r1574 + started working on the next gateway for SLB config handling
authorDenis Ovsienko <infrastation@yandex.ru>
Mon, 21 Jan 2008 13:54:04 +0000 (13:54 +0000)
committerDenis Ovsienko <infrastation@yandex.ru>
Mon, 21 Jan 2008 13:54:04 +0000 (13:54 +0000)
+ authorize() gets moved to a lib file

gateways/lib.sh [new file with mode: 0644]
gateways/slbconfig/main [new file with mode: 0755]
gateways/switchvlans/main

diff --git a/gateways/lib.sh b/gateways/lib.sh
new file mode 100644 (file)
index 0000000..9136b4a
--- /dev/null
@@ -0,0 +1,59 @@
+#!/bin/sh
+
+authorized()
+{
+       local endp=$1 user=$2 action=$3 arg1=$4 arg2=$5 skip=yes cval
+       [ -z "$endp" -o -z "$user" -o -z "$action" ] && return 1
+
+       # Now we strip PHP wrapping(s) and process auth rules only.
+       # Accept more than one ruleset on the floor.
+       while read line; do
+               if [ "$skip" = "yes" -a "$line" = "# S-T-A-R-T" ]; then
+                       skip=no
+                       continue
+               fi
+               if [ "$skip" = "no" -a "$line" = "# S-T-O-P" ]; then
+                       skip=yes
+                       continue
+               fi
+               [ "$skip" = "yes" ] && continue
+               # Allow comments.
+               [ -z "${line###*}" ] && continue
+
+               # Parse the line and try to make a decision earliest possible.
+               # Username and endpoint must match values/regexps, action
+               # must exactly match. Action arguments are tested agains values
+               # or regexps, but only for 'change' action.
+               # If the current rule doesn't match, advance to the next one.
+               # We will fail authorization by default anyway.
+
+               # Test action.
+               cval=`echo "$line" | cut -s -d' ' -f3`
+               [ "$action" = "$cval" ] || continue
+
+               # Test username.
+               cval=`echo "$line" | cut -s -d' ' -f2 | cut -s -d'@' -f1`
+               [ -z "${user##$cval}" ] || continue
+
+               # Test endpoint.
+               cval=`echo "$line" | cut -s -d' ' -f2 | cut -s -d'@' -f2`
+               [ -z "${endp##$cval}" ] || continue
+
+               if [ "$action" = "change" ]; then
+                       [ -z "$arg1" -o -z "$arg2" ] && return 1
+                       cval=`echo "$line" | cut -s -d' ' -f4`
+                       [ -z "${arg1##$cval}" ] || continue
+                       cval=`echo "$line" | cut -s -d' ' -f5`
+                       [ -z "${arg2##$cval}" ] || continue
+               fi
+
+               # All criterias match. Pick the permission and bail out.
+               cval=`echo "$line" | cut -s -d' ' -f1`
+               if [ "$cval" = "allow" ]; then
+                       return 0
+               else
+                       return 1
+               fi
+       done < "$MYDIR/userauth.php"
+       return 1
+}
diff --git a/gateways/slbconfig/main b/gateways/slbconfig/main
new file mode 100755 (executable)
index 0000000..96a1f6b
--- /dev/null
@@ -0,0 +1,76 @@
+#!/bin/sh
+
+# This is a RackTables gateway for installing SLB configuration onto
+# a live load balancer. The only supported command is:
+#
+# * connect <endpoint> <hardware> <software> <username>: authorize transaction
+# * activate <filename>: call user-supplied configuration installer and remove
+#   the temp file
+#
+
+endpoint=
+hw=
+sw=
+user=
+cfgfile=
+CONNECTED=0
+MYDIR=`dirname $0`
+source "$MYDIR/../lib.sh"
+
+do_connect()
+{
+       endpoint=`echo $args | cut -s -d' ' -f1`
+       hw=`echo $args | cut -s -d' ' -f2`
+       sw=`echo $args | cut -s -d' ' -f3`
+       user=`echo $args | cut -s -d' ' -f4`
+       # sanity checks
+       if [ -z "$endpoint" -o -z "$hw" -o -z "$sw" -o -z "$user" ]; then
+               echo 'ERR!too few arguments to connect'
+               return
+       fi
+
+       # authorize user, look for "connect" privilege
+       if ! authorized $endpoint $user connect; then
+               echo "ERR!User $user is not authorized to connect to $endpoint"
+               return
+       fi
+}
+
+do_activate()
+{
+       cfgfile=$1
+       if [ ! -s "$cfgfile" ]; then
+               echo "ERR!Configuration file $cfgfile is either missing or empty."
+               return
+       fi
+       if [ ! -x "$MYDIR/install" ]; then
+               echo "ERR!Missing user-supplied installer script $MYDIR/install"
+               return
+       fi
+       "$MYDIR/install $endpoint $hw $sw $user $cfgfile"
+}
+
+# main loop
+while read cmd args; do
+       case $cmd in
+               connect)
+                       if [ $CONNECTED = 1 ]; then
+                               echo 'ERR!Already connected'
+                       else
+                               do_connect $args
+                       fi
+                       ;;
+               activate)
+                       if [ $CONNECTED = 1 ]; then
+                               do_activate $args
+                       else
+                               echo 'ERR!Not connected'
+                       fi
+                       ;;
+               *)
+                       echo "ERR!unknown command $cmd"
+       esac
+done
+
+[ -f "$cfgfile" ] && rm -f "$cfgfile"
+exit 0
index 8871e82bb5c0a17e68a07922a25942fef305fdcd..7564bcc5d783b0256dfb55553870ee9d3ef9a291 100755 (executable)
@@ -27,64 +27,7 @@ user=
 handler=
 CONNECTED=0
 MYDIR=`dirname $0`
-
-authorized()
-{
-       local endp=$1 user=$2 action=$3 arg1=$4 arg2=$5 skip=yes cval
-       [ -z "$endp" -o -z "$user" -o -z "$action" ] && return 1
-
-       # Now we strip PHP wrapping(s) and process auth rules only.
-       # Accept more than one ruleset on the floor.
-       while read line; do
-               if [ "$skip" = "yes" -a "$line" = "# S-T-A-R-T" ]; then
-                       skip=no
-                       continue
-               fi
-               if [ "$skip" = "no" -a "$line" = "# S-T-O-P" ]; then
-                       skip=yes
-                       continue
-               fi
-               [ "$skip" = "yes" ] && continue
-               # Allow comments.
-               [ -z "${line###*}" ] && continue
-
-               # Parse the line and try to make a decision earliest possible.
-               # Username and endpoint must match values/regexps, action
-               # must exactly match. Action arguments are tested agains values
-               # or regexps, but only for 'change' action.
-               # If the current rule doesn't match, advance to the next one.
-               # We will fail authorization by default anyway.
-
-               # Test action.
-               cval=`echo "$line" | cut -s -d' ' -f3`
-               [ "$action" = "$cval" ] || continue
-
-               # Test username.
-               cval=`echo "$line" | cut -s -d' ' -f2 | cut -s -d'@' -f1`
-               [ -z "${user##$cval}" ] || continue
-
-               # Test endpoint.
-               cval=`echo "$line" | cut -s -d' ' -f2 | cut -s -d'@' -f2`
-               [ -z "${endp##$cval}" ] || continue
-
-               if [ "$action" = "change" ]; then
-                       [ -z "$arg1" -o -z "$arg2" ] && return 1
-                       cval=`echo "$line" | cut -s -d' ' -f4`
-                       [ -z "${arg1##$cval}" ] || continue
-                       cval=`echo "$line" | cut -s -d' ' -f5`
-                       [ -z "${arg2##$cval}" ] || continue
-               fi
-
-               # All criterias match. Pick the permission and bail out.
-               cval=`echo "$line" | cut -s -d' ' -f1`
-               if [ "$cval" = "allow" ]; then
-                       return 0
-               else
-                       return 1
-               fi
-       done < "$MYDIR/userauth.php"
-       return 1
-}
+source "$MYDIR/../lib.sh"
 
 # Not only connect, but gather all the data at once and remember the context.
 do_connect()