summaryrefslogtreecommitdiffstats
path: root/src/rest.c
Commit message (Collapse)AuthorAgeFilesLines
* #915 Add /room/add POST methodJavier Sánchez Parra2021-04-201-0/+123
| | | | | | | | | | | | | | | | | | | | | | | Adds POST method to add rooms (labs), required payload parameters are name, netmask and center; any additional attributes are optional. Required JSON: { "center": 0, "name": "classroom10", "netmask": "255.255.255.0" } Full JSON: { "center": 0, "name": "classroom11", "netmask": "255.255.255.0", "group": 0, "location": "First floor", "gateway": "192.168.56.1", "ntp": "hora.cica.es", "dns": "1.1.1.1", "remote": True } This commit also adds unit tests for /room/add POST method.
* #915 increase maximum API REST response sizeJavier Sánchez Parra2021-04-191-1/+1
| | | | | GET /scope could generate a response larger than 64 Kbytes. Rise the maximum API REST response size to 256 Kbytes.
* #915 fix "response too large" error pathJavier Sánchez Parra2021-04-191-12/+9
| | | | | Otherwise, ogServer sends "200 OK" after a "500 Internal Server Error error" response.
* #915 validate response json sizeJavier Sánchez Parra2021-04-191-15/+65
| | | | | | | | Otherwise, copying response json to response buffer could lead to stack smashing is the json response is too large. stdout example: *** stack smashing detected ***: <unknown> terminated
* #915 Add /center/add POST methodJose M. Guisado2021-04-081-0/+84
| | | | | | | | | Adds POST method to add centers (organizational unit), required payload parameter is the name, and an additional comment is optional. {"name": "ACME"} {"name": "ACME", "comment": "Some comment"}
* #915 Add GET /oglive/test REST API functionJavier Sánchez Parra2021-04-051-0/+31
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This function returns the installed and available ogLiveS in the server to be booted from. Request: GET /oglive/list NO BODY Response 200 OK { "oglive": [ { "distribution": "bionic", "kernel": "5.4.0-40-generic", "architecture": "amd64", "revision": "r20200629", "directory": "ogLive-5.4.0-r20200629", "iso": "ogLive-bionic-5.4.0-40-generic-amd64-r20200629.85eceaf.iso" }, { "distribution": "bionic", "kernel": "5.0.0-27-generic", "architecture": "amd64", "revision": "r20190830", "directory": "ogLive-5.0.0-r20190830", "iso": "ogLive-bionic-5.0.0-27-generic-amd64-r20190830.7208cc9.iso" } ], "default": 0 } This commit also adds tests for GET /oglive/test.
* #1004 Add GET /images testDiego Crespo Quinta2021-03-301-1/+1
| | | | Fix incorrect error if json is missing.
* #990 fix crash in wol with malformed IP addressOpenGnSys Support Team2021-03-301-1/+4
| | | | | | | | | | | | | | | | | | ==28831== 1 errors in context 1 of 2: ==28831== Invalid read of size 1 ==28831== at 0x55AC6FD: inet_aton (inet_addr.c:127) ==28831== by 0x10ECCA: WakeUp (ogAdmServer.c:337) ==28831== by 0x10EED6: Levanta (ogAdmServer.c:292) ==28831== by 0x11651E: og_cmd_wol (rest.c:498) ==28831== by 0x11651E: og_client_state_process_payload_rest (rest.c:3970) ==28831== by 0x110CF3: og_client_read_cb (core.c:143) ==28831== by 0x4E41D72: ev_invoke_pending (in /usr/lib/x86_64-linux-gnu/libev.so.4.0.0) ==28831== by 0x4E453DD: ev_run (in /usr/lib/x86_64-linux-gnu/libev.so.4.0.0) ==28831== by 0x10E3E5: ev_loop (ev.h:835) ==28831== by 0x10E3E5: main (main.c:100) ==28831== Address 0x0 is not stack'd, malloc'd or (recently) free'd Use number of matching ip addresses in the database, skip if zero.
* #990 Use lab netmask to calculate broadcast addressJavier Sánchez Parra2021-03-171-6/+15
| | | | | | | | | | | | ogServer gets netmask address from computer (ordenadores) table, see commit a35b7c4. Netmask field is empty in most cases, is only filled when the user adds computers with dhcpd.conf syntax and cannot be edited in computer properties view. Labs/rooms (aulas) table also have netmask field, WebConsole backend ensures it is not empty and can be edited in lab properties view. Get netmask from labs table to ensure it is not empty.
* #997 Fix og_tm_hours_maskJose M. Guisado2021-03-151-2/+2
| | | | | | | | | | | | | | | | | | Tests for e68fefe were made after 00pm (12:00) so we did not cover <12:00 cases for immediate commands that are logged (scheduled for the exact moment they are processed and ignored the fact they are stale so they are executed right away) In addition, libdbi was complaining about the data type used to represent the hours, they were not being inserted properly. From syslog: failed to query database (og_dbi_schedule_create:3288) 1264: Out of range value for column 'horas' at row 1 Fix og_tm_hours_mask so <12:00 immediate schedule is handled correctly. Change return type to uint16_t, as the 'hours' column type is smallint(4) Fixes e68fefe ("#997 Set stale check flag when processing schedule/create")
* #997 Use stale check flag in schedule/updateJose M. Guisado2021-03-151-1/+19
| | | | | | | | | | | | | Commit e68fefe introduced 'check_stale' flag to better distinguish real scheduled actions that do not execute if they are stale from immediate actions that we want them to be logged in the action queue (by creating a decoy schedule for the exact moment they are processed, meaning that we ignore if the are stale). Add this feature into schedule update too, in order to avoid executing stale commands that were not meant to, ie. real scheduled commands. Follows e68fefe ("Set stale check flag when processing schedule/create")
* #942 return error if API REST parser failsOpenGnSys Support Team2021-03-151-38/+29
| | | | | Return error if json parser fails, ignore unknown json attributes. Missing uninitialized error value.
* #997 Remove unnecessary strdup in og_dbi_queue_*Jose M. Guisado2021-03-111-2/+2
| | | | | | | | | | | | | | | | | | | | | | | After executing an scheduled command/proc/task valgrind reported leaks inside og_dbi_queue_{command,procedure,task}. String duplication is not being freed after using them. ==21281== 36 bytes in 1 blocks are definitely lost in loss record 470 of 592 ... ==21281== by 0x113DCB: og_dbi_queue_procedure (rest.c:2748) ==21281== by 0x113F91: og_dbi_queue_task (rest.c:2804) ==21281== by 0x114392: og_schedule_run (rest.c:2916) ==21281== by 0x112059: og_agent_timer_cb (schedule.c:441) ... ==21281== by 0x10E2A5: main (main.c:100) These strdup are not necessary because the dbi result is not freed before using them, it's safe to use the dbi result's reference to this string. Fix previous memleaks when executing scheduled commands, procedures and tasks.
* #997 Set stale check flag when processing schedule/createJose M. Guisado2021-03-111-1/+68
| | | | | | | | | | | If you schedule a command in the past, the scheduler executes such command immediately. When expanding a schedule that result in commands that run weekly, commands in the past are also executed, which is not expected. Fix this by using the check_stale flag (formerly on_start) so commands in the past that result from expansions are skipped.
* #1004 Fix memleak in og_cmd_imagesJose M. Guisado2021-02-241-1/+1
| | | | | | | | | | image_json object is created to store the json representation of an image returned by the database. This object is going to be appended to a json list that will compose the overall root json object. Use json_array_append_new to let "images" steal the reference of image_json so when further decref(root) there is no json reference hanging around.
* #942 memleak in og_send_request()OpenGnSys Support Team2021-02-231-0/+2
|
* #942 memleak in error pathOpenGnSys Support Team2021-02-231-87/+172
| | | | | | Fix memleaks in error path. json_decref() checks for null objects.
* #990 Fix og_cmd_wol memory leakJose M. Guisado2021-02-231-0/+6
| | | | | | | Allocated strings using dbi_result_get_string_copy are not being freed after using them. This patch fix this memory leak. Fixes: e4cb91b ("#990 wol: migrate mac and netmask query to ogServer")
* #1019 UAF in schedule runOpenGnSys Support Team2021-02-231-1/+4
| | | | Otherwise accessing IP address results in use-after-free.
* #1019 Fix queued Wake on LANJavier Sánchez Parra2021-02-221-0/+28
| | | | | | | | | | | | | UMA and UPV report that Wake on LAN command (in queue mode) does not work. We improved WoL command, now ogServer calculates the broadcast address of the network to which the client belongs. To calculate this address ogServer needs the IP and the netmask of the client. We updated ogServer to retrieve the netmask from the database in non-queue mode, but we forgot to add this in queue mode. This patch adds netmask retrieving to queued WoL.
* #990 wol: migrate mac and netmask query to ogServerJose M. Guisado2021-02-151-69/+41
| | | | | | | | | | | | | ogServer WoL rest function is expecting ip, mac and netmask from the request's payload. This makes the client responsible for providing such data. ogServer should be the owner of the database, this patch adjusts the parameter expected in a request payload for /wol action so clients only need to provide the ips and wol type (broadcast, unicast). Database is expected to contain valid data for the netmask and mac of target computers.
* #1004 Fix client setup disk size showing as 0Jose M. Guisado2021-02-091-2/+2
| | | | | | | | | | | | og_cmd_get_client_setup is querying the database for computers disk setup information. This includes the size of a disk or a partition, which are stored as BIGINT in the database. Using dbi_result_get_int will result in an error as libdbi expects to store this kind of data type in a long long instead of an int. Fix disk size variable declaration and use the correct dbi_result_get function for this particular data column.
* #1019 Fix setup legacy string parserJavier Sánchez Parra2021-02-081-3/+8
| | | | | | | | | | | | UMA reports that the setup command (in queue mode) does not work. WebConsole stores queued commands in the database using the deprecated SocketHidra legacy string format and ogServer parses them with sscanf(). The setup command has a new field "ttp" since commit 0dd3edd, however, the ogServer legacy parser was not updated to use this new field. This patch adds legacy setup support to work with GPT tables. Add new field table type to legacy setup that expects a string with "MSDOS" or "GPT".
* #1019 Fix restore-image legacy string parserJavier Sánchez Parra2021-02-081-1/+2
| | | | | | | | | | | | UMA reports that the restore image command (in queue mode) does not work, the non-queue mode works fine though. WebConsole stores queued commands in the database using the deprecated SocketHidra legacy string format and ogServer parses them with sscanf(). The restore-image command has the field "ptc" which stores a string with whitespaces, however, ogServer expects no whitespaces ("%s"). Update parser to read until carriage return, whitespaces included.
* #802 add uefi folder for post_modes pxe template lookupJose M. Guisado2021-01-131-3/+13
| | | | | | | | | | | | | | | | | | | | | When executing og_cmd_post_modes ogServer is looking up for the template related to the mode coming as a parameter. This lookup is only done for the bios boot mode. (ie. /opt/opengnsys/tftpboot/menu.lst/templates/) Templates can be created for a given boot mode, for example you can create a UEFI-only template (it. /opt/opengnsys/tftpboot/grub/templates). When a UEFI only template was coming as a parameter to og_cmd_post_modes the file can't be located because the UEFI template folder is never tested. Add UEFI folder to the lookup of pxe templates, try this folder if bios mode fails. PS: Later on a bash script "setclientmode" is to be executed, which will take its own way of updating these pxe files (ie. templates/../), this script updates every boot mode if an available template is found.
* #1010 Fix /software missing body in queued modeJavier Sánchez Parra2020-12-021-1/+16
| | | | | | ogServer do not send /software parameters to ogClient in queued mode. Add parameters as JSON body.
* #1010 Adapt ogServer to send GET /softwareJavier Sánchez Parra2020-12-021-1/+1
| | | | | | ogClient changed /software from POST to GET. Adapt ogServer to work with ogClient /software new method.
* #915 Test GET /scopesDiego Crespo Quinta2020-12-011-0/+5
| | | | And fix ogserver, report error if GET /scopes have a JSON body.
* #1008 Add support to work with GPT tablesJavier Sánchez Parra2020-11-271-0/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | ogServer /setup do not support to indicate which table type the user want to use. It always supposes that the partition table is MBR/MSDOS. Add ogServer support to work with GPT tables. Add new field table type to /setup that expects a string with "MSDOS" or "GPT". Example old JSON: { "clients": [...], "disk": "1", "cache": "0", "cache_size": "0", "partition_setup": [...] } Example new JSON: { "clients": [...], "type": "GPT", "disk": "1", "cache": "0", "cache_size": "0", "partition_setup": [...] }
* #942 Add GET /session REST API functionRoberto Hueso Gómez2020-10-201-2/+99
| | | | | | | | | | | | | | | | | | | | | | | This function returns the installed and available OSs in a client to be booted from. Request: GET /session { "client": ["192.168.56.11"] } Response 200 OK { "sessions": [ { "disk": 1, "name": "Ubuntu 18.04.4 LTS", "partition": 1 } ] }
* #942 Use client's IP as filter in GET /hardwareRoberto Hueso Gómez2020-10-201-17/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch uses client's IP instead of scope ID as a filter for the request. Request: GET /hardware { "client": ["192.168.56.11"] } Response: 200 OK { "hardware": [ { "description": "BIOS", "type": "Tipo de proceso de arranque" }, { "description": "QEMU Standard PC (i440FX + PIIX, 1996) v.pc-i440fx-5.1", "type": "Marca y modelo del equipo" }, { "description": "Intel Corp. Intel Core Processor (Haswell, no TSX, IBRS) 2GHz v.pc-i440fx-5.1", "type": "Microprocesadores" }, { "description": "QEMU 2049MiB (DIMM 0)", "type": "Memorias" }, { "description": "Red Hat, Inc. Virtio network device v.00", "type": "Tarjetas de Red" } ] }
* #942 Add GET /software REST API functionRoberto Hueso Gómez2020-10-161-2/+97
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This function retrieves a list of the software installed in a specific disk and partition of a client. This list can be updated by using POST /software beforehand. Request: GET /software { "client": ["192.168.56.11"], "disk": 1, "partition": 1 } Response: 200 OK { "software": [ "grub-pc-bin 2", "grub-pc 2.02", "grub2-common 2.02", "groff-base 1.22.3", "gpg 2.2.4", "gnupg-utils 2.2.4", "gnupg-l10n 2.2.4", "gnupg 2.2.4", "gnome-video-effects 0.4.3", "gnome-user-guide 3.28.2+git20180715", "gnome-user-docs 3.28.2+git20180715", "gnome-todo-common 3.28.1", "gnome-mines 3.28.0", "gnome-menus 3.13.3", "gnome-mahjongg 3.22.0", "gnome-keyring-pkcs11 3.28.0.2", "gnome-keyring 3.28.0.2", "gnome-initial-setup 3.28.0", "accountsservice 0.6.45" ] }
* #942 Extend GET /images functionRoberto Hueso Gómez2020-10-141-6/+18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This extension removes replaces the field 'filename' for 'name' and adds new fields (software_id, type and id). These new fields are useful when restoring an image. Request: GET /images Response: 200 OK { "disk": { "free": 37091418112, "total": 52573995008 }, "images": [ { "datasize": 5939200000, "id": 25, "modified": "Wed Oct 14 11:49:00 2020", "name": "archlinux", "permissions": "744", "size": 1844222333, "software_id": 19, "type": 1 } ] }
* #942 Create DB image when calling POST /image/createRoberto Hueso Gómez2020-10-141-6/+34
| | | | | | | | | | | | | | | | | | | | | | | | | | | In case the DB entry for an image does not exist when POST /image/create is called, this patch takes care of calling it. This adds few optional json parameters to the POST /image/create API. If optional parameters are included then this patch creates the DB entry, otherwise it just creates the actual image and updates the existing entry. Request: POST /image/create { "clients":["192.168.56.11"], "disk":"1", "partition":"1", "name":"archlinux", "repository":"192.168.56.10", "id":"24", "code":"131", "description":"This is a test", "group_id":0, "center_id":1 } Response: 200 OK
* Add REST POST /client/delete methodRoberto Hueso Gómez2020-10-081-0/+61
| | | | | | | | | | | | | | | This method deletes a client from the DB. Request: POST /client/delete { "clients": ["192.168.56.30"] } Response: 200 OK Co-authored-by: Javier Sánchez Parra <jsanchez@soleta.eu>
* #988 remove legacy configurationOpenGnSys Support Team2020-10-071-16/+16
| | | | | Use og_server_cfg everywhere. Convert port to string to make it easy for the dbi API since it expects a string. Remove legacy example configuration file.
* #988 rename og_server_cfg to cfgOpenGnSys Support Team2020-10-071-2/+2
| | | | to avoid clash with existing variable cfg in client.c
* #941 Use fixed length strings in og_computer and og_dbi_get_computer_infoRoberto Hueso Gómez2020-10-061-25/+28
| | | | | | This patch is a refactor for og_computer and og_dbi_get_computer_info. It now uses fixed lenght strings to make it more reliable and avoid errors if the DB is not returning a null ended string.
* #1004 Add GET /imagesJavier Sánchez Parra2020-09-291-0/+165
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This commit adds GET /images to the ogServer REST API. This call returns information of all the images in ogServer. Example response: { "images": [ { "filename": "ubuntu.img", "datasize": 2150400000, "size": 613476223, "modified": "Wed Sep 23 10:37:36 2020", "permissions": "744" }, { "filename": "test.img", "datasize": 2150400000, "size": 613236475, "modified": "Tue Sep 29 08:57:47 2020", "permissions": "744" } ], "disk": { "total": 52573995008, "free": 39624544256 } }
* #942 Add POST /client/add HTTP REST methodRoberto Hueso Gómez2020-09-241-0/+139
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | This method adds a new client. This new client's IP cannot be duplicated in the DB. Request: POST /client/add { "boot": "19pxeADMIN", "center": 0, "hardware_id": 0, "id": 2, "ip": "192.168.56.12", "livedir": "ogLive", "mac": "0800270E6512", "maintenance": true, "name": "pc12", "netdriver": "generic", "netiface": "eth1", "netmask": "255.255.255.0", "remote": false, "repo_id": 1, "room": 1, "serial_number": "" } Response: 200 OK
* #1004 Add GET /client/info HTTP REST methodRoberto Hueso Gómez2020-09-221-0/+88
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This method provides information about a specific client. The request must contain exactly 1 client's IP. Request: GET /client/info {"client": ["192.168.56.12"]} Response: 200 OK { "boot": "19pxeADMIN", "center": 0, "hardware_id": 0, "id": 2, "ip": "192.168.56.12", "livedir": "ogLive", "mac": "0800280E6871", "maintenance": true, "name": "pc12", "netdriver": "generic", "netiface": "eth1", "netmask": "255.255.255.0", "remote": false, "repo_id": 1, "room": 1, "serial_number": "" }
* Fix size of og_cmd_get_client_setup() return arrayRoberto Hueso Gómez2020-09-151-1/+2
| | | | The return array needs to store 1 extra element for the disk setup.
* #1004 Add GET /client/setup HTTP REST methodRoberto Hueso Gómez2020-09-141-0/+143
| | | | | | | | | | | | | | | | | | | | | | | | | | | This method provides the partitions setup for a specific client. The request must contain exactly 1 client's IP. Request: GET /client/setup {'client': ['192.168.56.12']} Response: 200 OK { "partitions": [ { "disk": 1, "partition": 0, "code": 0, "size": 20971520, "used_size": 0, "filesystem": 0, "os": 0, "image": 0, "software": 0 } ] }
* #980 do not report busy client if probing is pendingOpenGnSys Support Team2020-08-211-1/+6
| | | | og_client_status() should not report busy when probing is going on.
* #980 Add 'ip' field in GET /scopes requestRoberto Hueso Gómez2020-08-141-4/+4
| | | | | The 'ip' field is added to the json for scopes that have an IP (i.e. computers).
* #980 Select POST /mode clients by ip instead of scope nameRoberto Hueso Gómez2020-08-141-14/+18
| | | | | | This patch selects clients whose modes need to be changed in the current request. This patch makes POST /mode consistent with the rest of the REST API where clients are selected and filtered by ip.
* #998 disable incremental image APIOpenGnSys Support Team2020-08-141-473/+0
| | | | This API is not supported by ogClient yet and it uses the obsolete socket hydra API.
* #980 fix compile warning in og_set_client_modeOpenGnSys Support Team2020-08-061-2/+2
| | | | | | | | | | | | | | | | | | | | | | | CC src/rest.o src/rest.c: In function ‘og_cmd_post_modes.isra.27’: src/rest.c:966:4: warning: ‘%s’ directive output may be truncated writing up to 4096 bytes into a region of size between 3018 and 4041 -Wformat-truncation=] "MODE_FILE='%s'\nMAC='%s'\nDATA='%s'\n" ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ src/rest.c:1085:7: template_name, scope_name); ~~~~~~~~~~~~~ src/rest.c:967:33: note: format string is defined here "MODE='PERM'\nTEMPLATE_NAME='%s'", ^~ src/rest.c:965:2: note: ‘snprintf’ output 57 or more bytes (assuming 5176) into a destination of size 4096 snprintf(cmd_params, sizeof(cmd_params), ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "MODE_FILE='%s'\nMAC='%s'\nDATA='%s'\n" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "MODE='PERM'\nTEMPLATE_NAME='%s'", ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ mode, mac, params, template_name); ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
* #980 error reporting in setclientmodeOpenGnSys Support Team2020-08-061-1/+3
| | | | Add syslog and use exit()
* #986 Fixs error in 'Advanced Netboot' caused by loss information from ↵Irina Gómez2020-08-051-7/+12
| | | | ogserver process owner (author Roberto Hueso Gómez).