This patch adds og_msg_params_validate function as well as some flags that can
be used to validate parameters of a REST API request.
This patch ensures that all required parameters are sent in the request.
Irina reports that if you try to restore an image without success
(for example: the disk does not have enough space), the database changes
as if no error would happen. So you see the computer in the WebConsole
with an image/OS that, actually, does not have.
The bug is caused because the function respuestaEstandar only checks
the result of a command if it has a session. So the problem is that the
commands which use respuestaEstandar without a session can return an
error, but the ogAdmServer always works as no error would occur.
This commit changes the behaviour of respuestaEstadar to always check
the result of a command, whether it has a session or not.
This patch implements the command "run/schedule" that kicks in pending commands
execution.
Request:
POST /run/schedule
{
"clients": ["192.168.56.11"]
}
Reply:
200 OK
This patch also adds a simple test to cover correction of the command.
This patch adds the parameters "disk" and "partition" to
POST "software" command. This way the client can create a software
profile without failure.
New request:
POST /software
{
"clients":[
"192.168.56.12"
],
"disk":"1",
"partition":"1"
}
Reply:
200 OK
Call close() to release the socket in the event of an error.
infer says:
sources/ogAdmServer.cpp:1244: error: RESOURCE_LEAK
resource acquired by call to `socket()` at line 1236, column 6 is not released after line 1244, column 3.
1242. sizeof(on));
1243. if (res < 0) {
1244. > syslog(LOG_ERR, "cannot set broadcast socket\n");
1245. return false;
1246. }
Not a real problem since OS releases process resources if the server
cannot bind to the port, but just to be correct here.
If no payload is attached to method that requires a payload, then the API
returns a 400 status code (following RFC 7231) instead of the previous 404.
test_0001_get_clients.py is also modified to fit the new status code.
This patch changes the number of characters stored in cli->auth_token
from 64 to 63. This way the array has the last position available to
store the null character.
Clients might enter power saving mode, hence, closing the connection
with the server. When the server sends a request to refresh its state,
if they are gone, do not break the iteration over the list of clients.
This patch change the size of the array ptrPar from 6 to 7.
cppcheck says:
[sources/ogAdmServer.cpp:598]: (error) Array 'ptrCfg[6]' accessed at index 6, which is out of bounds.
Aug 28 17:12:33 server ogAdmServer[10110]: 127.0.0.1:54640 POST /nonexistent HTTP/1.1^M Host ...
Aug 28 17:12:33 server ogAdmServer[10110]: unknown command: nonexistent HTTP/1.1^M Host: loca ...
Irina reports a crash in the wol command on Ubuntu 18.04 and gcc 7.4.0:
==9542== Process terminating with default action of signal 6 (SIGABRT)
==9542== at 0x6C37E97: raise (raise.c:51)
==9542== by 0x6C39800: abort (abort.c:79)
==9542== by 0x6C82896: __libc_message (libc_fatal.c:181)
==9542== by 0x6D2DCD0: __fortify_fail_abort (fortify_fail.c:33)
==9542== by 0x6D2DC91: __stack_chk_fail (stack_chk_fail.c:29)
==9542== by 0x111DB1: WakeUp(int, char*, char*, char*) (ogAdmServer.cpp:1390)
==9542== by 0x11199F: Levanta(char**, char**, int, char*) (ogAdmServer.cpp:1251)
==9542== by 0x118372: og_cmd_wol(json_t*, og_msg_params*) (ogAdmServer.cpp:3580)
==9542== by 0x119B91: og_client_state_process_payload_rest(og_client*) (ogAdmServer.cpp:4030)
==9542== by 0x11A4E9: og_client_read_cb(ev_loop*, ev_io*, int) (ogAdmServer.cpp:4212)
==9542== by 0x5EA1D72: ev_invoke_pending (in /usr/lib/x86_64-linux-gnu/libev.so.4.0.0)
==9542== by 0x5EA53DD: ev_run (in /usr/lib/x86_64-linux-gnu/libev.so.4.0.0)
sscanf() returns integers (32-bits) instead of array of 8-bits.
ogAdmServer REST API now meets the starndar RFC 7235 when incorrect auth
happens.
og_client_not_authorized() now sends "401 Unauthorized" and
"WWW-Authenticate" instead of 404.
This patch implements the command "software" that fetches the software
configuration from the clients.
Request:
POST /software
{"clients" : [ "192.168.2.1", "192.168.2.2" ]}
Reply:
200 OK
This allows to refresh the software inventory from clients.
This patch implements the command "hardware" that fetches the hardware
configuration from the clients.
Request:
POST /hardware
{"clients" : [ "192.168.2.1", "192.168.2.2" ]}
Reply:
200 OK
This allows to refresh the hardware inventory from clients.
The new REST API obsoletes the following commands:
- Actualizar() has been replaced by POST /refresh.
- Purgar() has been replaced by POST /stop.
- Reiniciar() has been replaced by POST /reboot.
- IniciarSesion() has been replaced by POST /session.
Roberto Hueso Gómez
Javier Sánchez Parra
OpenGnSys Support Team