defs.php3.in 9.23 KB
Newer Older
1 2
<?php
#
3
# Standard definitions! 
4
#
5
$TBDIR          = "@prefix@/";
6
$OURDOMAIN      = "@OURDOMAIN@";
7
$BOSSNODE       = "@BOSSNODE@";
8
$USERNODE       = "@USERNODE@";
9
$TBADMINGROUP   = "@TBADMINGROUP@";
10 11 12 13 14 15 16
$WWWHOST	= "@WWWHOST@";
$WWW		= "@WWW@";
$TBAUTHDOMAIN	= "@TBAUTHDOMAIN@";
$TBBASE		= "@TBBASE@";
$TBDOCBASE	= "@TBDOCBASE@";
$TBWWW		= "@TBWWW@";
$THISHOMEBASE	= "@THISHOMEBASE@";
17
$ELABINELAB     = @ELABINELAB@;
18

19 20 21 22 23 24
$TBMAILADDR_OPS		= "@TBOPSEMAIL_NOSLASH@";
$TBMAILADDR_WWW		= "@TBWWWEMAIL_NOSLASH@";
$TBMAILADDR_APPROVAL	= "@TBAPPROVALEMAIL_NOSLASH@";
$TBMAILADDR_LOGS	= "@TBLOGSEMAIL_NOSLASH@";
$TBMAILADDR_AUDIT	= "@TBAUDITEMAIL_NOSLASH@";

25 26 27 28 29
# Can override this in the defs file. 
$TBAUTHTIMEOUT  = "@TBAUTHTIMEOUT@";
$TBMAINSITE     = "@TBMAINSITE@";
$TBSECURECOOKIES= "@TBSECURECOOKIES@";
$TBCOOKIESUFFIX = "@TBCOOKIESUFFIX@";
30

Leigh Stoller's avatar
Leigh Stoller committed
31 32
$TBWWW_DIR	= "$TBDIR"."www/";
$TBBIN_DIR	= "$TBDIR"."bin/";
33
$TBETC_DIR	= "$TBDIR"."etc/";
34 35 36
$TBLIBEXEC_DIR	= "$TBDIR"."libexec/";
$TBSUEXEC_PATH  = "$TBLIBEXEC_DIR/suexec";
$TBCHKPASS_PATH = "$TBLIBEXEC_DIR/checkpass";
37
$TBCSLOGINS     = "$TBETC_DIR/cslogins";
38

39 40
#
# Hardcoded check against $WWWHOST, to prevent anyone from accidentally setting
41
# $TBMAINSITE when it should not be
42 43 44 45 46
#
if ($WWWHOST != "www.emulab.net") {
    $TBMAINSITE = 0;
}

47
$TBPROJ_DIR     = "/proj";
48
$TBUSER_DIR	= "/users";
49
$TBGROUP_DIR	= "/groups";
Leigh Stoller's avatar
Leigh Stoller committed
50
$TBNSSUBDIR     = "nsdir";
Leigh Stoller's avatar
Leigh Stoller committed
51

52 53
$TBAUTHCOOKIE   = "HashCookie" . $TBCOOKIESUFFIX;
$TBNAMECOOKIE   = "MyUidCookie" . $TBCOOKIESUFFIX;
54
$TBLOGINCOOKIE  = "LoginCookie" . $TBCOOKIESUFFIX;
55

56 57
$HTTPTAG        = "http://";

58 59 60 61 62 63
$TBMAIL_OPS		= "Testbed Ops <$TBMAILADDR_OPS>";
$TBMAIL_WWW		= "Testbed WWW <$TBMAILADDR_WWW>";
$TBMAIL_APPROVAL	= "Testbed Approval <$TBMAILADDR_APPROVAL>";
$TBMAIL_LOGS		= "Testbed Logs <$TBMAILADDR_LOGS>";
$TBMAIL_AUDIT		= "Testbed Audit <$TBMAILADDR_AUDIT>";

64
#
65 66 67
# This just spits out an email address in a page, so it does not need
# to be configured per development tree. It could be though ...
# 
68 69
$TBMAILADDR     = "<a href=\"mailto:$TBMAILADDR_OPS\">
                      Testbed Operations ($TBMAILADDR_OPS)</a>";
70

71 72 73
# So subscripts always know ...
putenv("HTTP_SCRIPT=1");

74 75 76 77 78
#
# Database constants and the like.
#
include("dbdefs.php3");

79 80 81 82 83 84 85 86
#
# Control how error messages are returned to the user. If the session is
# not actually "interactive" then do not send any output to the browser.
# Just save it up and let the page deal with it. 
#
$session_interactive  = 1;
$session_errorhandler = 0;

87 88 89 90 91 92 93 94 95
#
# Wrap up the mail function so we can prepend a tag to the subject
# line that indicates what testbed. Useful when multiple testbed
# email to the same list.
#
# 
function TBMAIL($to, $subject, $message, $headers = 0)
{
    global $THISHOMEBASE;
96
    global $SCRIPT_NAME;
97 98 99

    $subject = strtoupper($THISHOMEBASE) . ": $subject";

100 101 102 103 104 105 106 107 108
    $tag = "X-NetBed: " . basename($SCRIPT_NAME);
    
    if ($headers) {
	$headers = "$headers\n" . $tag;
    }
    else {
	$headers = $tag;
    }
    return mail($to, $subject, $message, $headers);
109 110
}

111 112 113 114 115
#
# Internal errors should be reported back to the user simply. The actual 
# error information should be emailed to the list for action. The script
# should then terminate if required to do so.
#
116
function TBERROR ($message, $death, $xmp = 0) {
117 118 119
    global $TBMAIL_WWW, $TBMAIL_OPS, $TBMAILADDR, $TBMAILADDR_OPS;
    global $session_interactive, $session_errorhandler;
    $script = urldecode($_SERVER['REQUEST_URI']);
120

121 122
    TBMAIL($TBMAIL_OPS,
         "WEB ERROR REPORT",
123
         "\n".
124
	 "In $script\n\n".
125 126 127
         "$message\n\n".
         "Thanks,\n".
         "Testbed WWW\n",
128
         "From: $TBMAIL_OPS\n".
129
         "Errors-To: $TBMAIL_WWW");
130

131
    if ($death) {
132 133 134 135 136 137 138
	if ($session_interactive)
	    PAGEERROR("Could not continue. Please contact $TBMAILADDR");
	elseif ($session_errorhandler) {
	    $session_errorhandler("Could not continue. ".
				  "Please contact $TBMAILADDR_OPS", $death);
	}
	exit(1);
139 140 141
    }
    return 0;
}
Leigh Stoller's avatar
Leigh Stoller committed
142 143 144 145 146

#
# General user errors should print something warm and fuzzy
#
function USERERROR($message, $death) {
147
    global $TBMAILADDR;
148 149 150 151 152 153 154 155 156 157 158 159
    global $session_interactive, $session_errorhandler;

    if (! $session_interactive) {
	if ($session_errorhandler)
	    $session_errorhandler($message, $death);
	else
	    echo "$message";

	if ($death)
	    exit(1);
	return;
    }
160

161
    $msg = "<font size=+1><br>
162
            $message
163
      	    </font>
164
            <br><br><br>
165 166 167
            <font size=-1>
            Please contact $TBMAILADDR if you feel this message is an error.
            </font>\n";
168

Leigh Stoller's avatar
Leigh Stoller committed
169
    if ($death) {
170
	PAGEERROR($msg);
Leigh Stoller's avatar
Leigh Stoller committed
171
    }
172 173
    else
        echo "$msg\n";
Leigh Stoller's avatar
Leigh Stoller committed
174 175
}

176 177 178 179 180 181 182 183
#
# A form error.
#
function FORMERROR($field) {
    USERERROR("Missing field; ".
              "Please go back and fill out the \"$field\" field!", 1);
}

184 185 186
#
# A page argument error. 
# 
187 188 189 190 191 192 193
function PAGEARGERROR($msg = 0) {
    $default = "Invalid page arguments: " . $_SERVER['REQUEST_URI'];

    if ($msg) {
	$default = "$default<br><br>$msg";
    }
    USERERROR($default, 1);
194 195
}

196
#
197
# SUEXEC stuff.
198
#
199 200 201 202
# Save this stuff so we can generate better error messages and such.
# 
$suexec_cmdandargs = "";
$suexec_retval     = 0;
203 204
$suexec_output     = "";
$suexec_output_array;
205

206 207 208 209 210 211 212
#
# Actions for suexec. 
#
define("SUEXEC_ACTION_CONTINUE",	0);
define("SUEXEC_ACTION_DIE",		1);
define("SUEXEC_ACTION_USERERROR",	2);
define("SUEXEC_ACTION_IGNORE",		3);
213
define("SUEXEC_ACTION_DUPDIE",		4);
214

215 216 217 218 219
#
# An suexec error.
#
function SUEXECERROR($action)
{
220 221
    global $suexec_cmdandargs, $suexec_retval;
    global $suexec_output, $suexec_output_array;
222

223 224
    $foo  = "Shell Program Error. Exit status: $suexec_retval\n";
    $foo .= "  '$suexec_cmdandargs'\n";
225 226 227
    $foo .= "\n";
    $foo .= $suexec_output;

228 229
    switch ($action) {
    case SUEXEC_ACTION_CONTINUE:
230
	TBERROR($foo, 0, 1);
231 232 233 234 235 236 237 238 239
        break;
    case SUEXEC_ACTION_DIE:
	TBERROR($foo, 1, 1);
        break;
    case SUEXEC_ACTION_USERERROR:
	USERERROR("<XMP>$foo</XMP>", 1);
        break;
    case SUEXEC_ACTION_IGNORE:
	break;
240 241 242 243
    case SUEXEC_ACTION_DUPDIE:
	TBERROR($foo, 0, 1);
	USERERROR("<XMP>$foo</XMP>", 1);
        break;
244 245 246 247 248 249 250 251 252 253
    default:
	TBERROR($foo, 1, 1);
    }
}

#
# Run a program as a user.
#
function SUEXEC($uid, $gid, $cmdandargs, $action) {
    global $TBSUEXEC_PATH;
254 255
    global $suexec_cmdandargs, $suexec_retval;
    global $suexec_output, $suexec_output_array;
256 257 258

    ignore_user_abort(1);

259 260 261 262
    $suexec_cmdandargs   = "$uid $gid $cmdandargs";
    $suexec_output_array = array();
    $suexec_output       = "";
    $suexec_retval       = 0;
263
    
264 265 266 267 268 269 270 271 272 273 274 275 276
    exec("$TBSUEXEC_PATH $suexec_cmdandargs",
	 $suexec_output_array, $suexec_retval);

    # Yikes! Something is not doing integer conversion properly!
    if ($suexec_retval == 255) {
	$suexec_retval = -1;
    }

    if (count($suexec_output_array)) {
	for ($i = 0; $i < count($suexec_output_array); $i++) {
	    $suexec_output .= "$suexec_output_array[$i]\n";
	}
    }
277 278 279 280 281 282 283 284

    #
    # The output is still available of course, via $suexec_output.
    # 
    if ($suexec_retval == 0 || $action == SUEXEC_ACTION_IGNORE) {
	return $suexec_retval;
    }
    SUEXECERROR($action);
285 286
    # Must return the shell value!
    return $suexec_retval;
287 288
}

289 290 291
function ADDPUBKEY($uid, $cmdandargs) {
    global $TBSUEXEC_PATH;

292 293 294 295 296 297 298 299 300 301
    #
    # Complication. User might not have an actual account if setting or
    # changing his own pubkeys. webonly, unapproved, and unverified users
    # can still muck with their personal info. So, just invoke as user
    # nobody. We will get audit email in case we need to track what has
    # happened. 
    #
    if (! HASREALACCOUNT($uid)) {
	$uid = "nobody";
    }
302
    return SUEXEC($uid, "nobody", $cmdandargs, 0);
303 304
}

305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320
#
# Verify a URL.
#
function CHECKURL($url, &$error) {
    global $HTTPTAG;

    if (strlen($url)) {
	if (strstr($url, " ")) {
	    $error = "URL is malformed; spaces are not allowed!";
	    return 0;
	}
	
	if (strcmp($HTTPTAG, substr($url, 0, strlen($HTTPTAG)))) {
	    $error = "URL is malformed; must begin with $HTTPTAG!";
	    return 0;
	}
321

322 323
	$fp = @fopen($url, "r");
	if (! $fp) {
324
	    # Check to see if it was a redirect, in which case its OK
325 326 327 328 329 330 331 332 333 334 335
	    for ($i = 0; $i < count($http_response_header); $i++) {
		if (!strcmp("Location:", substr($http_response_header[$i],0,9))) {
		    $is_redirect = 1;
		}
	    }
	    if (!$is_redirect) {
		$error = "URL is not valid; Cannot be accessed!";
		return 0;
	    }
	} else {
	    fclose($fp);
336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363
	}
    }
    return 1;
}

#
# Check a password.
#
function CHECKPASSWORD($uid, $password, $name, $email, &$error)
{
    global $TBCHKPASS_PATH;
    
    $mypipe =
	popen(escapeshellcmd("$TBCHKPASS_PATH $password $uid '$name:$email'"),
	      "w+");
    
    if ($mypipe) { 
        $retval=fgets($mypipe, 1024);
        if (strcmp($retval,"ok\n") != 0) {
	    $error = "$retval";
	    return 0;
	}
	return 1;
    }
    TBERROR("Checkpass Failure! Returned '$mypipe'.\n\n".
	    "$TBCHKPASS_PATH $password $uid '$name:$email'", 1);
}

364 365 366 367
function LASTNODELOGIN($node)
{
}

368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383
#
# A function to print the contents of an array (recursively).
# Mostly useful for debugging.
#
function ARRAY_PRINT($arr) {
  if (!is_array($arr)) { echo "non-array '$arr'\n"; }
  foreach ($arr as $i => $val) {
    echo("'$i' - '$val'\n");
    if (is_array($val)) {
      echo "Sub-array $i:\n";
      array_print($val);
      echo "End Sub-array $i.\n";
    }
  }
}

384 385 386 387
#
# Beware empty spaces (cookies)!
# 
require("tbauth.php3");
388 389 390 391 392

#
# Okay, this is what checks the login and spits out the menu.
#
require("menu.php3");
393
?>