defs.php3.in 22.3 KB
Newer Older
1 2
<?php
#
Leigh B Stoller's avatar
Leigh B Stoller committed
3
# Copyright (c) 2000-2017 University of Utah and the Flux Group.
4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22
# 
# {{{EMULAB-LICENSE
# 
# This file is part of the Emulab network testbed software.
# 
# This file is free software: you can redistribute it and/or modify it
# under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or (at
# your option) any later version.
# 
# This file is distributed in the hope that it will be useful, but WITHOUT
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Affero General Public
# License for more details.
# 
# You should have received a copy of the GNU Affero General Public License
# along with this file.  If not, see <http://www.gnu.org/licenses/>.
# 
# }}}
23
#
24 25 26

#
# Standard definitions.
27
#
28
$TBDIR          = "@prefix@/";
29
$OURDOMAIN      = "@OURDOMAIN@";
30
$BOSSNODE       = "@BOSSNODE@";
31
$USERNODE       = "@USERNODE@";
Leigh B. Stoller's avatar
Leigh B. Stoller committed
32
$CVSNODE	= "cvs.${OURDOMAIN}";
33
$WIKINODE	= $USERNODE;
34
$TBADMINGROUP   = "@TBADMINGROUP@";
35 36 37 38 39 40 41
$WWWHOST	= "@WWWHOST@";
$WWW		= "@WWW@";
$TBAUTHDOMAIN	= "@TBAUTHDOMAIN@";
$TBBASE		= "@TBBASE@";
$TBDOCBASE	= "@TBDOCBASE@";
$TBWWW		= "@TBWWW@";
$THISHOMEBASE	= "@THISHOMEBASE@";
42
$ELABINELAB     = @ELABINELAB@;
43
$PLABSUPPORT    = @PLABSUPPORT@;
Kevin Atkinson's avatar
 
Kevin Atkinson committed
44
$PUBSUPPORT     = @PUBSUPPORT@;
45
$WIKISUPPORT    = @WIKISUPPORT@;
46
$TRACSUPPORT    = @TRACSUPPORT@;
47
$BUGDBSUPPORT   = @BUGDBSUPPORT@;
48
$CVSSUPPORT     = @CVSSUPPORT@;
49
$MAILMANSUPPORT = @MAILMANSUPPORT@;
50
$DOPROVENANCE   = @IMAGEPROVENANCE@;
51
$CHATSUPPORT    = @CHATSUPPORT@;
52
$PROTOGENI      = @PROTOGENI_SUPPORT@;
Leigh B Stoller's avatar
Leigh B Stoller committed
53
$GENIRACK       = @PROTOGENI_GENIRACK@;
54
$PROTOGENI_GENIWEBLOGIN = @PROTOGENI_GENIWEBLOGIN@;
55
$ISCLRHOUSE     = @PROTOGENI_ISCLEARINGHOUSE@;
Leigh B Stoller's avatar
Leigh B Stoller committed
56
$PROTOGENI_LOCALUSER = @PROTOGENI_LOCALUSER@;
57
$EXP_VIS        = @EXP_VIS_SUPPORT@;
58
$ISOLATEADMINS  = @ISOLATEADMINS@;
59
$CONTROL_NETWORK= "@CONTROL_NETWORK@";
60
$CONTROL_NETMASK= "@CONTROL_NETMASK@";
Leigh B. Stoller's avatar
Leigh B. Stoller committed
61 62
$WIKIHOME       = "https://${USERNODE}/twiki";
$WIKIURL        = "${WIKIHOME}/bin/newlogon";
63
$WIKICOOKIENAME = "WikiCookie";
64 65
$BUGDBURL       = "https://${USERNODE}/flyspray";
$BUGDBCOOKIENAME= "FlysprayCookie";
66
$TRACCOOKIENAME = "TracCookie";
67
$MAILMANURL     = "http://${USERNODE}/mailman";
68
$OPSCVSURL      = "http://${USERNODE}/cvsweb/cvsweb.cgi";
69
$OPSJETIURL     = "http://${USERNODE}/jabber/jeti.php";
70
$WIKIDOCURL     = "http://${WIKINODE}/wikidocs/wiki";
71
$FORUMURL       = "http://groups.google.com/group/emulab-users";
72 73
$MIN_UNIX_UID   = @MIN_UNIX_UID@;
$MIN_UNIX_GID   = @MIN_UNIX_GID@;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
74
$EXPOSELINKTEST = 1;
75
$EXPOSESTATESAVE= 0;
76
$EXPOSEARCHIVE  = 0;
77
$EXPOSETEMPLATES= 0;
78
$USERSELECTUIDS = 1;
79
$REMOTEWIKIDOCS = @REMOTEWIKIDOCS@;
Kirk Webb's avatar
Kirk Webb committed
80
$FLAVOR         = "Emulab";
81
$GMAP_API_KEY   = "@GMAP_API_KEY@";
82
$NONAMEDSETUP	= @DISABLE_NAMED_SETUP@;
83
$OPS_VM		= @OPSVM_ENABLE@;
84 85
$PORTAL_ENABLE  = @PORTAL_ENABLE@;
$PORTAL_ISPRIMARY = @PORTAL_ISPRIMARY@;
86
$SPEWFROMOPS    = @SPEWFROMOPS@;
87
$BROWSER_CONSOLE_ENABLE = @BROWSER_CONSOLE_ENABLE@;
Leigh B Stoller's avatar
Leigh B Stoller committed
88 89
$IPV6_ENABLED       = @IPV6_ENABLED@;
$IPV6_SUBNET_PREFIX = "@IPV6_SUBNET_PREFIX@";
90
$TBMAILTAG      = $THISHOMEBASE;
91 92
$WITHZFS        = @WITHZFS@;
$ZFS_NOEXPORT   = @ZFS_NOEXPORT@;
93

94 95 96 97 98 99
$TBMAILADDR_OPS		= "@TBOPSEMAIL_NOSLASH@";
$TBMAILADDR_WWW		= "@TBWWWEMAIL_NOSLASH@";
$TBMAILADDR_APPROVAL	= "@TBAPPROVALEMAIL_NOSLASH@";
$TBMAILADDR_LOGS	= "@TBLOGSEMAIL_NOSLASH@";
$TBMAILADDR_AUDIT	= "@TBAUDITEMAIL_NOSLASH@";

100 101 102 103 104
# Can override this in the defs file. 
$TBAUTHTIMEOUT  = "@TBAUTHTIMEOUT@";
$TBMAINSITE     = "@TBMAINSITE@";
$TBSECURECOOKIES= "@TBSECURECOOKIES@";
$TBCOOKIESUFFIX = "@TBCOOKIESUFFIX@";
105
$FANCYBANNER    = "@FANCYBANNER@";
106

Leigh B. Stoller's avatar
Leigh B. Stoller committed
107 108
$TBWWW_DIR	= "$TBDIR"."www/";
$TBBIN_DIR	= "$TBDIR"."bin/";
109
$TBETC_DIR	= "$TBDIR"."etc/";
110 111 112
$TBLIBEXEC_DIR	= "$TBDIR"."libexec/";
$TBSUEXEC_PATH  = "$TBLIBEXEC_DIR/suexec";
$TBCHKPASS_PATH = "$TBLIBEXEC_DIR/checkpass";
113
$TBCSLOGINS     = "$TBETC_DIR/cslogins";
Mike Hibler's avatar
Mike Hibler committed
114
$UUIDGEN_PATH   = "@UUIDGEN@";
115

116 117
#
# Hardcoded check against $WWWHOST, to prevent anyone from accidentally setting
118
# $TBMAINSITE when it should not be
119 120 121 122 123
#
if ($WWWHOST != "www.emulab.net") {
    $TBMAINSITE = 0;
}

124 125 126 127 128 129 130 131 132 133 134 135 136 137
#
# The wiki docs either come from the local node, or in most cases
# they are redirected back to Utah's emulab.
#
if ($TBMAINSITE) {
    $WIKIDOCURL  = "https://${WIKINODE}/wikidocs/wiki";
}
elseif ($REMOTEWIKIDOCS) {
    $WIKIDOCURL  = "https://wiki.emulab.net/wikidocs/wiki";
}
else {
    $WIKIDOCURL  = "/wikidocs/wiki";
}

138 139 140 141
$TBPROJ_DIR     = "@PROJROOT_DIR@";
$TBUSER_DIR	= "@USERSROOT_DIR@";
$TBGROUP_DIR	= "@GROUPSROOT_DIR@";
$TBSCRATCH_DIR	= "@SCRATCHROOT_DIR@";
142
$TBCVSREPO_DIR  = "$TBPROJ_DIR/cvsrepos";
Leigh B. Stoller's avatar
Leigh B. Stoller committed
143
$TBNSSUBDIR     = "nsdir";
Leigh B. Stoller's avatar
Leigh B. Stoller committed
144

145 146 147 148 149 150 151
$TBVALIDDIRS	  = "$TBPROJ_DIR, $TBUSER_DIR, $TBGROUP_DIR";
$TBVALIDDIRS_HTML = "<code>$TBPROJ_DIR</code>, <code>$TBUSER_DIR</code>, <code>$TBGROUP_DIR</code>";
if ($TBSCRATCH_DIR) {
    $TBVALIDDIRS .= ", $TBSCRATCH_DIR";
    $TBVALIDDIRS_HTML .= ", <code>$TBSCRATCH_DIR</code>";
}

152 153
$TBAUTHCOOKIE   = "NewHashCookie" . $TBCOOKIESUFFIX;
$TBNAMECOOKIE   = "NewMyUidCookie" . $TBCOOKIESUFFIX;
154
$TBEMAILCOOKIE  = "MyEmailCookie" . $TBCOOKIESUFFIX;
155
$TBLOGINCOOKIE  = "NewLoginCookie" . $TBCOOKIESUFFIX;
156

157
$HTTPTAG        = "http://";
158
$HTTPSTAG       = "https://";
159

160 161 162 163 164
$TBMAIL_OPS		= "Testbed Ops <$TBMAILADDR_OPS>";
$TBMAIL_WWW		= "Testbed WWW <$TBMAILADDR_WWW>";
$TBMAIL_APPROVAL	= "Testbed Approval <$TBMAILADDR_APPROVAL>";
$TBMAIL_LOGS		= "Testbed Logs <$TBMAILADDR_LOGS>";
$TBMAIL_AUDIT		= "Testbed Audit <$TBMAILADDR_AUDIT>";
165
$TBMAIL_NOREPLY		= "no-reply@$OURDOMAIN";
166

167
#
168 169 170
# This just spits out an email address in a page, so it does not need
# to be configured per development tree. It could be though ...
# 
171 172
$TBMAILADDR     = "<a href=\"mailto:$TBMAILADDR_OPS\">
                      Testbed Operations ($TBMAILADDR_OPS)</a>";
173

174 175 176
# So subscripts always know ...
putenv("HTTP_SCRIPT=1");

177 178 179 180 181 182
#
# Special headers alterting browsers to the fact that there's an RSS feed
# available for the page. Intended to be passed as an $extra_headers argument
# to PAGEHEADER
#
$RSS_HEADER_NEWS = "<link rel=\"alternate\" type=\"application/rss+xml\" " .
183
           "title=\"Emulab News\" href=\"$TBDOCBASE/news-rss.php3?protogeni=0\" />";
184

185 186 187
$RSS_HEADER_PGENINEWS =
   "<link rel=\"alternate\" type=\"application/rss+xml\" " .
   "title=\"ProtoGeni News\" href=\"$TBDOCBASE/news-rss.php3?protogeni=1\"/>";
188

Kirk Webb's avatar
Kirk Webb committed
189 190 191 192 193
$RSS_HEADER_PNNEWS =
   "<link rel=\"alternate\" type=\"application/rss+xml\" " .
   "title=\"PhantomNet News\" href=\"$TBDOCBASE/news-rss.php3?phantomnet=1\"/>";

#
194 195 196 197
# See if we should override any of the global web variables based on the
# virtual domain.  We include a site-dependent definitions file.
#
$ALTERNATE_DOMAINS = array();
198
$ISALTDOMAIN       = 0;
199 200 201 202
$DOMVIEW           = NULL;
$altdomfile = strtolower("alternate_domains_${OURDOMAIN}.php");
if (file_exists($altdomfile)) {
    include($altdomfile);
Kirk Webb's avatar
Kirk Webb committed
203
}
204
SetDomainDefs();
Kirk Webb's avatar
Kirk Webb committed
205

206 207 208 209
#
# Database constants and the like.
#
include("dbdefs.php3");
210
include("url_defs.php");
211 212 213
include("user_defs.php");
include("group_defs.php");
include("project_defs.php");
214
include("experiment_defs.php");
215

216 217 218 219 220 221 222 223
#
# Control how error messages are returned to the user. If the session is
# not actually "interactive" then do not send any output to the browser.
# Just save it up and let the page deal with it. 
#
$session_interactive  = 1;
$session_errorhandler = 0;

224 225 226 227 228 229 230 231
#
# Wrap up the mail function so we can prepend a tag to the subject
# line that indicates what testbed. Useful when multiple testbed
# email to the same list.
#
# 
function TBMAIL($to, $subject, $message, $headers = 0)
{
232
    global $TBMAILTAG;
233

234
    $subject = strtoupper($TBMAILTAG) . ": $subject";
235

236
    $tag = "X-NetBed: " . basename($_SERVER["SCRIPT_NAME"]);
237 238 239 240 241 242 243 244
    
    if ($headers) {
	$headers = "$headers\n" . $tag;
    }
    else {
	$headers = $tag;
    }
    return mail($to, $subject, $message, $headers);
245 246
}

247 248 249 250 251
#
#
# Identical to perl function of the same name
#
#
252 253
function SendProjAdminMail($project, $from, $to,
			   $subject, $message, $headers = "")
254
{
255
    global $MAILMANSUPPORT, $TBMAIL_APPROVAL, $TBMAIL_AUDIT;
256
    global $OURDOMAIN, $TBMAIL_WWW, $TBMAILTAG;
257 258 259 260
    $pid = $project->pid();
    
    $projadminmail =
	($project->isAPT() ? "aptlab-approval@aptlab.net" :
261 262
	 ($project->isCloud() ? "cloudlab-approval@cloudlab.us" :
	  ($project->isPNet() ? "phantomnet-approval@phantomnet.org" :
263 264
           ($project->isPowder() ? "powder-approval@powderwireless.net" :
            $TBMAIL_APPROVAL))));
265 266
    $TBMAILTAG =
	($project->isAPT() ? "aptlab.net" :
267 268
	 ($project->isCloud() ? "cloudlab.us" : 
	  ($project->isPNet() ? "phantomnet.org" :
269 270
           ($project->isPowder() ? "powderwireless.net" :
            $TBMAILTAG))));
271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296
    if ($headers) {
        $headers .= "\n";
    }
    if ($from == 'ADMIN') {
	$from = $projadminmail;
	$headers .= "Bcc: $projadminmail\n";
    } elseif ($to == 'ADMIN') {
	$to = $projadminmail;
	$headers .= "Reply-To: $projadminmail\n";
    } else {
	$headers .= "Bcc: $projadminmail\n";
    }
    $headers .= "From: $from\n";
    if ($from == 'AUDIT') {
	$from = $TBMAIL_AUDIT;
	$headers .= "Bcc: $TBMAIL_AUDIT\n";
    } elseif ($to == "AUDIT") {
	$to = $TBMAIL_AUDIT;
    } else {
	$headers .= "Bcc: $TBMAIL_AUDIT\n";
    }
    $headers .= "Errors-To: $TBMAIL_WWW\n"; # FIXME: Why?
    $headers = substr($headers, 0, -1);
    TBMAIL($to, $subject, $message, $headers);
}

297 298 299 300 301
#
# Internal errors should be reported back to the user simply. The actual 
# error information should be emailed to the list for action. The script
# should then terminate if required to do so.
#
Leigh B. Stoller's avatar
Leigh B. Stoller committed
302
function TBERROR ($message, $death, $xmp = 0) {
303 304 305
    global $TBMAIL_WWW, $TBMAIL_OPS, $TBMAILADDR, $TBMAILADDR_OPS;
    global $session_interactive, $session_errorhandler;
    $script = urldecode($_SERVER['REQUEST_URI']);
306

307 308
    CLEARBUSY();

309 310
    TBMAIL($TBMAIL_OPS,
         "WEB ERROR REPORT",
311
         "\n".
312
	 "In $script\n\n".
313 314 315
         "$message\n\n".
         "Thanks,\n".
         "Testbed WWW\n",
316
         "From: $TBMAIL_OPS\n".
317
         "Errors-To: $TBMAIL_WWW");
318

319
    if ($death) {
320 321 322 323 324 325 326
	if ($session_interactive)
	    PAGEERROR("Could not continue. Please contact $TBMAILADDR");
	elseif ($session_errorhandler) {
	    $session_errorhandler("Could not continue. ".
				  "Please contact $TBMAILADDR_OPS", $death);
	}
	exit(1);
327 328 329
    }
    return 0;
}
Leigh B. Stoller's avatar
Leigh B. Stoller committed
330 331

#
332 333 334 335 336
# General user errors should print something warm and fuzzy.  If a
# header is not already printed and the dealth paramater is true, then
# assume the error is a precheck error and send an appropriate HTTP
# response to prevent robots from indexing the page.  This currently
# defaults to a "400 Bad Request", but that may change in the future.
Leigh B. Stoller's avatar
Leigh B. Stoller committed
337
#
338 339
function USERERROR($message, $death = 1, 
	           $status_code = HTTP_400_BAD_REQUEST) {
340
    global $TBMAILADDR;
341 342
    global $session_interactive, $session_errorhandler;

343 344
    CLEARBUSY();

345 346 347 348 349 350 351 352 353 354
    if (! $session_interactive) {
	if ($session_errorhandler)
	    $session_errorhandler($message, $death);
	else
	    echo "$message";

	if ($death)
	    exit(1);
	return;
    }
355

356
    $msg = "<font size=+1><br>
357
            $message
358
      	    </font>
359
            <br><br><br>
360 361 362
            <font size=-1>
            Please contact $TBMAILADDR if you feel this message is an error.
            </font>\n";
363

Leigh B. Stoller's avatar
Leigh B. Stoller committed
364
    if ($death) {
365
	PAGEERROR($msg, $status_code);
Leigh B. Stoller's avatar
Leigh B. Stoller committed
366
    }
367 368
    else
        echo "$msg\n";
Leigh B. Stoller's avatar
Leigh B. Stoller committed
369 370
}

371 372 373 374 375 376 377 378
#
# A form error.
#
function FORMERROR($field) {
    USERERROR("Missing field; ".
              "Please go back and fill out the \"$field\" field!", 1);
}

379 380 381
#
# A page argument error. 
# 
382
function PAGEARGERROR($msg = 0) {
383 384
    $default = "Invalid page arguments: " .
          	htmlspecialchars($_SERVER['REQUEST_URI']);
385 386 387 388

    if ($msg) {
	$default = "$default<br><br>$msg";
    }
389
    USERERROR($default, 1, HTTP_400_BAD_REQUEST);
390 391
}

392
#
393
# SUEXEC stuff.
394
#
395 396
# Save this stuff so we can generate better error messages and such.
# 
397 398 399 400
$suexec_cmdandargs   = "";
$suexec_retval       = 0;
$suexec_output       = "";
$suexec_output_array = null;
401

402 403 404 405 406 407 408
#
# Actions for suexec. 
#
define("SUEXEC_ACTION_CONTINUE",	0);
define("SUEXEC_ACTION_DIE",		1);
define("SUEXEC_ACTION_USERERROR",	2);
define("SUEXEC_ACTION_IGNORE",		3);
409
define("SUEXEC_ACTION_DUPDIE",		4);
410 411
# SUEXEC_ACTION_MAIL_TBLOGS to be ored with one of the above actions
define("SUEXEC_ACTION_MAIL_TBLOGS",     64);
412

413 414 415 416 417
#
# An suexec error.
#
function SUEXECERROR($action)
{
418
    global $suexec_cmdandargs, $suexec_retval;
419
    global $suexec_output;
420

421 422
    $foo  = "Shell Program Error. Exit status: $suexec_retval\n";
    $foo .= "  '$suexec_cmdandargs'\n";
423 424 425
    $foo .= "\n";
    $foo .= $suexec_output;

426 427
    switch ($action) {
    case SUEXEC_ACTION_CONTINUE:
428
	TBERROR($foo, 0, 1);
429 430 431 432 433 434 435 436 437
        break;
    case SUEXEC_ACTION_DIE:
	TBERROR($foo, 1, 1);
        break;
    case SUEXEC_ACTION_USERERROR:
	USERERROR("<XMP>$foo</XMP>", 1);
        break;
    case SUEXEC_ACTION_IGNORE:
	break;
438 439 440 441
    case SUEXEC_ACTION_DUPDIE:
	TBERROR($foo, 0, 1);
	USERERROR("<XMP>$foo</XMP>", 1);
        break;
442 443 444 445 446 447 448 449 450 451
    default:
	TBERROR($foo, 1, 1);
    }
}

#
# Run a program as a user.
#
function SUEXEC($uid, $gid, $cmdandargs, $action) {
    global $TBSUEXEC_PATH;
452 453
    global $suexec_cmdandargs, $suexec_retval;
    global $suexec_output, $suexec_output_array;
454 455 456 457 458 459 460
    global $TBMAIL_LOGS;

    $mail_tblog = 0;
    if ($action & SUEXEC_ACTION_MAIL_TBLOGS) {
	$action &= ~SUEXEC_ACTION_MAIL_TBLOGS;
	$mail_tblog = 1;
    }
461 462 463

    ignore_user_abort(1);

464 465 466 467
    $suexec_cmdandargs   = "$uid $gid $cmdandargs";
    $suexec_output_array = array();
    $suexec_output       = "";
    $suexec_retval       = 0;
468
    
469 470 471 472 473 474 475
    exec("$TBSUEXEC_PATH $suexec_cmdandargs",
	 $suexec_output_array, $suexec_retval);

    # Yikes! Something is not doing integer conversion properly!
    if ($suexec_retval == 255) {
	$suexec_retval = -1;
    }
476
    #
477
    # suexec.c puts its error message between 101 and 125. Convert that
478 479
    # to an internal error and generate an error that says something useful.
    #
480 481 482
    # XXX Ignore 101, something in the geni-lib path uses it.
    #
    if (0 && $suexec_retval > 101 && $suexec_retval <= 125 &&
483 484 485
        !count($suexec_output_array)) {
        $suexec_output_array[0] =
            "Internal suexec error $suexec_retval. See the suexec log";
486 487
        $suexec_retval = -1;
    }
488 489 490 491 492 493

    if (count($suexec_output_array)) {
	for ($i = 0; $i < count($suexec_output_array); $i++) {
	    $suexec_output .= "$suexec_output_array[$i]\n";
	}
    }
494

495 496 497 498 499 500 501 502 503
    if ($mail_tblog) {
	$mesg  = "$TBSUEXEC_PATH $suexec_cmdandargs\n";
	$mesg .= "Return Value: $suexec_retval\n\n";
	$mesg .= "--------- OUTPUT ---------\n";
	$mesg .= $suexec_output;
	
	TBMAIL($TBMAIL_LOGS, "suexec: $cmdandargs", $mesg);
    }

504 505 506 507 508 509 510
    #
    # The output is still available of course, via $suexec_output.
    # 
    if ($suexec_retval == 0 || $action == SUEXEC_ACTION_IGNORE) {
	return $suexec_retval;
    }
    SUEXECERROR($action);
511 512
    # Must return the shell value!
    return $suexec_retval;
513 514
}

515 516 517 518 519 520
#
# We invoke addpubkey as user nobody all the time. The implied user is passed
# along in an HTTP_ variable (see tbauth). This avoids a bunch of confusion
# that results from new users who do not have a context yet. 
#
function ADDPUBKEY($cmdandargs) {
521 522
    global $TBSUEXEC_PATH;

523 524
    return SUEXEC("nobody", "nobody", "webaddpubkey $cmdandargs",
		  SUEXEC_ACTION_CONTINUE);
525 526
}

Leigh B. Stoller's avatar
Leigh B. Stoller committed
527 528 529 530
#
# Verify a URL.
#
function CHECKURL($url, &$error) {
531
    global $HTTPTAG, $HTTPSTAG;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
532 533 534 535 536 537

    if (strlen($url)) {
	if (strstr($url, " ")) {
	    $error = "URL is malformed; spaces are not allowed!";
	    return 0;
	}
538 539 540
        #
        # We no longer fopen the url ... 
        #
Leigh B. Stoller's avatar
Leigh B. Stoller committed
541 542 543 544 545 546 547 548 549 550
    }
    return 1;
}

#
# Check a password.
#
function CHECKPASSWORD($uid, $password, $name, $email, &$error)
{
    global $TBCHKPASS_PATH;
551

552 553
    # Watch for caller errors since this calls to the shell.
    if (empty($uid) || empty($password) || empty($name) || empty($email)) {
554
	$error = "Internal Error";
555 556
	return 0;
    }
557 558 559 560 561
    # Ascii only.
    if (! TBvalid_userdata($password)) {
	$error = "Invalid characters; ascii only please";
	return 0;
    }
562

563 564 565
    $uid      = escapeshellarg($uid);
    $password = escapeshellarg($password);
    $stuff    = escapeshellarg("$name:$email");
Leigh B. Stoller's avatar
Leigh B. Stoller committed
566
    
567
    $mypipe = popen("$TBCHKPASS_PATH $password $uid $stuff", "w+");
Leigh B. Stoller's avatar
Leigh B. Stoller committed
568 569 570 571 572 573 574 575 576 577 578 579 580
    
    if ($mypipe) { 
        $retval=fgets($mypipe, 1024);
        if (strcmp($retval,"ok\n") != 0) {
	    $error = "$retval";
	    return 0;
	}
	return 1;
    }
    TBERROR("Checkpass Failure! Returned '$mypipe'.\n\n".
	    "$TBCHKPASS_PATH $password $uid '$name:$email'", 1);
}

581 582 583 584 585 586 587 588 589 590 591 592 593 594 595
#
# Grab a UUID (universally unique identifier).
#
function NewUUID()
{
    global $UUIDGEN_PATH;

    $uuid = shell_exec($UUIDGEN_PATH);
    
    if (isset($uuid) && $uuid != "") {
	return rtrim($uuid);
    }
    TBERROR("$UUIDGEN_PATH Failure", 1);
}

Leigh B Stoller's avatar
Leigh B Stoller committed
596 597 598 599 600 601 602 603 604
# Check pattern.
function IsValidUUID($token)
{
    if (preg_match("/^\w+\-\w+\-\w+\-\w+\-\w+$/", $token)) {
	return 1;
    }
    return 0;
}

605 606 607 608
function LASTNODELOGIN($node)
{
}

609 610 611 612 613 614 615 616
function VALIDUSERPATH($path, $uid="", $pid="", $gid="", $eid="")
{
    global $TBPROJ_DIR, $TBUSER_DIR, $TBGROUP_DIR, $TBSCRATCH_DIR;

    #
    # No ids specified, just make sure it starts with an appropriate prefix.
    #
    if (!$uid && !$pid && !$gid && !$eid) {
Mike Hibler's avatar
Mike Hibler committed
617 618 619
	if (preg_match("#^$TBPROJ_DIR/.*#", $path) ||
	    preg_match("#^$TBUSER_DIR/.*#", $path) ||
	    preg_match("#^$TBGROUP_DIR/.*#", $path)) {
620 621
	    return 1;
	}
Mike Hibler's avatar
Mike Hibler committed
622
	if ($TBSCRATCH_DIR && preg_match("#^$TBSCRATCH_DIR/.*#", $path)) {
623 624 625 626 627 628 629 630 631
	    return 1;
	}
	return 0;
    }

    # XXX for now, see tbsetup/libtestbed.pm for what should happen
    return 0;
}

632 633 634 635 636 637 638 639 640 641 642 643 644 645 646 647
#
# A function to print the contents of an array (recursively).
# Mostly useful for debugging.
#
function ARRAY_PRINT($arr) {
  if (!is_array($arr)) { echo "non-array '$arr'\n"; }
  foreach ($arr as $i => $val) {
    echo("'$i' - '$val'\n");
    if (is_array($val)) {
      echo "Sub-array $i:\n";
      array_print($val);
      echo "End Sub-array $i.\n";
    }
  }
}

648 649 650 651 652 653 654
#
# Return Yes or No given boolean
#
function YesNo($bool) {
    return ($bool ? "Yes" : "No");
}

Kirk Webb's avatar
Kirk Webb committed
655 656 657
#
# See if someone is logged in, and if they need to be redirected.
#
Kirk Webb's avatar
Kirk Webb committed
658
function CheckRedirect() {
Kirk Webb's avatar
Kirk Webb committed
659 660 661 662 663 664 665 666 667 668 669 670 671 672 673 674
    global $stayhome;

    if (($this_user = CheckLogin($check_status))) {
	$check_status = $check_status & CHECKLOGIN_STATUSMASK;
	if ($check_status == CHECKLOGIN_MAYBEVALID) {
            # Maybe the reason was because they where not using HTTPS ...
	    RedirectHTTPS();
	}
	
	if (($firstinitstate = TBGetFirstInitState())) {
	    unset($stayhome);
	}
	if (!isset($stayhome)) {
	    if ($check_status == CHECKLOGIN_LOGGEDIN) {
		if ($firstinitstate == "createproject") {
                    # Zap to NewProject Page,
Kirk Webb's avatar
Kirk Webb committed
675
		    header("Location: $TBBASE/newproject.php3");
Kirk Webb's avatar
Kirk Webb committed
676 677 678
		}
		else {
                    # Zap to My Emulab page.
Kirk Webb's avatar
Kirk Webb committed
679
		    header("Location: $TBBASE/".
Kirk Webb's avatar
Kirk Webb committed
680 681 682 683 684 685 686 687
			   CreateURL("showuser", $this_user));
		}
		exit;
	    }
	}
    }
}

688 689 690 691 692 693 694 695 696 697 698
#
# Loop over the $ALTERNATE_DOMAINS global array and see if the incoming
# request asked for a virtual domain for which we have an alternate set
# of definitions and/or view.
#
# Return 1 if a domain in the array matched, 0 otherwise.  Has MAJOR
# side effects: updates/overrides many top-level variables.
#
function SetDomainDefs()
{
    global $WWWHOST, $OURDOMAIN, $WWW, $THISHOMEBASE, $TBAUTHDOMAIN, $TBBASE;
699
    global $TBDOCBASE, $TBWWW, $WIKINODE, $WIKIDOCURL, $TBMAINSITE, $FORUMURL;
Kirk Webb's avatar
Kirk Webb committed
700
    global $ALTERNATE_DOMAINS, $FLAVOR, $DOMVIEW, $ISALTDOMAIN;
701

702 703
    foreach ($ALTERNATE_DOMAINS as $altdom) {
	list($dpat, $ovr) = $altdom;
704
	if (preg_match($dpat, $_SERVER['SERVER_NAME']) == 1) {
705
	    $ISALTDOMAIN  = 1;
706 707 708
	    # Replacement defs derived from the virtual domain itself.
	    $WWWHOST	  = $_SERVER['SERVER_NAME'];
	    $OURDOMAIN    = implode(".", array_slice(explode(".",$WWWHOST),1));
709 710 711 712 713 714
            # For devel trees
	    if (preg_match("/\/([\w\/]+)$/", $WWW, $matches)) {
	        $WWW      = $WWWHOST . "/" . $matches[1];
	    } else {
	        $WWW	  = $WWWHOST;
	    }
715 716 717 718 719 720 721 722
	    $TBAUTHDOMAIN = ".$OURDOMAIN";
	    $TBBASE	  = "https://$WWWHOST";
	    $TBDOCBASE	  = "http://$WWWHOST";
	    $TBWWW	  = "<$TBBASE/>";

	    # Defs that may be overriden in the domain's configuration array
	    if (isset($ovr['THISHOMEBASE'])) {
		$THISHOMEBASE = $ovr['THISHOMEBASE'];
Kirk Webb's avatar
Kirk Webb committed
723
		$FLAVOR       = $THISHOMEBASE;
724 725 726 727 728 729
	    }
	    if (isset($ovr['WIKINODE'])) {
		$WIKINODE     = $ovr['WIKINODE'];
	    } else {
		$WIKINODE     = "wiki.$OURDOMAIN";
	    }
730 731
	    if (isset($ovr['WIKIDOCURL'])) {
		$WIKIDOCURL   = $ovr['WIKIDOCURL'];
732
	    } else {
733
		$WIKIDOCURL   = "http://${WIKINODE}/wikidocs/wiki";
734
	    }
735 736 737
	    if (isset($ovr['FORUMURL'])) {
	        $FORUMURL     = $ovr['FORUMURL'];
	    }
738 739 740 741 742
	    if (isset($ovr['DOMVIEW'])) {
		$DOMVIEW      = $ovr['DOMVIEW'];
	    }

	    # Given that this is an alternate domain, clear TBMAINSITE
743
	    #$TBMAINSITE = 0;
744 745 746 747 748 749 750 751
	    
	    # Bail after the first domain match.
	    return 1;
	}
    }
    return 0;
}

752 753 754 755 756 757 758 759 760 761 762 763 764 765 766 767 768 769
#
# If the page was accessed via http redirect to https and exit
# otherwise do nothing
#
function RedirectHTTPS() {
    global $WWWHOST,$drewheader;
    if ($drewheader) {
	trigger_error(
	    "PAGEHEADER called before RedirectHTTPS ".
	    "Won't be able to redirect to HTTPS if necessary ".
	    "in ". $_SERVER['SCRIPT_FILENAME'] . ",",
	    E_USER_WARNING);
    } else if (!@$_SERVER['HTTPS'] && $_SERVER['REQUEST_METHOD'] == 'GET') {
	header("Location: https://$WWWHOST". $_SERVER['REQUEST_URI']);
	exit;
    }
}

770 771 772 773 774 775 776 777
#
# Clean out going string to be html safe.
#
function CleanString($string)
{
    return htmlspecialchars($string, ENT_QUOTES);
}

778 779 780 781 782 783 784
#
# Generate an authentication object to pass to the browser that
# is passed to the web server on boss. This is used to grant
# permission to the user to invoke ssh to a local node using their
# emulab generated (no passphrase) key. This is basically a clone
# of what GateOne does, but that code was a mess. 
#
Leigh B Stoller's avatar
Leigh B Stoller committed
785
function UnusedSSHAuthObject($uid)
786 787 788 789 790 791 792 793 794 795 796 797 798 799 800 801 802 803 804 805 806 807 808 809 810 811 812 813 814 815 816 817 818 819
{
    $file = "/usr/testbed/etc/sshauth.key";
    
    #
    # We need the secret that is shared with ops.
    #
    $fp = fopen($file, "r");
    if (! $fp) {
	TBERROR("Error opening $file", 0);
	return null;
    }
    list($api_key,$secret) = preg_split('/:/', fread($fp, 128));
    fclose($fp);
    if (!($secret && $api_key)) {
	TBERROR("Could not get key from $file", 0);
	return null;
    }
    $secret = chop($secret);

    $authobj = array(
	'api_key' => $api_key,
	'upn' => $uid,
	'timestamp' => time() . '000',
	'signature_method' => 'HMAC-SHA1',
	'api_version' => '1.0'
    );
    $authobj['signature'] = hash_hmac('sha1',
				      $authobj['api_key'] . $authobj['upn'] .
				      $authobj['timestamp'], $secret);
    $valid_json_auth_object = json_encode($authobj);

    return $valid_json_auth_object;
}

820 821 822 823
#
# Beware empty spaces (cookies)!
# 
require("tbauth.php3");
824 825 826 827

#
# Okay, this is what checks the login and spits out the menu.
#
828
require("Sajax.php");
829
require("menu.php3");
830
?>