2
0
mirror of https://github.com/xcat2/xcat-core.git synced 2025-10-24 07:55:27 +00:00
Files
xcat-core/xCAT-UI/lib/zCmd.php

160 lines
4.9 KiB
PHP

<?php
/* Required libraries */
$TOPDIR = '..';
require_once "$TOPDIR/lib/functions.php";
require_once "$TOPDIR/lib/jsonwrapper.php";
/**
* Issue an xCAT command (only for z)
*
* @param $cmd The xCAT command
* @param $tgt The target node or group
* @param $args The xCAT command arguments, separated by semicolons
* @return The xCAT response. Replies are in the form of JSON
*/
if (isset($_GET["cmd"])) {
// HTTP GET requests
$cmd = $_GET["cmd"];
$tgt = $_GET["tgt"];
$args = $_GET["args"];
// Attachments are put here
$att = $_GET["att"];
// Special messages put here
$msg = $_GET["msg"];
// If no $tgt is given, set $tgt to NULL
if (!$tgt) {
$tgt = NULL;
}
// If no $args is given, set $args to NULL
if (!$args) {
$args = NULL;
}
// If no $msg is given, set $msg to NULL
if (!$msg) {
$msg = NULL;
}
// If no $att is given, set $att to NULL
if (!$att) {
$att = NULL;
}
// If $args contains multiple arguments, split it into an array
// Separators used are: || or ;
if (strpos($args, "||")) {
// Split the arguments into an array
$arr = array();
$arr = explode("||", $args);
} else if (strpos($args, ";")) {
// Split the arguments into an array
$arr = array();
$arr = explode(";", $args);
} else {
$arr = array($args);
}
$rsp = array();
// Replace user entry
if (strncasecmp($cmd, "chvm", 4) == 0 && strncasecmp($arr[0], "--replacevs", 11) == 0) {
// Directory /var/tmp permissions = 777
// You can write anything to that directory
$userEntry = "/var/tmp/$tgt.txt";
$handle = fopen($userEntry, 'w') or die("Cannot open $userEntry");
fwrite($handle, $att);
fclose($handle);
// CLI command: chvm gpok249 --replacevs /tmp/dirEntry.txt
// Replace user entry
array_push($arr, $userEntry);
$xml = docmd($cmd, $tgt, $arr, NULL);
foreach ($xml->children() as $child) {
foreach ($child->children() as $data) {
$data = str_replace(":|:", "\n", $data);
array_push($rsp, "$data");
}
}
}
// Create virtual server
else if (strncasecmp($cmd, "mkvm", 4) == 0) {
// Directory /var/tmp permissions = 777
// You can write anything to that directory
$userEntry = "/var/tmp/$tgt.txt";
$handle = fopen($userEntry, 'w') or die("Cannot open $userEntry");
fwrite($handle, $att);
fclose($handle);
// CLI command: mkvm gpok3 /tmp/gpok3.txt
// Create user entry
array_unshift($arr, $userEntry);
$xml = docmd($cmd, $tgt, $arr, NULL);
foreach ($xml->children() as $child) {
foreach ($child->children() as $data) {
$data = str_replace(":|:", "\n", $data);
array_push($rsp, "$data");
}
}
}
// Run shell script
// This is a typical command used by all platforms. It is put here because
// most of the code needed are already here
else if (strncasecmp($cmd, "xdsh", 4) == 0) {
// Directory /var/tmp permissions = 777
// You can write anything to that directory
$msgArgs = explode(";", $msg);
$inst = str_replace("out=scriptStatusBar", "", $msgArgs[0]);
$script = "/var/tmp/script$inst.sh";
// Write to file
$handle = fopen($script, 'w') or die("Cannot open $script");
fwrite($handle, $att);
fclose($handle);
// Change it to executable
chmod($script, 0777);
// CLI command: xdsh gpok3 -e /var/tmp/gpok3.sh
// Create user entry
array_push($arr, $script);
$xml = docmd($cmd, $tgt, $arr, NULL);
foreach ($xml->children() as $child) {
foreach ($child->children() as $data) {
$data = str_replace(":|:", "\n", $data);
array_push($rsp, "$data");
}
}
// Remove this file
unlink($script);
}
// Remove any HTML that could be used for XSS attacks
foreach ($rsp as $key => &$value) {
$whatami = gettype($value);
if ("string" != $whatami) {
//echo "found a non string in rsp array \n";
foreach ($value as $key2 => $value2){
//echo "Key2:$key2 Value2 type:",gettype($value2)," value2 data: $value2 \n";
$value[$key2] = htmlentities($value2, ENT_QUOTES | ENT_HTML5, 'UTF-8');
}
} else {
//echo "Key:$key Value type:",gettype($value)," value data: $value \n";
$rsp[$key] = htmlentities($value, ENT_QUOTES | ENT_HTML5, 'UTF-8');
//echo "New value: $rsp[$key] \n";
}
}
$msg = htmlentities($msg, ENT_QUOTES | ENT_HTML5, 'UTF-8');
// Reply in the form of JSON
$rtn = array("rsp" => $rsp, "msg" => $msg);
echo json_encode($rtn);
}
?>