This also adds some stand-alone CLI options to the sysadm-binary utility:
"bridge_list": List any bridge connections in the settings file. Output Format: "name (url)"
"bridge_add <name> <url>": Add a bridge connection to the settings with the given name. (if websocket server is running, this change will take effect within 5 minutes).
"bridge_remove <name>": Remove a bridge connection from the settings. If a websocket server is running, this change will take effect within 5 minutes (closing the connection to the removed bridge as needed).
There is also a new option in the global server config file:
BRIDGE_CONNECTIONS_ONLY=[true/false]
If true, this will allow the websocket server to run without listening on any ports, and instead force all traffic through the existing bridge connections.
namespace: "sysadm"
name: "logs"
This is a class used for interacting with the log files created by the sysadm server.
"action":"read_logs"
Optional Arguments:
"logs" : array/string of log type(s) (valid types: "hostinfo", "dispatcher", "events-dispatcher","events-lifepreserver","events-state"
"time_format" : one of the following formats (required for custom start/end times below). Valid Formats: "time_t_seconds", "epoch_mseconds, "relative_[day/month/second]", or a QDateTime String code (see http://doc.qt.io/qt-5/qdatetime.html#fromString for details).
"start_time" : "<number/string corresponding to format above>"
"end_time" : "<number/string corresponding to format above>"
If the time_format is missing, or the start/end times are not defined, the end time will be the current date/time, and the start time will be 12 hours previous.
If the "logs" argument is missing/empty, then all logs matching the search parameters will be returned.
Example Input:
{
"action" : "read_logs",
"time_format" : "relative_second",
"start_time" : "-3600"
}
This returns all log entries within the last hour.
Return Format:
"args" : {
"<log_file_type>" : {
"<date_time_stamp>" : <message>,
"<date_timo_stamp2>" : <message>
}
}
This system reads the pkg database directly and returns any relevant information about the pkgs requested.
Note: The "repo" input is optional (defaults to "local"), and the "pkg_origins" will become optional here soon as well (going to make it default to listing all pkgs if the pkg_origins variable is missing/empty).
REST Request:
-------------------------------
PUT /sysadm/pkg
{
"pkg_origins" : [
"x11/lumina"
],
"repo" : "local",
"action" : "pkg_info"
}
WebSocket Request:
-------------------------------
{
"name" : "pkg",
"namespace" : "sysadm",
"args" : {
"repo" : "local",
"action" : "pkg_info",
"pkg_origins" : [
"x11/lumina"
]
},
"id" : "fooid"
}
Response:
-------------------------------
{
"args": {
"pkg_info": {
"x11/lumina": {
"arch": "FreeBSD:11:amd64",
"automatic": "0",
"comment": "Lumina Desktop Environment",
"dep_formula": "",
"dependencies": [
"x11-toolkits/qt5-gui",
"x11/qt5-x11extras",
"x11-wm/fluxbox",
"x11/libXdamage",
"devel/qt5-linguist",
"x11/numlockx",
"devel/qt5-buildtools",
"multimedia/qt5-multimedia",
"graphics/qt5-svg",
"x11/xbrightness",
"x11/xorg",
"devel/desktop-file-utils",
"devel/qt5-concurrent",
"x11/libX11",
"net/qt5-network",
"x11-themes/fluxbox-tenr-styles-pack",
"x11-themes/kde4-icons-oxygen",
"devel/qt5-core",
"x11/xscreensaver",
"multimedia/gstreamer1-plugins-core",
"graphics/qt5-imageformats"
],
"desc": "Lumina-DE is a lightweight, BSD licensed desktop environment,\ndesigned specifically for use on FreeBSD\n\nWWW: http://lumina-desktop.org",
"files": [
"/usr/local/share/licenses/lumina-0.8.8_2,1/catalog.mk",
"/usr/local/share/licenses/lumina-0.8.8_2,1/LICENSE",
"/usr/local/share/licenses/lumina-0.8.8_2,1/BSD3CLAUSE",
"/usr/local/bin/Lumina-DE",
"/usr/local/bin/lumina-config",
"/usr/local/bin/lumina-fileinfo",
"/usr/local/bin/lumina-fm",
"/usr/local/bin/lumina-info",
"/usr/local/bin/lumina-open",
"/usr/local/bin/lumina-screenshot",
"/usr/local/bin/lumina-search",
"/usr/local/bin/lumina-xconfig",
"/usr/local/etc/luminaDesktop.conf.dist",
"/usr/local/include/LuminaOS.h",
"/usr/local/include/LuminaSingleApplication.h",
"/usr/local/include/LuminaThemes.h",
"/usr/local/include/LuminaUtils.h",
"/usr/local/include/LuminaX11.h",
"/usr/local/include/LuminaXDG.h",
"/usr/local/lib/libLuminaUtils.so",
"/usr/local/lib/libLuminaUtils.so.1",
"/usr/local/lib/libLuminaUtils.so.1.0",
"/usr/local/lib/libLuminaUtils.so.1.0.0",
"/usr/local/share/Lumina-DE/Login.ogg",
"/usr/local/share/Lumina-DE/Logout.ogg",
"/usr/local/share/Lumina-DE/colors/Black.qss.colors",
"/usr/local/share/Lumina-DE/colors/Blue-Light.qss.colors",
"/usr/local/share/Lumina-DE/colors/Grey-Dark.qss.colors",
"/usr/local/share/Lumina-DE/colors/Lumina-Glass.qss.colors",
"/usr/local/share/Lumina-DE/colors/Lumina-Gold.qss.colors",
"/usr/local/share/Lumina-DE/colors/Lumina-Green.qss.colors",
"/usr/local/share/Lumina-DE/colors/Lumina-Purple.qss.colors",
"/usr/local/share/Lumina-DE/colors/Lumina-Red.qss.colors",
"/usr/local/share/Lumina-DE/colors/PCBSD10-Default.qss.colors",
"/usr/local/share/Lumina-DE/colors/Solarized-Dark.qss.colors",
"/usr/local/share/Lumina-DE/colors/Solarized-Light.qss.colors",
"/usr/local/share/Lumina-DE/desktop-background.jpg",
"/usr/local/share/Lumina-DE/fluxbox-init-rc",
"/usr/local/share/Lumina-DE/fluxbox-keys",
"/usr/local/share/Lumina-DE/luminaDesktop.conf",
"/usr/local/share/Lumina-DE/quickplugins/quick-sample.qml",
"/usr/local/share/Lumina-DE/themes/Lumina-default.qss.template",
"/usr/local/share/Lumina-DE/themes/None.qss.template",
"/usr/local/share/applications/lumina-fm.desktop",
"/usr/local/share/applications/lumina-info.desktop",
"/usr/local/share/applications/lumina-screenshot.desktop",
"/usr/local/share/applications/lumina-search.desktop",
"/usr/local/share/applications/lumina-support.desktop",
"/usr/local/share/pixmaps/Insight-FileManager.png",
"/usr/local/share/pixmaps/Lumina-DE.png",
"/usr/local/share/wallpapers/Lumina-DE/Lumina_Wispy_gold.jpg",
"/usr/local/share/wallpapers/Lumina-DE/Lumina_Wispy_green.jpg",
"/usr/local/share/wallpapers/Lumina-DE/Lumina_Wispy_purple.jpg",
"/usr/local/share/wallpapers/Lumina-DE/Lumina_Wispy_red.jpg",
"/usr/local/share/xsessions/Lumina-DE.desktop"
],
"flatsize": "12324767",
"icon": "\\\"http://www.pcbsd.org/appcafe/icons/x11_lumina.png\\\"",
"id": "2541",
"licenselogic": "1",
"licenses": [
"BSD3CLAUSE"
],
"locked": "0",
"maintainer": "kmoore@FreeBSD.org",
"manifestdigest": "2$0$4ypg5zrco9upyuioczmo3uwbtdd5yart7xuit6fx3gjrn1k979qb",
"message": "[{\"message\":\"The Lumina Desktop Environment has been installed!\\n\\nAn entry for for launching Lumina from a graphical login manager has already been added to the system, but if you with to start Lumina manually, you will need to do one of the following:\\n1) Put the line \\\"exec Lumina-DE\\\" at the end of your user's \\\"~/.xinitrc\\\" file before running startx\\n2) Wrap the Lumina binary call with an X initialization call: \\nExample: \\\"xinit ${PREFIX}/bin/Lumina-DE -- :0\\\"\\n\\nAlso note that the system-wide default settings for Lumina are contained in ${PREFIX}/etc/luminaDesktop.conf[.dist]. While it is possible to customize the desktop to the user's liking after logging in, you may want to adjust the default settings as necessary if there are multiple user accounts on this system.\"}]",
"mtree_id": "",
"name": "lumina",
"options": {
"MULTIMEDIA": "on",
"PCBSD": "on"
},
"origin": "x11/lumina",
"pkg_format_version": "",
"prefix": "/usr/local",
"repo_type": "binary",
"repository": "pcbsd-major",
"screen1": "\\\"http://www.pcbsd.org/appcafe/screenshots/x11/lumina/screen1.png\\\"",
"shlibs_provided": [
"libLuminaUtils.so.1"
],
"shlibs_required": [
"libxcb.so.1",
"libxcb-composite.so.0",
"libxcb-damage.so.0",
"libXdamage.so.1",
"libxcb-util.so.1",
"libGL.so.1",
"libQt5Core.so.5",
"libxcb-image.so.0",
"libxcb-icccm.so.4",
"libxcb-ewmh.so.2",
"libQt5Gui.so.5",
"libQt5Network.so.5",
"libQt5Widgets.so.5",
"libQt5Concurrent.so.5",
"libQt5Multimedia.so.5",
"libQt5MultimediaWidgets.so.5",
"libQt5Svg.so.5",
"libQt5X11Extras.so.5"
],
"time": "1458334158",
"version": "0.8.8_2,1",
"www": "http://lumina-desktop.org"
}
}
},
"id": "fooid",
"name": "response",
"namespace": "sysadm"
}
that data coming in will be mixed with several messages at once,
lets parse those properly, and also implement some sanity checking
to make sure we aren't being flooded with a potential buffer overflow
1) Fix the event registration detection (string/array for args, not object/array)
2) Add a 30 second connection timeout for the client to successfully authorize before the server will close the connection.
Namespace: "sysadm"
Name: "settings"
Arguments structure needs the "action" variable/value for all calls:
Action: "list_ssl_certs"
- No additional input needed: will list the known/registered certificates organized by <username> : { <public_key> : <certificate as text> }
Action: "register_ssl_cert"
Example Payload: {"action" : "register_ssl_cert", "pub_key" : <public_key> }
The <public_key> string needs to match the public key of one of the certificates currently loaded into the server/client connection. This will register that certificate on the server and allow that user to authenticate without a password as long as that same certificate is loaded up in any future connections. No special outputs are send back (just overall error/ok status).
Action: "revoke_ssl_cert"
Example Payload: {"action" : "revoke_ssl_cert", "pub_key" : <public_key>, "user" : <optional-username> }
The <public_key> string needs to match one of the keys given by the list function (does not need to match any currently-loaded certs). The "user" field is optional, and allows a connection with full admin privileges to revoke certs belonging to other users.
Note about current user/connection permissions level:
If the current user has full admin access, the "list_ssl_certs" API call will return the registered certificates for all users on the system - otherwise it will only return the certificates for the current user. Similarly, the "revoke_ssl_cert" may be used to remove certs registered to other users only if the current user/connection has full admin access - otherwise it may only be used to manage the current user's certificates.
Current Settings:
1) 5 auth attempts allowed before failover
2) If no communications for 10 minutes, the failover counter gets reset
3) On failover - the IP is placed on the server blacklist for 1 hour
Note: The blacklist system is connection independant, and uses the host IP for unique tracking/blocking.
Also setup the server to make it easier to extend for API/library support in the backend. All backend functionality can now be added to the new "WebBackend.cpp" file (and WebSocket.h file for headers).
