mirror of
https://github.com/xcat2/xcat-core.git
synced 2025-10-24 07:55:27 +00:00
159 lines
4.9 KiB
PHP
159 lines
4.9 KiB
PHP
<?php
|
|
/* Required libraries */
|
|
$TOPDIR = '..';
|
|
require_once "$TOPDIR/lib/functions.php";
|
|
require_once "$TOPDIR/lib/jsonwrapper.php";
|
|
|
|
/**
|
|
* Issue an xCAT command (only for z)
|
|
*
|
|
* @param $cmd The xCAT command
|
|
* @param $tgt The target node or group
|
|
* @param $args The xCAT command arguments, separated by semicolons
|
|
* @return The xCAT response. Replies are in the form of JSON
|
|
*/
|
|
if (isset($_GET["cmd"])) {
|
|
// HTTP GET requests
|
|
$cmd = $_GET["cmd"];
|
|
$tgt = $_GET["tgt"];
|
|
$args = $_GET["args"];
|
|
|
|
// Attachments are put here
|
|
$att = $_GET["att"];
|
|
|
|
// Special messages put here
|
|
$msg = $_GET["msg"];
|
|
|
|
// If no $tgt is given, set $tgt to NULL
|
|
if (!$tgt) {
|
|
$tgt = NULL;
|
|
}
|
|
|
|
// If no $args is given, set $args to NULL
|
|
if (!$args) {
|
|
$args = NULL;
|
|
}
|
|
|
|
// If no $msg is given, set $msg to NULL
|
|
if (!$msg) {
|
|
$msg = NULL;
|
|
}
|
|
|
|
// If no $att is given, set $att to NULL
|
|
if (!$att) {
|
|
$att = NULL;
|
|
}
|
|
|
|
// If $args contains multiple arguments, split it into an array
|
|
// Separators used are: || or ;
|
|
if (strpos($args, "||")) {
|
|
// Split the arguments into an array
|
|
$arr = array();
|
|
$arr = explode("||", $args);
|
|
} else if (strpos($args, ";")) {
|
|
// Split the arguments into an array
|
|
$arr = array();
|
|
$arr = explode(";", $args);
|
|
} else {
|
|
$arr = array($args);
|
|
}
|
|
|
|
$rsp = array();
|
|
|
|
// Replace user entry
|
|
if (strncasecmp($cmd, "chvm", 4) == 0 && strncasecmp($arr[0], "--replacevs", 11) == 0) {
|
|
// Directory /var/tmp permissions = 777
|
|
// You can write anything to that directory
|
|
$userEntry = "/var/tmp/$tgt.txt";
|
|
$handle = fopen($userEntry, 'w') or die("Cannot open $userEntry");
|
|
fwrite($handle, $att);
|
|
fclose($handle);
|
|
|
|
// CLI command: chvm gpok249 --replacevs /tmp/dirEntry.txt
|
|
// Replace user entry
|
|
array_push($arr, $userEntry);
|
|
$xml = docmd($cmd, $tgt, $arr, NULL);
|
|
foreach ($xml->children() as $child) {
|
|
foreach ($child->children() as $data) {
|
|
$data = str_replace(":|:", "\n", $data);
|
|
array_push($rsp, "$data");
|
|
}
|
|
}
|
|
}
|
|
|
|
// Create virtual server
|
|
else if (strncasecmp($cmd, "mkvm", 4) == 0) {
|
|
// Directory /var/tmp permissions = 777
|
|
// You can write anything to that directory
|
|
$userEntry = "/var/tmp/$tgt.txt";
|
|
$handle = fopen($userEntry, 'w') or die("Cannot open $userEntry");
|
|
fwrite($handle, $att);
|
|
fclose($handle);
|
|
|
|
// CLI command: mkvm gpok3 /tmp/gpok3.txt
|
|
// Create user entry
|
|
array_unshift($arr, $userEntry);
|
|
$xml = docmd($cmd, $tgt, $arr, NULL);
|
|
foreach ($xml->children() as $child) {
|
|
foreach ($child->children() as $data) {
|
|
$data = str_replace(":|:", "\n", $data);
|
|
array_push($rsp, "$data");
|
|
}
|
|
}
|
|
}
|
|
|
|
// Run shell script
|
|
// This is a typical command used by all platforms. It is put here because
|
|
// most of the code needed are already here
|
|
else if (strncasecmp($cmd, "xdsh", 4) == 0) {
|
|
// Directory /var/tmp permissions = 777
|
|
// You can write anything to that directory
|
|
$msgArgs = explode(";", $msg);
|
|
$inst = str_replace("out=scriptStatusBar", "", $msgArgs[0]);
|
|
$script = "/var/tmp/script$inst.sh";
|
|
|
|
// Write to file
|
|
$handle = fopen($script, 'w') or die("Cannot open $script");
|
|
fwrite($handle, $att);
|
|
fclose($handle);
|
|
|
|
// Change it to executable
|
|
chmod($script, 0777);
|
|
|
|
// CLI command: xdsh gpok3 -e /var/tmp/gpok3.sh
|
|
// Create user entry
|
|
array_push($arr, $script);
|
|
$xml = docmd($cmd, $tgt, $arr, NULL);
|
|
foreach ($xml->children() as $child) {
|
|
foreach ($child->children() as $data) {
|
|
$data = str_replace(":|:", "\n", $data);
|
|
array_push($rsp, "$data");
|
|
}
|
|
}
|
|
|
|
// Remove this file
|
|
unlink($script);
|
|
}
|
|
|
|
// Remove any HTML that could be used for XSS attacks
|
|
foreach ($rsp as $key => &$value) {
|
|
$whatami = gettype($value);
|
|
if ("string" != $whatami) {
|
|
//echo "found a non string in rsp array \n";
|
|
foreach ($value as $key2 => $value2){
|
|
//echo "Key2:$key2 Value2 type:",gettype($value2)," value2 data: $value2 \n";
|
|
$value[$key2] = htmlentities($value2, ENT_QUOTES | ENT_HTML5, 'UTF-8');
|
|
}
|
|
} else {
|
|
//echo "Key:$key Value type:",gettype($value)," value data: $value \n";
|
|
$rsp[$key] = htmlentities($value, ENT_QUOTES | ENT_HTML5, 'UTF-8');
|
|
//echo "New value: $rsp[$key] \n";
|
|
}
|
|
}
|
|
$msg = htmlentities($msg, ENT_QUOTES | ENT_HTML5, 'UTF-8');
|
|
|
|
// Reply in the form of JSON
|
|
$rtn = array("rsp" => $rsp, "msg" => $msg);
|
|
echo json_encode($rtn);
|
|
}
|
|
?>
|