server-ajax.php 10.7 KB
Newer Older
1 2
<?php
#
3
# Copyright (c) 2000-2016 University of Utah and the Flux Group.
4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27
# 
# {{{EMULAB-LICENSE
# 
# This file is part of the Emulab network testbed software.
# 
# This file is free software: you can redistribute it and/or modify it
# under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or (at
# your option) any later version.
# 
# This file is distributed in the hope that it will be useful, but WITHOUT
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Affero General Public
# License for more details.
# 
# You should have received a copy of the GNU Affero General Public License
# along with this file.  If not, see <http://www.gnu.org/licenses/>.
# 
# }}}
#
chdir("..");
include("defs.php3");
chdir("apt");
include("quickvm_sup.php");
28 29
# Must be after quickvm_sup.php since it changes the auth domain.
include_once("../session.php");
30

31 32 33 34 35
#
# Poor man routing description.
#
$routing = array("myprofiles" =>
			array("file"    => "myprofiles.ajax",
36 37 38
			      "guest"   => false,
			      "methods" => array("GetProfile" =>
						      "Do_GetProfile")),
39 40 41
		 "geni-login" =>
			array("file"    => "geni-login.ajax",
			      "guest"   => true,
42 43 44
			      "methods" => array("GetSignerInfo" =>
						      "Do_GetSignerInfo",
						 "CreateSecret" =>
45 46 47
						      "Do_CreateSecret",
						 "VerifySpeaksfor" =>
						      "Do_VerifySpeaksfor")),
48 49
		 "dashboard" =>
			array("file"    => "dashboard.ajax",
50
			      "guest"   => false,
51 52
			      "methods" => array("GetStats" =>
						      "Do_GetStats")),
53 54 55 56
		 "cluster-status" =>
			array("file"    => "cluster-status.ajax",
			      "guest"   => false,
			      "methods" => array("GetStatus" =>
57 58 59
                                                    "Do_GetStatus",
                                                 "GetPreReservations" =>
						      "Do_GetPreReservations")),
60 61 62 63 64
		 "sumstats" =>
			array("file"    => "sumstats.ajax",
			      "guest"   => false,
			      "methods" => array("GetDurationInfo" =>
						      "Do_GetDurationInfo")),
65 66 67
		 "instantiate" =>
			array("file"    => "instantiate.ajax",
			      "guest"   => true,
68
			      "methods" => array("GetProfile" =>
69
						     "Do_GetProfile",
70 71 72 73 74 75
						 "CheckForm" =>
						     "Do_CheckForm",
						 "VerifyEmail" =>
						     "Do_VerifyEmail",
						 "Submit" =>
						     "Do_Submit",
76 77 78
						 "Instantiate" =>
						     "Do_Instantiate",
						 "GetParameters" =>
79 80
                                                     "Do_GetParameters",
						 "GetImageInfo" =>
81 82 83 84 85
						     "Do_GetImageInfo",
						 "MarkFavorite" =>
						     "Do_MarkFavorite",
						 "ClearFavorite" =>
						     "Do_ClearFavorite")),
86 87
		 "manage_profile" =>
			array("file"    => "manage_profile.ajax",
88 89
			      "guest"   => false,
			      "methods" => array("CloneStatus" =>
90
						     "Do_CloneStatus",
91 92 93 94
						 "DeleteProfile" =>
						     "Do_DeleteProfile",
						 "PublishProfile" =>
						     "Do_PublishProfile",
95
						 "InstantiateAsGuest" =>
96 97
						     "Do_GuestInstantiate",
						 "CheckScript" =>
98 99 100
						     "Do_CheckScript",
						 "BindParameters" =>
						     "Do_BindParameters")),
101 102
		 "status" =>
			array("file"    => "status.ajax",
103
			      "guest"   => true,
104 105
			      "methods" => array("GetInstanceStatus" =>
						   "Do_GetInstanceStatus",
106 107 108 109
						 "ExpInfo" =>
						    "Do_ExpInfo",
						 "Utilization" =>
						    "Do_Utilization",
110 111 112 113 114 115
						 "TerminateInstance" =>
						    "Do_TerminateInstance",
						 "GetInstanceManifest" =>
						    "Do_GetInstanceManifest",
						 "GetSSHAuthObject" =>
						    "Do_GetSSHAuthObject",
116 117
						 "ConsoleURL" =>
						     "Do_ConsoleURL",
Leigh B Stoller's avatar
Leigh B Stoller committed
118 119
						 "DeleteNodes" =>
						     "Do_DeleteNodes",
120
						 "RequestExtension" =>
121
						     "Do_RequestExtension",
122 123
						 "DenyExtension" =>
						     "Do_DenyExtension",
124 125 126
						 "SnapShot" =>
						     "Do_Snapshot",
						 "SnapshotStatus" =>
127 128 129
                                                     "Do_SnapshotStatus",
						 "Reboot" =>
                                                     "Do_Reboot",
130 131
						 "Reload" =>
                                                     "Do_Reload",
132
						 "Refresh" =>
133
						     "Do_Refresh",
134 135
						 "DecryptBlocks" =>
						     "Do_DecryptBlocks",
136
						 "Lockout" =>
137 138
                                                     "Do_Lockout",
						 "Quarantine" =>
139 140
						     "Do_Quarantine",
						 "LinktestControl" =>
141 142 143
						     "Do_Linktest",
						 "dismissExtensionDenied" =>
						     "Do_DismissExtensionDenied")),
144 145 146 147 148 149 150
		 "approveuser" =>
			array("file"    => "approveuser.ajax",
			      "guest"   => false,
			      "methods" => array("approve" =>
						     "Do_Approve",
						 "deny" =>
						      "Do_Deny")),
151 152 153 154 155
		 "dataset" =>
			array("file"    => "dataset.ajax",
			      "guest"   => false,
			      "methods" => array("create" =>
						      "Do_CreateDataset",
Leigh B Stoller's avatar
Leigh B Stoller committed
156 157
						 "modify" =>
						      "Do_ModifyDataset",
158 159
						 "delete" =>
						      "Do_DeleteDataset",
Leigh B Stoller's avatar
Leigh B Stoller committed
160 161
						 "refresh" =>
						      "Do_RefreshDataset",
162
						 "approve" =>
163 164
						     "Do_ApproveDataset",
						 "extend" =>
165 166 167
                                                      "Do_ExtendDataset",
						 "getinfo" =>
						      "Do_GetInfo")),
168 169 170 171 172 173 174
		 "ssh-keys" =>
			array("file"    => "ssh-keys.ajax",
			      "guest"   => false,
			      "methods" => array("addkey" =>
						      "Do_AddKey",
						 "deletekey" =>
                                                      "Do_DeleteKey")),
175 176 177 178
		 "myaccount" =>
			array("file"    => "myaccount.ajax",
			      "guest"   => false,
			      "methods" => array("update" =>
179 180 181 182 183 184 185 186
                                                 "Do_Update")),
		 "user-dashboard" =>
			array("file"    => "user-dashboard.ajax",
			      "guest"   => false,
			      "methods" => array("ExperimentList" =>
						      "Do_ExperimentList",
                                                 "ProjectList" =>
                                                      "Do_ProjectList",
187 188
                                                 "UsageSummary" =>
                                                      "Do_UsageSummary",
189 190
                                                 "ProfileList" =>
                                                      "Do_ProfileList",
191 192
                                                 "Toggle" =>
                                                     "Do_Toggle",
Leigh B Stoller's avatar
Leigh B Stoller committed
193 194
                                                 "SendTestMessage" =>
                                                     "Do_SendTestMessage",
195 196 197 198 199 200 201 202 203 204 205
                                                 "AccountDetails" =>
                                                      "Do_AccountDetails")),
		 "show-project" =>
			array("file"    => "show-project.ajax",
			      "guest"   => false,
			      "methods" => array("ExperimentList" =>
						      "Do_ExperimentList",
                                                 "ProfileList" =>
                                                      "Do_ProfileList",
                                                 "MemberList" =>
                                                      "Do_MemberList",
206 207
                                                 "UsageSummary" =>
                                                      "Do_UsageSummary",
208 209
                                                 "ProjectProfile" =>
                                                      "Do_ProjectProfile")),
210 211 212 213 214
		 "ranking" =>
			array("file"    => "ranking.ajax",
			      "guest"   => false,
			      "methods" => array("RankList" =>
                                                     "Do_RankList")),
215 216 217 218 219 220 221
                 "announcement" =>
                        array("file"    => "announcement.ajax",
                              "guest"   => false,
                              "methods" => array("Dismiss" =>
                                                     "Do_Dismiss",
                                                 "Click" =>
                                                     "Do_Click"))
222
);
223

224 225 226 227 228 229 230 231 232 233 234 235
#
# Redefine this so we return XML instead of html for all errors.
#
$PAGEERROR_HANDLER = function($msg, $status_code = 0) {
    if ($status_code == 0) {
	$status_code = 1;
    }
    SPITAJAX_ERROR(1, $msg);
    return;
};

#
236
# Included file determines if guest user okay.
237 238
#
$this_user = CheckLogin($check_status);
239 240 241 242 243 244

#
# Check user login, called by included code. Basically just a
# way to let guest users pass through when allowed, without
# duplicating the code in each file.
#
245
function CheckLoginForAjax($guestokay = false)
246 247 248 249 250 251 252 253 254 255 256 257 258 259
{
    global $this_user, $check_status;

    # Known user, but timed out.
    if ($check_status & CHECKLOGIN_TIMEDOUT) {
	SPITAJAX_ERROR(2, "Your login has timed out");
	exit(2);
    }
    # Logged in user always okay.
    if (isset($this_user)) {
	if ($check_status & CHECKLOGIN_MAYBEVALID) {
	    SPITAJAX_ERROR(2, "Your login cannot be verified. Cookie problem?");
	    exit(2);
	}
Leigh B Stoller's avatar
Leigh B Stoller committed
260 261 262 263 264 265 266 267 268 269
        # Known user, but not approved.
	if ($check_status & CHECKLOGIN_UNAPPROVED) {
	    SPITAJAX_ERROR(2, "Your account has not been approved yet");
	    exit(2);
	}
	# Known user, but not active.
	if (! ($check_status & CHECKLOGIN_ACTIVE)) {
	    SPITAJAX_ERROR(2, "Your account is no longer active");
	    exit(2);
	}
270 271 272 273 274 275 276
        # Kludge, still thinking about it. If a geni user has no project
        # permissions at their SA, then we mark the acount as WEBONLY, and
        # deny access to anything that is not marked as guest okay. 
	if ($check_status & CHECKLOGIN_WEBONLY && !$guestokay) {
	    SPITAJAX_ERROR(2, "Your account is not allowed to do this");
	    exit(2);
        }
277 278 279
	return;
    }
    if (!$guestokay) {
280
	SPITAJAX_ERROR(2, "You are not logged in");	
281 282
	exit(2);
    }
283 284
}

285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310
#
# So we can capture stderr. Sheesh.
# 
function myexec($cmd)
{
    ignore_user_abort(1);

    $myexec_output_array = array();
    $myexec_output       = "";
    $myexec_retval       = 0;
    
    exec("$cmd 2>&1", $myexec_output_array, $myexec_retval);
    if ($myexec_retval) {
	for ($i = 0; $i < count($myexec_output_array); $i++) {
	    $myexec_output .= "$myexec_output_array[$i]\n";
	}
	$foo  = "Shell Program Error. Exit status: $myexec_retval\n";
	$foo .= "  '$cmd'\n";
	$foo .= "\n";
	$foo .= $myexec_output;
	TBERROR($foo, 0);
	return 1;
    }
    return 0;
}

311 312 313
#
# Verify page arguments.
#
314
$optargs = RequiredPageArguments("ajax_route",    PAGEARG_STRING,
315 316 317 318
				 "ajax_method",   PAGEARG_STRING,
				 "ajax_args",     PAGEARG_ARRAY);

#
319
# Verify page and method.
320
#
321 322 323
if (! array_key_exists($ajax_route, $routing)) {
    SPITAJAX_ERROR(1, "Invalid route: $ajax_route");
    exit(1);
324
}
325 326 327
if (! array_key_exists($ajax_method, $routing[$ajax_route]["methods"])) {
    SPITAJAX_ERROR(1, "Invalid method: $ajax_route,$ajax_method");
    exit(1);
328
}
329
CheckLoginForAjax($routing[$ajax_route]["guest"]);
330 331 332
include($routing[$ajax_route]["file"]);
call_user_func($routing[$ajax_route]["methods"][$ajax_method]);

333
?>