sysadm

mirror of https://github.com/outbackdingo/sysadm.git synced 2026-01-27 18:20:23 +00:00

Author	SHA1	Message	Date
Ken Moore	221b666262	Turn off some debugging, and switch the pkg database connection system over to a clone system so one request cannot interfere with another.	2016-04-01 15:06:10 -04:00
Ken Moore	bec2898567	Ensure that events also send the message to the socket through the proper thread/order.	2016-03-23 14:27:42 -04:00
Ken Moore	427eb7ec25	Turn off some minor debugging, and ensure that the system health check gets saved into temporary storage for later use as needed.	2016-03-22 10:21:46 -04:00
Ken Moore	29a51bf61e	Switch the WebSocket message send mechanism over to a signal/slot combination so that we don't get threads trampling each other on high-latency connections.	2016-03-11 18:55:27 -05:00
Kris Moore	cb4c4eb544	Change how we parse incoming WebSocket TCP/SSL data. Its possible that data coming in will be mixed with several messages at once, lets parse those properly, and also implement some sanity checking to make sure we aren't being flooded with a potential buffer overflow	2016-03-11 08:08:51 -05:00
Ken Moore	d2ef14a0d1	Large update to the dispatcher/events systems. Now there is a new DispatcherParsing.h file where any subsystem-specific dispatcher calls may be detected/parsed/handled as needed, and the iohyve fetch routine was updated to use this routine (for a proof of concept - could probably still use a bit more log output).	2016-03-03 15:16:55 -05:00
Ken Moore	1fc3b3fbb4	Couple changes: 1) Fix the event registration detection (string/array for args, not object/array) 2) Add a 30 second connection timeout for the client to successfully authorize before the server will close the connection.	2016-03-03 11:57:45 -05:00
Ken Moore	c064bdcfcd	Small set of general cleanup in the server sources: 1) Fix a connection issue in the dispatcher 2) Always run the [T]SOCKET->isValid() check before interacting with any socket.	2016-02-25 08:49:17 -05:00
Ken Moore	767bf82ec8	Finish fixing up the new auth_ssl option (lots of debugging still enabled). The SSL encode/decode systems still are not working yet - looks like an inherent incompatibility with a text-base transport system (JSON), so we will need to find another method (acting on a file and sending the hash instead?).	2016-02-19 15:13:29 -05:00
Ken Moore	6cfaf6e597	Completely re-do the SSL authentication systems. Now it is a two-stage auth system, where the server generates a random string, sends it to the client for encryptions with their private SSL key, then gets sent back to the server where the new string is decrypted with the known SSL keys and compared to teh original for accuracy.	2016-02-18 17:01:09 -05:00
Ken Moore	edbef3e759	Add a full chain of SSL Certificate management fucntions to the authorization manager, and setup the main "auth" API call to use the cert system if no password was supplied for authorization. While here, also move the location of the server config file to /usr/local/etc/sysadm.conf, and print out that location in the main server log file.	2016-02-10 12:43:06 -05:00
Ken Moore	37224472cc	Make the websocket/rest server distinctions a bit more clear. Now the logs are in websocket/restserver subdirectories, the LP file watchers will resume from the last log point (server-type aware), and a couple other changes for saving server-dependent variables.	2016-02-03 10:12:01 -05:00
Ken Moore	8166ef8a79	Cleanup a lot of the logging in the sysadm server. Now the hostinfo log file will clearly list connection time/IP, auth attempts/IP, Dispatches/IP, disconnections/IP. The dispatcher and events systems also properly log activity within their individual log files.	2016-02-02 13:46:23 -05:00
Ken Moore	1ae716ebfc	Add IP blacklisting to the sysadm server. Current Settings: 1) 5 auth attempts allowed before failover 2) If no communications for 10 minutes, the failover counter gets reset 3) On failover - the IP is placed on the server blacklist for 1 hour Note: The blacklist system is connection independant, and uses the host IP for unique tracking/blocking.	2016-01-21 10:12:13 -05:00
Ken Moore	155026aab1	Fix up the file watcher system in the events class. Now it actually functions in it's own thread.	2016-01-20 11:42:41 -05:00
Ken Moore	fd5bc59d00	Fix up a bit more of the event system within the websocket class after some testing with the client.	2016-01-20 09:54:00 -05:00
Ken Moore	27ebde481d	Make sure the "auth" requests are always run in order - do asyncronous event handling after auth is already setup.	2016-01-19 12:36:19 -05:00
Ken Moore	ee7a5a9d43	Enable QtConcurrent for the message reply generation systems.	2016-01-19 12:33:00 -05:00
Ken Moore	0077d68208	Commit some debugging work on the sysadm server.	2016-01-18 16:53:12 -05:00
Ken Moore	f30b6cf947	Finish up the overhaul of the Events subsystem and start adding in the Life Preserver event handling/systems.	2016-01-18 12:37:40 -05:00
Ken Moore	82b549ead3	Split off the Events subsystem from the server class and set it up for easy expansion later.	2016-01-15 15:36:04 -05:00
Ken Moore	ec7f25d804	Add a new API call: namespace=rpc, name=query This will probe all the known subsystems and return which ones are currently available and what level of access the user has (read/write). REST Request: ------------------------------- PUT /rpc/query { "junk" : "junk" } REST Response: ------------------------------- { "args": { "rpc/dispatcher": "read/write", "rpc/syscache": "read", "sysadm/lifepreserver": "read/write", "sysadm/network": "read/write" } } WebSocket Request: ------------------------------- { "id" : "fooid", "name" : "query", "namespace" : "rpc", "args" : { "junk" : "junk" } } WebSocket Response: ------------------------------- { "args": { "rpc/dispatcher": "read/write", "rpc/syscache": "read", "sysadm/lifepreserver": "read/write", "sysadm/network": "read/write" }, "id": "fooid", "name": "response", "namespace": "rpc" }	2016-01-13 14:21:45 -05:00
Ken Moore	d93b0a5ba7	Add a new auth subsystem to teh backend of the server. Now the user's who login are divided up into "Full Access" users or not. This allows for additional restrictions in the backend subsystems to restrict certain types of operations to only the "full access" (root-permissioned) users. The users are divided up like this: 1) The user must be in either the "wheel" or "operator" groups to get any access whatsoever (restricting automated services from connecting). 2) If the user is in the "wheel" group, they get full access to the server's capabilities 3) If the user is in the "operator" group instead, then they only get limited access to the server's capabilities. While here, also allow password-less logins to the server if the client is connecting to a server on the same system (local access). User restrictions still apply.	2016-01-13 13:12:10 -05:00
Ken Moore	262ddb637d	Commit some more work on on updating the websocket server to use wss.	2016-01-08 14:01:49 -05:00
Ken Moore	ba654808db	Get the TCP server running with SSL encryption all the time now (TLS1.2)	2016-01-08 12:07:17 -05:00
Ken Moore	cce21a7677	Switch the sysadm server over to the secure socket protocols (wss/https)	2016-01-07 16:07:35 -05:00
Ken Moore	40a7e41213	Fix a bug with event notifications and the new output structure (ensure it sets the output data properly).	2016-01-07 15:14:46 -05:00
Ken Moore	7ffec5003b	Add PUT REST support, and clean up the bytes calculation for the output JSON data.	2016-01-05 16:20:37 -05:00
Ken Moore	b425c7bb89	Allow "Post" Requests from REST input.	2016-01-05 15:54:55 -05:00
Ken Moore	838a5d9f60	Fix up some REST input parsing.	2016-01-05 15:50:38 -05:00
Ken Moore	35a90406ec	Oops, forgot to comment out the auth user/pass line from the log file (don't need to keep that around).	2016-01-05 15:12:07 -05:00
Ken Moore	858ed83611	Add in the REST authorization protocols so REST communications now get through to the backend systems if valid requests.	2016-01-05 15:11:01 -05:00
Ken Moore	c08a458127	Quick fix for the unauthorized return value for bad requests.	2016-01-05 14:46:00 -05:00
Ken Moore	a1ba1044ee	Don't 'close' a socket after a TCP reply - instead just disconnect from the host after all data has been transmitted.	2016-01-05 14:17:46 -05:00
Ken Moore	a5fcddcbbe	Separate out the reply systems within the websocket.[cpp/h] files, and ensure that we close the TCP socket after sending back a reply.	2016-01-05 13:46:55 -05:00
Kris Moore	ea0bbad1f6	Merge branch 'master' of https://github.com/pcbsd/sysadm	2016-01-05 13:19:16 -05:00
Kris Moore	528c247607	Add LifePreserver API first list-cron call	2016-01-05 13:19:01 -05:00
Ken Moore	adda4e7931	Merge branch 'master' of github.com:pcbsd/sysadm	2016-01-05 13:18:43 -05:00
Ken Moore	1c7dab4ab2	Fix a typo in the signal/slots for a tcp server.	2016-01-05 13:18:20 -05:00
Ken Moore	fdf06cac1e	Clean up a bit more of the websocket class.	2016-01-04 13:44:58 -05:00
Ken Moore	7d53e59a1d	Oops, forgot to turn off debug mode before committing.	2016-01-04 13:33:44 -05:00
Ken Moore	8d57413401	A few more updates to the input message parsing systems for the server: Ensure that both the namespace and the name of the input message are passed through to the backend parser/system (if authorized).	2016-01-04 13:30:49 -05:00
Ken Moore	87ab5f2a22	Fix the input argument parsing for sysadm-server.	2016-01-04 13:01:39 -05:00
Ken Moore	b0bfcb4c03	Convert the REST/JSON input/output structures quite a bit so the backend usage is now agnostic as to the type of input used. It will then convert the output format to match what was input (REST -> REST, JSON -> JSON).	2015-12-30 16:05:08 -05:00
Ken Moore	9fe2914da3	Convert sysadm-server to run either in TCP or WebSocket mode. New CLI flags: "-ws": Use the websocket protocols instead of tcp "-p <port number>": Use the designated port number for the server.	2015-12-29 12:43:29 -05:00
Ken Moore	f5dab0048c	Add a copy of the syscache-webclient server into the sysadm/src/server. Also setup the server to make it easier to extend for API/library support in the backend. All backend functionality can now be added to the new "WebBackend.cpp" file (and WebSocket.h file for headers).	2015-12-15 13:06:42 -05:00

46 Commits