.1:9080/status/fileserver', false, 2, $code); + $args = array(); + if ($code != 200) { + $args['dmsd_error'] = true; } else { - echo "No permission to view this section."; + $data = @json_decode($ret, true); + if (is_array($data)) { + $args['uploads'] = $data['activeUploads']; + $args['downloads'] = $data['activeDownloads']; + } } + if (file_exists('/run/reboot-required.pkgs')) { + $lines = file('/run/reboot-required.pkgs', FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES); + $lines = array_unique($lines); + $args['packages'] = implode(', ', $lines); + } + echo Render::parse('ajax-reboot', $args); } protected function ajaxDiskStat() { - if (User::hasPermission("show.overview.diskstat")) { - $task = Taskmanager::submit('DiskStat'); - if ($task === false) - return; - $task = Taskmanager::waitComplete($task, 3000); + User::assertPermission("show.overview.diskstat"); + $task = Taskmanager::submit('DiskStat'); + if ($task === false) + return; + $task = Taskmanager::waitComplete($task, 3000); - if (!isset($task['data']['list']) || empty($task['data']['list'])) { - Taskmanager::addErrorMessage($task); - return; - } - $store = Property::getVmStoreUrl(); - $storeUsage = false; - $systemUsage = false; - if ($store !== false) { - if ($store === '') - $storePoint = '/'; - else - $storePoint = CONFIG_VMSTORE_DIR; - // Determine free space - foreach ($task['data']['list'] as $entry) { - if ($entry['mountPoint'] === $storePoint) { - $storeUsage = array( - 'percent' => $entry['usedPercent'], - 'size' => Util::readableFileSize($entry['sizeKb'] * 1024), - 'free' => Util::readableFileSize($entry['freeKb'] * 1024), - 'color' => $this->usageColor($entry['usedPercent']) - ); - } - if ($entry['mountPoint'] === '/') { - $systemUsage = array( - 'percent' => $entry['usedPercent'], - 'size' => Util::readableFileSize($entry['sizeKb'] * 1024), - 'free' => Util::readableFileSize($entry['freeKb'] * 1024), - 'color' => $this->usageColor($entry['usedPercent']) - ); - } + if (!isset($task['data']['list']) || empty($task['data']['list'])) { + Taskmanager::addErrorMessage($task); + return; + } + $store = Property::getVmStoreUrl(); + $storeUsage = false; + $systemUsage = false; + if ($store !== false) { + if ($store === '') + $storePoint = '/'; + else + $storePoint = CONFIG_VMSTORE_DIR; + // Determine free space + foreach ($task['data']['list'] as $entry) { + if ($entry['mountPoint'] === $storePoint) { + $storeUsage = array( + 'percent' => $entry['usedPercent'], + 'size' => Util::readableFileSize($entry['sizeKb'] * 1024), + 'free' => Util::readableFileSize($entry['freeKb'] * 1024), + 'color' => $this->usageColor($entry['usedPercent']) + ); } - $data = array( - 'store' => $storeUsage, - 'system' => $systemUsage - ); - // Determine if proper vm store is being used - if ($store !== '') { - $data['storeMissing'] = $store; + if ($entry['mountPoint'] === '/') { + $systemUsage = array( + 'percent' => $entry['usedPercent'], + 'size' => Util::readableFileSize($entry['sizeKb'] * 1024), + 'free' => Util::readableFileSize($entry['freeKb'] * 1024), + 'color' => $this->usageColor($entry['usedPercent']) + ); } - foreach ($task['data']['list'] as $entry) { - if ($entry['mountPoint'] !== CONFIG_VMSTORE_DIR) - continue; - if ($store !== $entry['fileSystem']) { - $data['wrongStore'] = $entry['fileSystem']; - break; - } - $data['storeMissing'] = false; + } + $data = array( + 'store' => $storeUsage, + 'system' => $systemUsage + ); + // Determine if proper vm store is being used + if ($store !== '') { + $data['storeMissing'] = $store; + } + foreach ($task['data']['list'] as $entry) { + if ($entry['mountPoint'] !== CONFIG_VMSTORE_DIR) + continue; + if ($store !== $entry['fileSystem']) { + $data['wrongStore'] = $entry['fileSystem']; + break; } - } else { - $data['notConfigured'] = true; + $data['storeMissing'] = false; } - echo Render::parse('diskstat', $data); } else { - echo "No permission to view this section."; + $data['notConfigured'] = true; } + echo Render::parse('diskstat', $data); } protected function ajaxAddressList() { - if (User::hasPermission("show.overview.addresses")) { - $task = Taskmanager::submit('LocalAddressesList'); - if ($task === false) - return; - $task = Taskmanager::waitComplete($task, 3000); - - if (!isset($task['data']['addresses']) || empty($task['data']['addresses'])) { - Taskmanager::addErrorMessage($task); - return; - } + User::assertPermission("show.overview.addresses"); + $task = Taskmanager::submit('LocalAddressesList'); + if ($task === false) + return; + $task = Taskmanager::waitComplete($task, 3000); - $sort = array(); - $primary = Property::getServerIp(); - foreach ($task['data']['addresses'] as &$addr) { - $sort[] = $addr['type'] . $addr['ip']; - if ($addr['ip'] === $primary) - $addr['primary'] = true; - } - array_multisort($sort, SORT_STRING, $task['data']['addresses']); - echo Render::parse('addresses', array( - 'addresses' => $task['data']['addresses'] - )); - } else { - echo "No permission to view this section."; + if (!isset($task['data']['addresses']) || empty($task['data']['addresses'])) { + Taskmanager::addErrorMessage($task); + return; } + $sort = array(); + $primary = Property::getServerIp(); + foreach ($task['data']['addresses'] as &$addr) { + $sort[] = $addr['type'] . $addr['ip']; + if ($addr['ip'] === $primary) + $addr['primary'] = true; + } + array_multisort($sort, SORT_STRING, $task['data']['addresses']); + echo Render::parse('addresses', array( + 'addresses' => $task['data']['addresses'] + )); } private function sysInfo() @@ -197,47 +184,45 @@ class Page_SystemStatus extends Page protected function ajaxSystemInfo() { - if (User::hasPermission("show.overview.systeminfo")) { - $cpuInfo = file_get_contents('/proc/cpuinfo'); - $uptime = file_get_contents('/proc/uptime'); - $cpuCount = preg_match_all('/\bprocessor\s/', $cpuInfo, $out); - //$cpuCount = count($out); - $data = array( - 'cpuCount' => $cpuCount, - 'memTotal' => '???', - 'memFree' => '???', - 'swapTotal' => '???', - 'swapUsed' => '???', - 'uptime' => '???' - ); - if (preg_match('/^(\d+)\D/', $uptime, $out)) { - $data['uptime'] = floor($out[1] / 86400) . ' ' . Dictionary::translate('lang_days') . ', ' . floor(($out[1] % 86400) / 3600) . ' ' . Dictionary::translate('lang_hours'); - } - $info = $this->sysInfo(); - if (isset($info['MemTotal']) && isset($info['MemFree']) && isset($info['SwapTotal'])) { - $data['memTotal'] = Util::readableFileSize($info['MemTotal'] * 1024); - $data['memFree'] = Util::readableFileSize(($info['MemFree'] + $info['Buffers'] + $info['Cached']) * 1024); - $data['memPercent'] = 100 - round((($info['MemFree'] + $info['Buffers'] + $info['Cached']) / $info['MemTotal']) * 100); - $data['swapTotal'] = Util::readableFileSize($info['SwapTotal'] * 1024); - $data['swapUsed'] = Util::readableFileSize(($info['SwapTotal'] - $info['SwapFree']) * 1024); - $data['swapPercent'] = 100 - round(($info['SwapFree'] / $info['SwapTotal']) * 100); - $data['swapWarning'] = ($data['swapPercent'] > 50 || ($info['SwapTotal'] - $info['SwapFree']) > 200000); - } - if (isset($info['CpuIdle']) && isset($info['CpuSystem']) && isset($info['CpuTotal'])) { - $data['cpuLoad'] = 100 - round(($info['CpuIdle'] / $info['CpuTotal']) * 100); - $data['cpuSystem'] = round(($info['CpuSystem'] / $info['CpuTotal']) * 100); - $data['cpuLoadOk'] = true; - $data['CpuTotal'] = $info['CpuTotal']; - $data['CpuIdle'] = $info['CpuIdle']; - } - echo Render::parse('systeminfo', $data); - } else { - echo "No permission to view this section."; + User::assertPermission("show.overview.systeminfo"); + $cpuInfo = file_get_contents('/proc/cpuinfo'); + $uptime = file_get_contents('/proc/uptime'); + $cpuCount = preg_match_all('/\bprocessor\s/', $cpuInfo, $out); + //$cpuCount = count($out); + $data = array( + 'cpuCount' => $cpuCount, + 'memTotal' => '???', + 'memFree' => '???', + 'swapTotal' => '???', + 'swapUsed' => '???', + 'uptime' => '???' + ); + if (preg_match('/^(\d+)\D/', $uptime, $out)) { + $data['uptime'] = floor($out[1] / 86400) . ' ' . Dictionary::translate('lang_days') . ', ' . floor(($out[1] % 86400) / 3600) . ' ' . Dictionary::translate('lang_hours'); } + $info = $this->sysInfo(); + if (isset($info['MemTotal']) && isset($info['MemFree']) && isset($info['SwapTotal'])) { + $data['memTotal'] = Util::readableFileSize($info['MemTotal'] * 1024); + $data['memFree'] = Util::readableFileSize(($info['MemFree'] + $info['Buffers'] + $info['Cached']) * 1024); + $data['memPercent'] = 100 - round((($info['MemFree'] + $info['Buffers'] + $info['Cached']) / $info['MemTotal']) * 100); + $data['swapTotal'] = Util::readableFileSize($info['SwapTotal'] * 1024); + $data['swapUsed'] = Util::readableFileSize(($info['SwapTotal'] - $info['SwapFree']) * 1024); + $data['swapPercent'] = 100 - round(($info['SwapFree'] / $info['SwapTotal']) * 100); + $data['swapWarning'] = ($data['swapPercent'] > 50 || ($info['SwapTotal'] - $info['SwapFree']) > 200000); + } + if (isset($info['CpuIdle']) && isset($info['CpuSystem']) && isset($info['CpuTotal'])) { + $data['cpuLoad'] = 100 - round(($info['CpuIdle'] / $info['CpuTotal']) * 100); + $data['cpuSystem'] = round(($info['CpuSystem'] / $info['CpuTotal']) * 100); + $data['cpuLoadOk'] = true; + $data['CpuTotal'] = $info['CpuTotal']; + $data['CpuIdle'] = $info['CpuIdle']; + } + echo Render::parse('systeminfo', $data); } protected function ajaxSysPoll() { + User::assertPermission("show.overview.systeminfo"); $info = $this->sysInfo(); $data = array( 'CpuTotal' => $info['CpuTotal'], @@ -251,208 +236,187 @@ class Page_SystemStatus extends Page protected function ajaxServices() { - if (User::hasPermission("show.overview.services")) { - $data = array('services' => array()); - $tasks = array(); + User::assertPermission("show.overview.services"); + $data = array('services' => array()); + $tasks = array(); - $todo = ['dmsd', 'atftpd']; - if (Module::isAvailable('dnbd3') && Dnbd3::isEnabled()) { - $todo[] = 'dnbd3-server'; - } + $todo = ['dmsd', 'atftpd']; + if (Module::isAvailable('dnbd3') && Dnbd3::isEnabled()) { + $todo[] = 'dnbd3-server'; + } - foreach ($todo as $svc) { - $tasks[] = array( - 'name' => $svc, - 'task' => Taskmanager::submit('Systemctl', ['service' => $svc, 'operation' => 'is-active']) - ); - } + foreach ($todo as $svc) { $tasks[] = array( - 'name' => 'LDAP/AD-Proxy', - 'task' => Trigger::ldadp() + 'name' => $svc, + 'task' => Taskmanager::submit('Systemctl', ['service' => $svc, 'operation' => 'is-active']) ); - $deadline = time() + 10; - do { - $done = true; - foreach ($tasks as &$task) { - if (!is_string($task['task']) && (Taskmanager::isFailed($task['task']) || Taskmanager::isFinished($task['task']))) - continue; - $task['task'] = Taskmanager::waitComplete($task['task'], 100); - if (!Taskmanager::isFailed($task['task']) && !Taskmanager::isFinished($task['task'])) { - $done = false; - } + } + $tasks[] = array( + 'name' => 'LDAP/AD-Proxy', + 'task' => Trigger::ldadp() + ); + $deadline = time() + 10; + do { + $done = true; + foreach ($tasks as &$task) { + if (!is_string($task['task']) && (Taskmanager::isFailed($task['task']) || Taskmanager::isFinished($task['task']))) + continue; + $task['task'] = Taskmanager::waitComplete($task['task'], 100); + if (!Taskmanager::isFailed($task['task']) && !Taskmanager::isFinished($task['task'])) { + $done = false; } - unset($task); - } while (!$done && time() < $deadline); - - foreach ($tasks as $task) { - $fail = Taskmanager::isFailed($task['task']); - $data['services'][] = array( - 'name' => $task['name'], - 'fail' => $fail, - 'data' => isset($task['data']) ? $task['data'] : null, - 'unknown' => $task['task'] === false - ); } - - echo Render::parse('services', $data); - } else { - echo "No permission to view this section."; + unset($task); + } while (!$done && time() < $deadline); + + foreach ($tasks as $task) { + $fail = Taskmanager::isFailed($task['task']); + $data['services'][] = array( + 'name' => $task['name'], + 'fail' => $fail, + 'data' => isset($task['data']) ? $task['data'] : null, + 'unknown' => $task['task'] === false + ); } + + echo Render::parse('services', $data); } protected function ajaxDmsdLog() { - if (User::hasPermission("show.logs.bwlpserver")) { - $fh = @fopen('/var/log/dmsd.log', 'r'); - if ($fh === false) { - echo 'Error opening log file'; - return; - } - fseek($fh, -6000, SEEK_END); - $data = fread($fh, 6000); - @fclose($fh); - if ($data === false) { - echo 'Error reading from log file'; - return; - } - // If we could read less, try the .1 file too - $amount = 6000 - strlen($data); - if ($amount > 100) { - $fh = @fopen('/var/log/dmsd.log.1', 'r'); - if ($fh !== false) { - fseek($fh, -$amount, SEEK_END); - $data = fread($fh, $amount) . $data; - @fclose($fh); - } - } - if (strlen($data) < 5990) { - $start = 0; - } else { - $start = strpos($data, "\n") + 1; + User::assertPermission("tab.dmsdlog"); + $fh = @fopen('/var/log/dmsd.log', 'r'); + if ($fh === false) { + echo 'Error opening log file'; + return; + } + fseek($fh, -6000, SEEK_END); + $data = fread($fh, 6000); + @fclose($fh); + if ($data === false) { + echo 'Error reading from log file'; + return; + } + // If we could read less, try the .1 file too + $amount = 6000 - strlen($data); + if ($amount > 100) { + $fh = @fopen('/var/log/dmsd.log.1', 'r'); + if ($fh !== false) { + fseek($fh, -$amount, SEEK_END); + $data = fread($fh, $amount) . $data; + @fclose($fh); } - echo '
', htmlspecialchars(substr($data, $start), ENT_QUOTES | ENT_SUBSTITUTE, 'UTF-8'), '
'; + } + if (strlen($data) < 5990) { + $start = 0; } else { - echo "No permission to view this section."; + $start = strpos($data, "\n") + 1; } + echo '
', htmlspecialchars(substr($data, $start), ENT_QUOTES | ENT_SUBSTITUTE, 'UTF-8'), '
'; } protected function ajaxLighttpdLog() { - if (User::hasPermission("show.logs.lighttpd")) { - $fh = @fopen('/var/log/lighttpd/error.log', 'r'); + User::assertPermission("tab.lighttpdlog"); + $fh = @fopen('/var/log/lighttpd/error.log', 'r'); + if ($fh === false) { + echo 'Error opening log file'; + return; + } + fseek($fh, -6000, SEEK_END); + $data = fread($fh, 6000); + @fclose($fh); + if ($data === false) { + echo 'Error reading from log file'; + return; + } + // If we could read less, try the .1 file too + $amount = 6000 - strlen($data); + if ($amount > 100) { + $fh = @fopen('/var/log/lighttpd/error.log.1', 'r'); + if ($fh !== false) { + fseek($fh, -$amount, SEEK_END); + $data = fread($fh, $amount) . $data; + @fclose($fh); + } + } + if (strlen($data) < 5990) { + $start = 0; + } else { + $start = strpos($data, "\n") + 1; + } + echo '
', htmlspecialchars(substr($data, $start), ENT_QUOTES | ENT_SUBSTITUTE, 'UTF-8'), '
'; + } + + protected function ajaxLdadpLog() + { + User::assertPermission("tab.ldadplog"); + $haveSysconfig = Module::isAvailable('sysconfig'); + $files = glob('/var/log/ldadp/*.log', GLOB_NOSORT); + if ($files === false || empty($files)) echo('No logs found'); + $now = time(); + foreach ($files as $file) { + $mod = filemtime($file); + if ($now - $mod > 86400) continue; + // New enough - handle + preg_match(',/(\d+)\.log,', $file, $out); + $module = $haveSysconfig ? ConfigModule::get($out[1]) : false; + if ($module === false) { + echo '

Module ', $out[1], '

'; + } else { + echo '

Module ', htmlspecialchars($module->title()), '

'; + } + $fh = @fopen($file, 'r'); if ($fh === false) { - echo 'Error opening log file'; - return; + echo '
Error opening log file
'; + continue; } - fseek($fh, -6000, SEEK_END); - $data = fread($fh, 6000); + fseek($fh, -5000, SEEK_END); + $data = fread($fh, 5000); @fclose($fh); if ($data === false) { - echo 'Error reading from log file'; - return; - } - // If we could read less, try the .1 file too - $amount = 6000 - strlen($data); - if ($amount > 100) { - $fh = @fopen('/var/log/lighttpd/error.log.1', 'r'); - if ($fh !== false) { - fseek($fh, -$amount, SEEK_END); - $data = fread($fh, $amount) . $data; - @fclose($fh); - } + echo '
Error reading from log file
'; + continue; } - if (strlen($data) < 5990) { + if (strlen($data) < 4990) { $start = 0; } else { $start = strpos($data, "\n") + 1; } echo '
', htmlspecialchars(substr($data, $start), ENT_QUOTES | ENT_SUBSTITUTE, 'UTF-8'), '
'; - } else { - echo "No permission to view this section."; - } - - } - - protected function ajaxLdadpLog() - { - if (User::hasPermission("show.logs.ldapad")) { - $haveSysconfig = Module::isAvailable('sysconfig'); - $files = glob('/var/log/ldadp/*.log', GLOB_NOSORT); - if ($files === false || empty($files)) echo('No logs found'); - $now = time(); - foreach ($files as $file) { - $mod = filemtime($file); - if ($now - $mod > 86400) continue; - // New enough - handle - preg_match(',/(\d+)\.log,', $file, $out); - $module = $haveSysconfig ? ConfigModule::get($out[1]) : false; - if ($module === false) { - echo '

Module ', $out[1], '

'; - } else { - echo '

Module ', htmlspecialchars($module->title()), '

'; - } - $fh = @fopen($file, 'r'); - if ($fh === false) { - echo '
Error opening log file
'; - continue; - } - fseek($fh, -5000, SEEK_END); - $data = fread($fh, 5000); - @fclose($fh); - if ($data === false) { - echo '
Error reading from log file
'; - continue; - } - if (strlen($data) < 4990) { - $start = 0; - } else { - $start = strpos($data, "\n") + 1; - } - echo '
', htmlspecialchars(substr($data, $start), ENT_QUOTES | ENT_SUBSTITUTE, 'UTF-8'), '
'; - } - } else { - echo "No permission to view this section."; } } protected function ajaxNetstat() { - if(User::hasPermission("show.logs.netstat")) { - $taskId = Taskmanager::submit('Netstat'); - if ($taskId === false) - return; - $status = Taskmanager::waitComplete($taskId, 3500); + User::assertPermission("tab.netstat"); + $taskId = Taskmanager::submit('Netstat'); + if ($taskId === false) + return; + $status = Taskmanager::waitComplete($taskId, 3500); - if (isset($status['data']['messages'])) - $data = $status['data']['messages']; - else - $data = 'Taskmanager error'; - - echo '
', htmlspecialchars($data, ENT_QUOTES | ENT_SUBSTITUTE, 'UTF-8'), '
'; - } else { - echo "No permission to view this section."; - } + if (isset($status['data']['messages'])) + $data = $status['data']['messages']; + else + $data = 'Taskmanager error'; + echo '
', htmlspecialchars($data, ENT_QUOTES | ENT_SUBSTITUTE, 'UTF-8'), '
'; } protected function ajaxPsList() { - if (User::hasPermission("show.logs.pslist")) { - $taskId = Taskmanager::submit('PsList'); - if ($taskId === false) - return; - $status = Taskmanager::waitComplete($taskId, 3500); - - if (isset($status['data']['messages'])) - $data = $status['data']['messages']; - else - $data = 'Taskmanager error'; + User::assertPermission("tab.pslist"); + $taskId = Taskmanager::submit('PsList'); + if ($taskId === false) + return; + $status = Taskmanager::waitComplete($taskId, 3500); - echo '
', htmlspecialchars($data, ENT_QUOTES | ENT_SUBSTITUTE, 'UTF-8'), '
'; - } else { - echo "No permission to view this section."; - } + if (isset($status['data']['messages'])) + $data = $status['data']['messages']; + else + $data = 'Taskmanager error'; + echo '
', htmlspecialchars($data, ENT_QUOTES | ENT_SUBSTITUTE, 'UTF-8'), '
'; } private function usageColor($percent) -- cgit v1.2.3-55-g7522