Context Navigation

ogagent.php @ a9140b0

Visit:

918-git-images-111dconfigfileconfigure-oglivegit-imageslgromero-new-oglivemainmaint-cronmount-efivarfsmultivmmultivm-ogboot-installerogClonningEngineogboot-installer-jenkinsoglive-ipv6test-python-scriptsticket-301ticket-50ticket-50-oldticket-577ticket-585ticket-611ticket-612ticket-693ticket-700ubu24tplunification2use-local-agent-oglivevarios-instalacionwebconsole3

Last change on this file since a9140b0 was a9140b0, checked in by ramon <ramongomez@…>, 9 years ago

#708: Mejoras en las rutas REST para OGAgent (rutas /ogagent/...):

Registrar rutas en los errores del fichero de log.
Mejorar seguridad comprobando que el párametro IP del mensaje corresponde con la del emisor.
Comprobar que la clave de acceso a la API REST de un OGAgent iniciado se almacena bien en la BD.

git-svn-id: https://opengnsys.es/svn/branches/version1.1@5026 a21b9725-9963-47de-94b9-378ad31fedc9

Property mode set to 100644

File size: 5.9 KB

Line
1	<?php
2
3	// OpenGnsys REST routes for OGAgent communications.
4	// Author: Ramón M. Gómez
5	// Date: 2016-10-03
6
7
8	// OGAgent sessions log file.
9	define('LOG_FILE', '/opt/opengnsys/log/ogagent.log');
10
11	/**
12	* @brief OGAgent notifies that its service is started on a client.
13	* @note Route: /ogagent/started, Method: POST
14	* @param string ip IP address
15	* @param string mac MAC (Ethernet) address
16	* @param string ostype OS type (Linux, Windows)
17	* @param string osversion OS name and version
18	* @param string secret random secret key to access client's REST API
19	* @return Null string if OK, else error message.
20	*/
21	$app->post('/ogagent/started',
22	function() use ($app) {
23	global $cmd;
24	$osType = $osVersion = "none";
25	try {
26	// Reading POST parameters in JSON format.
27	$input = json_decode($app->request()->getBody());
28	$ip = htmlspecialchars($input->ip);
29	$mac = htmlspecialchars($input->mac);
30	if (isset($input->ostype)) $osType = htmlspecialchars($input->ostype);
31	if (isset($input->osversion)) $osVersion = str_replace(",", ";", htmlspecialchars($input->osversion));
32	// Check sender IP address consistency (same as parameter value).
33	if ($ip !== $_SERVER['REMOTE_ADDR']) {
34	throw new Exception("Bad IP address: agent=$ip, sender=".$_SERVER['REMOTE_ADDR']);
35	}
36	// Client secret key for secure communications.
37	if (isset($input->secret)) {
38	// Check if secret key is valid (32 alphanumeric characters).
39	if (! ctype_alnum($input->secret) or strlen($input->secret) !== 32) {
40	throw new Exception("Bad secret key: ip=$ip, mac=$mac, os=$osType:$osVersion.");
41	}
42	// Store secret key in DB.
43	$cmd->texto = "UPDATE ordenadores
44	SET agentkey='$secret'
45	WHERE ip='$ip' AND mac=UPPER(REPLACE('$mac',':',''))
46	LIMIT 1";
47	if ($cmd->Ejecutar() !== true or mysql_affected_rows() !== 1) {
48	// DB access error or not updated.
49	throw new Exception("Cannot store new secret key: ip=$ip, mac=$mac, os=$osType:$osVersion.");
50	}
51	} else {
52	// Insecure agent exception.
53	throw new Exception("Insecure OGAgent started: ip=$ip, mac=$mac, os=$osType:$osVersion.");
54	}
55	// Default processing: log activity.
56	file_put_contents(LOG_FILE, date(DATE_RSS).": OGAgent started: ip=$ip, mac=$mac, os=$osType:$osVersion.\n", FILE_APPEND);
57	// Response.
58	$response = "";
59	jsonResponse(200, $response);
60	} catch (Exception $e) {
61	// Comunication error.
62	$response["message"] = $e->getMessage();
63	file_put_contents(LOG_FILE, date(DATE_RSS).": ".$app->request()->getResourceUri().": ERROR: ".$response["message"]."\n", FILE_APPEND);
64	jsonResponse(400, $response);
65	}
66	}
67	);
68
69	// OGAgent notifies that its service is stopped on client.
70	$app->post('/ogagent/stopped',
71	function() use ($app) {
72	$osType = $osVersion = "none";
73	try {
74	// Reading POST parameters in JSON format.
75	$input = json_decode($app->request()->getBody());
76	$ip = htmlspecialchars($input->ip);
77	$mac = htmlspecialchars($input->mac);
78	if (isset($input->ostype)) $osType = htmlspecialchars($input->ostype);
79	if (isset($input->osversion)) $osVersion = str_replace(",", ";", htmlspecialchars($input->osversion));
80	// Check sender IP address consistency (same as parameter value).
81	if ($ip !== $_SERVER['REMOTE_ADDR']) {
82	throw new Exception("Bad IP address: agent=$ip, sender=".$_SERVER['REMOTE_ADDR']);
83	}
84	// May check if client is included in the server database?
85	// Default processing: log activity.
86	file_put_contents(LOG_FILE, date(DATE_RSS).": OGAgent stopped: ip=$ip, mac=$mac, os=$osType:$osVersion.\n", FILE_APPEND);
87	// Response.
88	$response = "";
89	jsonResponse(200, $response);
90	} catch (Exception $e) {
91	// Comunication error.
92	$response["message"] = $e->getMessage();
93	file_put_contents(LOG_FILE, date(DATE_RSS).": ".$app->request()->getResourceUri().": ERROR: ".$response["message"]."\n", FILE_APPEND);
94	jsonResponse(400, $response);
95	}
96	}
97	);
98
99	// OGAgent notifies that an user logs in.
100	$app->post('/ogagent/loggedin',
101	function() use ($app) {
102	try {
103	// Reading POST parameters in JSON format.
104	$input = json_decode($app->request()->getBody());
105	$ip = htmlspecialchars($input->ip);
106	$user = htmlspecialchars($input->user);
107	// Check sender IP address consistency (same as parameter value).
108	if ($ip !== $_SERVER['REMOTE_ADDR']) {
109	throw new Exception("Bad IP address: agent=$ip, sender=".$_SERVER['REMOTE_ADDR']);
110	}
111	// May check if client is included in the server database?
112	// Default processing: log activity.
113	file_put_contents(LOG_FILE, date(DATE_RSS).": User logged in: ip=$ip, user=$user.\n", FILE_APPEND);
114	// Response.
115	$response = "";
116	jsonResponse(200, $response);
117	} catch (Exception $e) {
118	// Comunication error.
119	$response["message"] = $e->getMessage();
120	file_put_contents(LOG_FILE, date(DATE_RSS).": ".$app->request()->getResourceUri().": ERROR: ".$response["message"]."\n", FILE_APPEND);
121	jsonResponse(400, $response);
122	}
123	}
124	);
125
126	// OGAgent notifies that an user logs out.
127	$app->post('/ogagent/loggedout',
128	function() use ($app) {
129	try {
130	// Reading POST parameters in JSON format.
131	$input = json_decode($app->request()->getBody());
132	$ip = htmlspecialchars($input->ip);
133	$user = htmlspecialchars($input->user);
134	// Check sender IP address consistency (same as parameter value).
135	if ($ip !== $_SERVER['REMOTE_ADDR']) {
136	throw new Exception("Bad IP address: agent=$ip, sender=".$_SERVER['REMOTE_ADDR']);
137	}
138	// May check if client is included in the server database?
139	// Default processing: log activity.
140	file_put_contents(LOG_FILE, date(DATE_RSS).": User logged out: ip=$ip, user=$user.\n", FILE_APPEND);
141	// Response.
142	$response = "";
143	jsonResponse(200, $response);
144	} catch (Exception $e) {
145	// Comunication error.
146	$response["message"] = $e->getMessage();
147	file_put_contents(LOG_FILE, date(DATE_RSS).": ".$app->request()->getResourceUri().": ERROR: ".$response["message"]."\n", FILE_APPEND);
148	jsonResponse(400, $response);
149	}
150	}
151	);
152
153	?>
154

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: admin/WebConsole/rest/ogagent.php @ a9140b0

Download in other formats: