Access objects through the dacs virtual filestore
dacs_vfs [\m[blue]dacsoptions\m[]\s-2\u[1]\d\s+2]
This program is part of the DACS suite.
The dacs_vfs web service is an interface to the DACS virtual filestore. It provides a way to examine, change, and delete items independently of how and where they are stored.
This program is also available as a DACS utility, \m[blue]dacsvfs(1)\m[]\s-2\u[2]\d\s+2.
Security
Only the DACS administrator should be able to successfully run this program; therefore, access to it is totally denied by the default rules as a security precaution.
In addition to the \m[blue]standard CGI arguments\m[]\s-2\u[3]\d\s+2, dacs_vfs requires the following CGI arguments:
ITEM_TYPE
This is the DACS item type, as configured in dacs.conf (\m[blue]dacs.conf(5)\m[]\s-2\u[4]\d\s+2), to which the request is to be applied. As a special case, if the value of this argument is the word "enabled", a list of enabled storage methods is displayed.
REQUEST
The value of this argument is the name of an operation followed by zero or more arguments. The syntax is identical to that of \m[blue]dacsvfs(1)\m[]\s-2\u[2]\d\s+2, except that the edit, update, and help operations are unavailable. For the put operation, the value to store is taken from the VALUE argument.
VALUE
The object to use for the put and load operations.
FIELD_SEP
The field separator character to use for the load and dump operations.
The following examples assume that the web service requests are granted.
This request will return the revocation list:
https://example.com/cgi-bin/dacs/dacs_vfs?REQUEST=get&ITEM_TYPE=revocations
Assuming the jurisdiction is configured appropriately, the following request will return the roles associated with DEMO::EXAMPLE:jones:
https://demo.example.com/cgi-bin/dacs/dacs_vfs?REQUEST=get+jones&ITEM_TYPE=roles
If the jurisdiction is configured with the directives:
LOG_FILE "${Conf::DACS_HOME}/logs/dacs_log-" . strftime("%d-%b-%y") VFS "[logfile]dacs-fs:${Conf::DACS_HOME}/logs/dacs_log-" . strftime("%d-%b-%y")
then the following request will return the contents of the jurisdiction's DACS log file:
https://demo.example.com/cgi-bin/dacs/dacs_vfs?REQUEST=get&ITEM_TYPE=logfile
Security
The logfile item type is not something predefined by DACS; new (not predefined) item types can be created at will and that is what was done for this example. Since logfiles can potentially include sensitive information, as can other resources used by DACS, it should be obvious why access to this web service should be very carefully managed.
The program exits 0 if everything was fine, 1 if an error occurred. If an error occurs during processing, this web service will return an HTTP Status of 400, followed by a blank line which is optionally followed by a descriptive error message.
Only the text/plain output format is implemented.
\m[blue]dacsvfs(1)\m[]\s-2\u[2]\d\s+2, \m[blue]dacs.conf(5)\m[]\s-2\u[5]\d\s+2
Distributed Systems Software (\m[blue]www.dss.ca\m[]\s-2\u[6]\d\s+2)
Copyright2003-2012 Distributed Systems Software. See the \m[blue]LICENSE\m[]\s-2\u[7]\d\s+2 file that accompanies the distribution for licensing information.
dacsoptions
http://dacs.dss.ca/man/dacs.1.html#dacsoptions
http://dacs.dss.ca/man/dacsvfs.1.html
standard CGI arguments
http://dacs.dss.ca/man/dacs.services.8.html#standard_cgi_args
dacs.conf(5)
http://dacs.dss.ca/man/dacs.conf.5.html#VFS
dacs.conf(5)
http://dacs.dss.ca/man/dacs.conf.5.html
www.dss.ca
http://www.dss.ca
LICENSE
http://dacs.dss.ca/man/../misc/LICENSE