File Manager

X7ROOT File Manager

Current Path: /usr/lib/pcsd

📁 ..
📁 .bundle
📄 Gemfile(223 B)
📄 Gemfile.lock(731 B)
📄 Makefile(1.17 KB)
📄 auth.rb(4.78 KB)
📄 bootstrap.rb(3.57 KB)
📄 capabilities.xml(59.05 KB)
📄 cfgsync.rb(23.66 KB)
📄 cluster.rb(413 B)
📄 cluster_entity.rb(29.81 KB)
📄 config.rb(6.49 KB)
📄 config.ru(440 B)
📄 corosyncconf.rb(3.78 KB)
📄 fenceagent.rb(1.16 KB)
📄 pcs.rb(61.88 KB)
📄 pcsd(695 B)
📄 pcsd-cli.rb(4.37 KB)
📄 pcsd.8(3.19 KB)
📄 pcsd.logrotate(151 B)
📄 pcsd.pam(154 B)
📄 pcsd.rb(49.65 KB)
📄 pcsd_action_command.rb(2.11 KB)
📄 pcsd_exchange_format.rb(1.35 KB)
📄 pcsd_file.rb(3.95 KB)
📄 pcsd_remove_file.rb(595 B)
📄 permissions.rb(4.24 KB)
📁 public
📄 remote.rb(94.31 KB)
📄 resource.rb(12.63 KB)
📄 rfc7919-ffdhe2048.pem(424 B)
📄 session.rb(2.01 KB)
📄 settings.rb(1.15 KB)
📄 ssl.rb(7.27 KB)
📁 vendor
📁 views
📄 wizard.rb(418 B)
📁 wizards

Editing: pcsd-cli.rb

#!/usr/bin/ruby

require 'rubygems'
require 'etc'
require 'json'
require 'stringio'

require 'bootstrap.rb'
require 'pcs.rb'
require 'auth.rb'
require 'remote.rb'

def cli_format_response(status, text=nil, data=nil)
  response = Hash.new
  response['status'] = status
  response['text'] = text if text
  response['data'] = data if data
  response['log'] = $logger_device.string.lines.to_a
  return JSON.pretty_generate(response)
end

def cli_exit(status, text=nil, data=nil, exitcode=0)
  puts cli_format_response(status, text, data)
  exit exitcode
end

# bootstrap, emulate environment created by pcsd http server
auth_user = {}
PCS = get_pcs_path()
$logger_device = StringIO.new
$logger = configure_logger($logger_device)

capabilities, capabilities_pcsd = get_capabilities($logger)
CAPABILITIES = capabilities.freeze
CAPABILITIES_PCSD = capabilities_pcsd.freeze

# check and set user
uid = Process.uid
if 0 == uid
  if ENV['CIB_user'] and ENV['CIB_user'].strip != ''
    auth_user[:username] = ENV['CIB_user']
    if ENV['CIB_user_groups'] and ENV['CIB_user_groups'].strip != ''
      auth_user[:usergroups] = ENV['CIB_user_groups'].split(nil)
    else
      auth_user[:usergroups] = []
    end
  else
    auth_user[:username] = SUPERUSER
    auth_user[:usergroups] = []
  end
else
  username = Etc.getpwuid(uid).name
  if not PCSAuth.isUserAllowedToLogin(username)
    cli_exit('access_denied')
  else
    auth_user[:username] = username
    success, groups = PCSAuth.getUsersGroups(username)
    auth_user[:usergroups] = success ? groups : []
  end
end

# continue environment setup with user set in auth_user
$cluster_name = get_cluster_name()

# get params and run a command
command = ARGV[0]
allowed_commands = {
  'read_tokens' => {
    # returns tokens of the user who runs pcsd-cli, thus no permission check
    'only_superuser' => false,
    'permissions' => nil,
    'call' => lambda { |params, auth_user_|
      token_cfg = read_token_file()
      return {
        :tokens => token_cfg.tokens,
        :ports => token_cfg.ports,
      }
    },
  },
  'auth' => {
    'only_superuser' => false,
    'permissions' => nil,
    'call' => lambda { |params, auth_user_|
      auth_responses, sync_successful, sync_nodes_err, sync_responses = pcs_auth(
        auth_user_, params['nodes'] || [], params['username'] || '',
        params['password'] || '', params['force'], params['local']
      )
      return {
        'auth_responses' => auth_responses,
        'sync_successful' => sync_successful,
        'sync_nodes_err' => sync_nodes_err,
        'sync_responses' => sync_responses,
      }
    },
  },
  'send_local_configs' => {
    'only_superuser' => false,
    'permissions' => Permissions::FULL,
    'call' => lambda { |params, auth_user_|
      send_local_configs_to_nodes(
        # for a case when sending to a node which is being added to a cluster
        # - the node doesn't have the config so it cannot check permissions
        PCSAuth.getSuperuserAuth(),
        params['nodes'] || [],
        params['force'] || false,
        params['clear_local_cluster_permissions'] || false
      )
    }
  },
  'send_local_certs' => {
    'only_superuser' => false,
    'permissions' => Permissions::FULL,
    'call' => lambda { |params, auth_user_|
      send_local_certs_to_nodes(auth_user_, params['nodes'] || [])
    }
  },
  'pcsd_restart_nodes' => {
    'only_superuser' => false,
    'permissions' => nil,
    'call' => lambda { |params, auth_user_|
      pcsd_restart_nodes(auth_user_, params['nodes'] || [])
    }
  },
  'node_status' => {
    'only_superuser' => true,
    'permissions' => Permissions::FULL,
    'call' => lambda { |params, auth_user_|
      return JSON.parse(node_status(
        {
          :version => '2',
          :operations => '1',
          :skip_auth_check => '1',
        },
        {},
        auth_user_
      ))
    }
  },
}
if allowed_commands.key?(command)
  begin
    params = JSON.parse(STDIN.read)
  rescue JSON::ParserError => e
    cli_exit('bad_json_input', e.to_s)
  end
  if allowed_commands['only_superuser']
    if not allowed_for_superuser(auth_user)
      cli_exit('permission_denied')
    end
  end
  if allowed_commands['permissions']
    if not allowed_for_local_cluster(auth_user, command_settings['permissions'])
      cli_exit('permission_denied')
    end
  end
  result = allowed_commands[command]['call'].call(params, auth_user)
  cli_exit('ok', nil, result)
else
  cli_exit('bad_command')
end

X7ROOT File Manager

Editing: pcsd-cli.rb

Upload File

Create Folder