Hello!
On 12/29/2015 03:12 AM, Kern Sibbald wrote:
> The only current possibility is to not permit the help command. Making the
> help
> command recognized which commands are permitted would be a significant project
> which is not currently on our task list. However, it would be nice if someone
> would contribute it :-)
I have written the patch and would like to contribute it. I'll give a summary
of the output of the patch and then attach the patch itself. I have also sent
in the CAA document.
I noticed that bconsole takes a lot of its direction from the Director in a
pleasant manner. So, this patch is only in the Director sources and it is
against the 7.2.0 sources.
Here is an example of the regular 'help' command, printed out in full. The
! denotes a command which is NOT available to you in this particular
console, and notice that the help told you that you were in a restricted
console as well.
*help
Command Description
======= ===========
! add Add media to a pool
autodisplay Autodisplay console messages
! automount Automount after label
! cancel Cancel a job
! create Create DB Pool from resource
! delete Delete volume, pool or job
! disable Disable a job, attributes batch process
! enable Enable a job, attributes batch process
! estimate Performs FileSet estimate, listing gives full listing
! exit Terminate Bconsole session
! gui Non-interactive gui mode
help Print help on specific command
! label Label a tape
list List objects from catalog
llist Full or long list like list command
messages Display pending messages
! memory Print current memory usage
! mount Mount storage
! prune Prune expired records from catalog
! purge Purge records from catalog
quit Terminate Bconsole session
! query Query catalog
restore Restore files
! relabel Relabel a tape
! release Release storage
! reload Reload conf file
run Run a job
! restart Restart a job
! resume Resume a job
status Report status
! stop Stop a job
! setdebug Sets debug level
! setbandwidth Sets bandwidth
! snapshot Handle snapshots
! setip Sets new client address -- if authorized
show Show resource records
! sqlquery Use SQL to query catalog
! time Print current time
! trace Turn on/off trace to file
! truncate Truncate one or more Volumes
! unmount Unmount storage
! umount Umount - for old-time Unix guys, see unmount
! update Update volume, pool or stats
! use Use catalog xxx
! var Does variable expansion
! version Print Director version
! wait Wait until no jobs are running
This is a restricted console. Commands marked with ! are invalid.
When at a prompt, entering a period cancels the command.
*
If you ask for help on a specific item, you get this:
*help time
Command Description
======= ===========
! time Print current time
Arguments:
This is a restricted console. Commands marked with ! are invalid.
When at a prompt, entering a period cancels the command.
*
I also noticed there is a dot command set and I fixed that too. I understand
though that my changes here might be tweaked a little since it is a scripting
interface.
But, I'll demonstrate that this looks like too (but here I'll summarize
appropriately):
*.help all
!add
autodisplay
!automount
!cancel
!create
!delete
!disable
!enable
!estimate
!exit
!gui
help
!label
list
llist
messages
!memory
!mount
!prune
!purge
quit
!query
restore
!relabel
!release
!reload
run
!restart
!resume
status
!stop
!setdebug
!setbandwidth
!snapshot
!setip
show
!sqlquery
!time
!trace
!truncate
!unmount
!umount
!update
!use
!var
!version
!wait
* .help
[snip]
!reload Reload conf file --
run Run a job -- job=<job-name> client=<client-name>
fileset=<FileSet-name> level=<level-keyword>
storage=<storage-name> where=<directory-prefix>
when=<universal-time-specification> pool=<pool-name>
nextpool=<next-pool-name> comment=<text> accurate=<bool>
spooldata=<bool> yes
!restart Restart a job -- incomplete job=<job-name> client=<client-name>
fileset=<FileSet-name> level=<level-keyword>
storage=<storage-name>when=<universal-time-specification>
comment=<text> spooldata=<bool> jobid=<jobid>
[snip]
*.help item=reload
The command 'reload' is invalid in this restricted console.
*
So, I figure that it might be requested that I change the dot help command to
have the new feature only in the '.help all' case as opposed to changing
output in the other variants of .help.
Anyways, please let me know if I need to make changes The most important change
for me was the regular help command fixes with which humans interact but it is
pretty nice to have the scriptable interface realize it can't do something too.
I've attached the patch.
Thank you!
-pete
diff --git a/bacula/src/dird/ua_cmds.c b/bacula/src/dird/ua_cmds.c
index ab8d979..33e10e3 100644
--- a/bacula/src/dird/ua_cmds.c
+++ b/bacula/src/dird/ua_cmds.c
@@ -62,6 +62,7 @@ static int delete_cmd(UAContext *ua, const char *cmd);
static int disable_cmd(UAContext *ua, const char *cmd);
static int enable_cmd(UAContext *ua, const char *cmd);
static int estimate_cmd(UAContext *ua, const char *cmd);
+static bool is_valid_cmd(UAContext *ua, int cmd_index);
static int help_cmd(UAContext *ua, const char *cmd);
static int memory_cmd(UAContext *ua, const char *cmd);
static int mount_cmd(UAContext *ua, const char *cmd);
@@ -1985,37 +1986,90 @@ int wait_cmd(UAContext *ua, const char *cmd)
return 1;
}
+/* return true if the command at index cmd_index in commands is validly able
+ to be used by this user agent */
+static bool is_valid_cmd(UAContext *ua, int cmd_index)
+{
+ int len;
+
+ len = strlen(commands[cmd_index].key);
+
+ return
+ /* quit and .quit should always be valid */
+ (strcmp(commands[cmd_index].key, "quit") == 0) ||
+ (strcmp(commands[cmd_index].key, ".quit") == 0) ||
+ acl_access_ok(ua, Command_ACL, commands[cmd_index].key, len) ||
+ (ua->runscript && commands[cmd_index].use_in_rs);
+}
static int help_cmd(UAContext *ua, const char *cmd)
{
int i;
+ char validity = ' ';
+ int is_restricted_console = false;
+
ua->send_msg(_(" Command Description\n ======= ===========\n"));
for (i=0; i<comsize; i++) {
+ if (is_valid_cmd(ua, i)) {
+ validity = ' ';
+ } else {
+ validity = '!';
+ }
+
if (ua->argc == 2) {
if (!strcasecmp(ua->argk[1], commands[i].key)) {
- ua->send_msg(_(" %-13s %s\n\nArguments:\n\t%s\n"), commands[i].key,
- commands[i].help, commands[i].usage);
+ ua->send_msg(_("%c %-13s %s\n\nArguments:\n\t%s\n"),
+ validity, commands[i].key,
+ commands[i].help, commands[i].usage);
+ if (!is_valid_cmd(ua, i)) {
+ /* if we asked for help on an invalid command, ensure we
+ inform the user that this is a restricted console */
+ is_restricted_console = true;
+ }
break;
}
} else {
- ua->send_msg(_(" %-13s %s\n"), commands[i].key, commands[i].help);
+ if (!is_valid_cmd(ua, i)) {
+ /* saturate this boolean if any commands we're emitting
+ happened to be invalid */
+ is_restricted_console = true;
+ }
+ ua->send_msg(_("%c %-13s %s\n"),
+ validity, commands[i].key, commands[i].help);
}
}
if (i == comsize && ua->argc == 2) {
ua->send_msg(_("\nCan't find %s command.\n\n"), ua->argk[1]);
}
- ua->send_msg(_("\nWhen at a prompt, entering a period cancels the command.\n\n"));
+
+ if (is_restricted_console) {
+ /* Emit a message if we told the user about any kind of invalid command */
+ ua->send_msg(_("\nThis is a restricted console. Commands marked with ! are invalid.\n"));
+ }
+
+ ua->send_msg(_("\nWhen at a prompt, entering a period cancels the command.\n"));
+
return 1;
}
int qhelp_cmd(UAContext *ua, const char *cmd)
{
int i,j;
+ const char *cmd_is_valid_fmt = "%s\n";
+ const char *cmd_is_invalid_fmt = "!%s\n";
+ const char *everything_is_valid_fmt = "%s %s -- %s\n";
+ const char *everything_is_invalid_fmt = "!%s %s -- %s\n";
+ const char *fmt;
+
/* Want to display only commands */
j = find_arg(ua, NT_("all"));
if (j >= 0) {
for (i=0; i<comsize; i++) {
- ua->send_msg("%s\n", commands[i].key);
+ fmt = is_valid_cmd(ua, i)?
+ cmd_is_valid_fmt:
+ cmd_is_invalid_fmt;
+
+ ua->send_msg(fmt, commands[i].key);
}
return 1;
}
@@ -2024,7 +2078,15 @@ int qhelp_cmd(UAContext *ua, const char *cmd)
if (j >= 0 && ua->argk[j]) {
for (i=0; i<comsize; i++) {
if (bstrcmp(commands[i].key, ua->argv[j])) {
+ /* send the usage */
ua->send_msg("%s\n", commands[i].usage);
+
+ /* However, inform the user the command isn't actually available
+ if that is the case. */
+ if (is_valid_cmd(ua, i) == false) {
+ ua->send_msg("The command '%s' is invalid in this restricted console.\n", commands[i].key);
+ }
+
break;
}
}
@@ -2032,7 +2094,11 @@ int qhelp_cmd(UAContext *ua, const char *cmd)
}
/* Want to display everything */
for (i=0; i<comsize; i++) {
- ua->send_msg("%s %s -- %s\n", commands[i].key, commands[i].help, commands[i].usage);
+ fmt = is_valid_cmd(ua, i)?
+ everything_is_valid_fmt:
+ everything_is_invalid_fmt;
+
+ ua->send_msg(fmt, commands[i].key, commands[i].help, commands[i].usage);
}
return 1;
}
------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
_______________________________________________
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users
