server-ajax.php 21.3 KB
Newer Older
1 2
<?php
#
3
# Copyright (c) 2000-2018 University of Utah and the Flux Group.
4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27
# 
# {{{EMULAB-LICENSE
# 
# This file is part of the Emulab network testbed software.
# 
# This file is free software: you can redistribute it and/or modify it
# under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or (at
# your option) any later version.
# 
# This file is distributed in the hope that it will be useful, but WITHOUT
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Affero General Public
# License for more details.
# 
# You should have received a copy of the GNU Affero General Public License
# along with this file.  If not, see <http://www.gnu.org/licenses/>.
# 
# }}}
#
chdir("..");
include("defs.php3");
chdir("apt");
include("quickvm_sup.php");
28 29
# Must be after quickvm_sup.php since it changes the auth domain.
include_once("../session.php");
30

31 32 33 34 35 36 37 38 39 40 41 42 43
#
# We need all errors to come back to us so that we can report the error
# to the user.
# 
function handle_error($message, $death)
{
    SPITAJAX_ERROR(-1, $message);
    # Always exit; ignore $death.
    exit(1);
}
$session_errorhandler = 'handle_error';
$session_interactive  = 0;

44 45 46
#
# Poor man routing description.
#
Leigh B Stoller's avatar
Leigh B Stoller committed
47
$routing = array("geni-login" =>
48 49
			array("file"    => "geni-login.ajax",
			      "guest"   => true,
50 51 52
			      "methods" => array("GetSignerInfo" =>
						      "Do_GetSignerInfo",
						 "CreateSecret" =>
53 54 55
						      "Do_CreateSecret",
						 "VerifySpeaksfor" =>
						      "Do_VerifySpeaksfor")),
56 57
		 "dashboard" =>
			array("file"    => "dashboard.ajax",
58
			      "guest"   => false,
59 60
			      "methods" => array("GetStats" =>
						      "Do_GetStats")),
61 62 63 64 65
		 "rspec2genilib" =>
			array("file"    => "rspec2genilib.ajax",
			      "guest"   => false,
			      "methods" => array("Convert" =>
						      "Do_Convert")),
66 67 68 69
		 "cluster-status" =>
			array("file"    => "cluster-status.ajax",
			      "guest"   => false,
			      "methods" => array("GetStatus" =>
70 71 72
                                                    "Do_GetStatus",
                                                 "GetPreReservations" =>
						      "Do_GetPreReservations")),
73 74 75 76 77
		 "sumstats" =>
			array("file"    => "sumstats.ajax",
			      "guest"   => false,
			      "methods" => array("GetDurationInfo" =>
						      "Do_GetDurationInfo")),
78 79
		 "instantiate" =>
			array("file"    => "instantiate.ajax",
80
			      "guest"   => false,
81
			      "methods" => array("GetProfile" =>
82
						     "Do_GetProfile",
83 84
						 "CheckForm" =>
						     "Do_CheckForm",
85 86
						 "RunScript" =>
						     "Do_RunScript",
87 88 89 90
						 "VerifyEmail" =>
						     "Do_VerifyEmail",
						 "Submit" =>
						     "Do_Submit",
91 92 93
						 "Instantiate" =>
						     "Do_Instantiate",
						 "GetParameters" =>
94
                                                     "Do_GetParameters",
95 96
						     "GetImageList" =>
						     "Do_GetImageList",
97
						 "GetImageInfo" =>
98 99 100 101 102
						     "Do_GetImageInfo",
						 "MarkFavorite" =>
						     "Do_MarkFavorite",
						 "ClearFavorite" =>
						     "Do_ClearFavorite")),
103 104
		 "manage_profile" =>
			array("file"    => "manage_profile.ajax",
105
			      "guest"   => false,
Leigh B Stoller's avatar
Leigh B Stoller committed
106 107 108
			      "methods" => array("Create" =>
						     "Do_Create",
                                                 "CloneStatus" =>
109
						     "Do_CloneStatus",
110 111 112 113
						 "DeleteProfile" =>
						     "Do_DeleteProfile",
						 "PublishProfile" =>
						     "Do_PublishProfile",
114
						 "CheckScript" =>
115 116
						     "Do_CheckScript",
						 "BindParameters" =>
117 118
						     "Do_BindParameters",
						 "ConvertClassic" =>
119
                                                     "Do_ConvertClassic",
Leigh B Stoller's avatar
Leigh B Stoller committed
120 121
						 "ConvertRspec" =>
                                                     "Do_ConvertRspec",
122 123
						 "RTECheck" =>
                                                     "Do_RTECheck",
124 125 126 127 128 129 130 131 132 133
						 "UpdateRepository" =>
                                                     "Do_UpdateRepository",
						 "GetRepository" =>
                                                     "Do_GetRepository",
						 "GetRepoSource" =>
                                                     "Do_GetRepoSource",
						 "GetBranchList" =>
                                                     "Do_GetBranchList",
						 "GetCommitInfo" =>
                                                     "Do_GetCommitInfo",
134 135
						 "GetRepoHash" =>
                                                     "Do_GetRepoHash",
136
						 "GetCommitList" =>
Leigh B Stoller's avatar
Leigh B Stoller committed
137 138 139 140 141
                                                     "Do_GetCommitList",
						 "SearchProfiles" =>
                                                     "Do_SearchProfiles",
						 "GetProfile" =>
                                                     "Do_GetProfile")),
142 143
		 "status" =>
			array("file"    => "status.ajax",
144
			      "guest"   => false,
145 146
			      "methods" => array("GetInstanceStatus" =>
						   "Do_GetInstanceStatus",
147 148
						 "ExpInfo" =>
						    "Do_ExpInfo",
149 150
						 "IdleData" =>
						    "Do_IdleData",
151 152
						 "Utilization" =>
						    "Do_Utilization",
153 154 155 156 157 158
						 "TerminateInstance" =>
						    "Do_TerminateInstance",
						 "GetInstanceManifest" =>
						    "Do_GetInstanceManifest",
						 "GetSSHAuthObject" =>
						    "Do_GetSSHAuthObject",
159 160
						 "ConsoleURL" =>
						     "Do_ConsoleURL",
Leigh B Stoller's avatar
Leigh B Stoller committed
161 162
						 "DeleteNodes" =>
						     "Do_DeleteNodes",
163
						 "RequestExtension" =>
164
						     "Do_RequestExtension",
165 166
						 "DenyExtension" =>
						     "Do_DenyExtension",
167 168
						 "MoreInfo" =>
						     "Do_MoreInfo",
169 170
						 "SchedTerminate" =>
						     "Do_SchedTerminate",
171 172 173
						 "SnapShot" =>
						     "Do_Snapshot",
						 "SnapshotStatus" =>
174 175 176
                                                     "Do_SnapshotStatus",
						 "Reboot" =>
                                                     "Do_Reboot",
177 178
						 "Reload" =>
                                                     "Do_Reload",
179
						 "Refresh" =>
180
						     "Do_Refresh",
Leigh B Stoller's avatar
Leigh B Stoller committed
181 182
						 "ReloadTopology" =>
						     "Do_ReloadTopology",
183 184
						 "DecryptBlocks" =>
						     "Do_DecryptBlocks",
185
						 "Lockout" =>
186
                                                     "Do_Lockout",
Leigh B Stoller's avatar
Leigh B Stoller committed
187 188
						 "Lockdown" =>
                                                     "Do_Lockdown",
189
						 "Quarantine" =>
190
						     "Do_Quarantine",
191 192
						 "SaveAdminNotes" =>
						     "Do_SaveAdminNotes",
193
						 "LinktestControl" =>
194
						     "Do_Linktest",
195 196
						 "OpenstackStats" =>
						     "Do_OpenstackStats",
197 198
						 "MaxExtension" =>
						     "Do_MaxExtension",
199 200
						 "IgnoreFailure" =>
						     "Do_IgnoreFailure",
201
						 "dismissExtensionDenied" =>
202
                                                 "Do_DismissExtensionDenied")),
203 204 205 206 207 208 209
		 "approveuser" =>
			array("file"    => "approveuser.ajax",
			      "guest"   => false,
			      "methods" => array("approve" =>
						     "Do_Approve",
						 "deny" =>
						      "Do_Deny")),
210 211 212 213 214
		 "dataset" =>
			array("file"    => "dataset.ajax",
			      "guest"   => false,
			      "methods" => array("create" =>
						      "Do_CreateDataset",
Leigh B Stoller's avatar
Leigh B Stoller committed
215 216
						 "modify" =>
						      "Do_ModifyDataset",
217 218
						 "delete" =>
						      "Do_DeleteDataset",
Leigh B Stoller's avatar
Leigh B Stoller committed
219 220
						 "refresh" =>
						      "Do_RefreshDataset",
221
						 "approve" =>
222 223
						     "Do_ApproveDataset",
						 "extend" =>
224 225 226
                                                      "Do_ExtendDataset",
						 "getinfo" =>
						      "Do_GetInfo")),
227 228 229 230 231 232 233
		 "ssh-keys" =>
			array("file"    => "ssh-keys.ajax",
			      "guest"   => false,
			      "methods" => array("addkey" =>
						      "Do_AddKey",
						 "deletekey" =>
                                                      "Do_DeleteKey")),
234 235 236
		 "myaccount" =>
			array("file"    => "myaccount.ajax",
			      "guest"   => false,
237
                              "unapproved" => true,
238
			      "methods" => array("update" =>
239 240 241 242 243 244 245 246
                                                     "Do_Update")),
		 "changepswd" =>
			array("file"    => "changepswd.ajax",
			      "guest"   => false,
                              "unapproved" => true,
                              "notloggedinokay" => true,
			      "methods" => array("changepswd" =>
                                                     "Do_ChangePassword")),
247 248 249 250 251 252 253
		 "lists" =>
			array("file"    => "lists.ajax",
			      "guest"   => false,
			      "methods" => array("SearchUsers" =>
                                                     "Do_SearchUsers",
                                                 "SearchProjects" =>
                                                     "Do_SearchProjects")),
254 255 256 257 258
		 "user-dashboard" =>
			array("file"    => "user-dashboard.ajax",
			      "guest"   => false,
			      "methods" => array("ExperimentList" =>
						      "Do_ExperimentList",
259 260 261 262
                                                 "ClassicExperimentList" =>
						      "Do_ClassicExperimentList",
                                                 "ClassicProfileList" =>
						      "Do_ClassicProfileList",
263 264 265 266
                                                 "DatasetList" =>
						      "Do_DatasetList",
                                                 "ClassicDatasetList" =>
						      "Do_ClassicDatasetList",
267 268
                                                 "ProjectList" =>
                                                      "Do_ProjectList",
269 270
                                                 "UsageSummary" =>
                                                      "Do_UsageSummary",
271 272
                                                 "ProfileList" =>
                                                      "Do_ProfileList",
273 274
                                                 "ProjectProfileList" =>
                                                      "Do_ProjectProfileList",
275 276
                                                 "Toggle" =>
                                                     "Do_Toggle",
277 278
                                                 "FreezeOrThaw" =>
                                                     "Do_FreezeOrThaw",
Leigh B Stoller's avatar
Leigh B Stoller committed
279 280
                                                 "SendTestMessage" =>
                                                     "Do_SendTestMessage",
281 282
                                                 "NagPI" =>
                                                     "Do_NagPI",
283
                                                 "AccountDetails" =>
Leigh B Stoller's avatar
Leigh B Stoller committed
284 285 286
                                                     "Do_AccountDetails",
                                                 "AcceptAUP" =>
                                                     "Do_AcceptAUP")),
287 288 289 290 291 292
		 "nag" =>
			array("file"    => "user-dashboard.ajax",
                              "unapproved" => true,
			      "guest"   => false,
			      "methods" => array("NagPI" =>
                                                     "Do_NagPI",)),
293 294 295 296 297
		 "show-project" =>
			array("file"    => "show-project.ajax",
			      "guest"   => false,
			      "methods" => array("ExperimentList" =>
						      "Do_ExperimentList",
298 299 300 301
                                                 "ClassicExperimentList" =>
						      "Do_ClassicExperimentList",
                                                 "ClassicProfileList" =>
						      "Do_ClassicProfileList",
302 303 304 305
                                                 "DatasetList" =>
						      "Do_DatasetList",
                                                 "ClassicDatasetList" =>
						      "Do_ClassicDatasetList",
306 307 308 309
                                                 "ProfileList" =>
                                                      "Do_ProfileList",
                                                 "MemberList" =>
                                                      "Do_MemberList",
310 311
                                                 "GroupList" =>
                                                      "Do_GroupList",
312 313
                                                 "UsageSummary" =>
                                                      "Do_UsageSummary",
314 315
                                                 "ProjectProfile" =>
                                                      "Do_ProjectProfile")),
316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334
		 "groups" =>
			array("file"    => "groups.ajax",
			      "guest"   => false,
			      "methods" => array("ExperimentList" =>
						      "Do_ExperimentList",
                                                 "ClassicExperimentList" =>
						     "Do_ClassicExperimentList",
                                                 "MemberList" =>
                                                      "Do_MemberList",
                                                 "EditMembership" =>
                                                      "Do_EditMembership",
                                                 "EditPrivs" =>
                                                      "Do_EditPrivs",
                                                 "Create" =>
                                                      "Do_CreateGroup",
                                                 "Delete" =>
                                                      "Do_DeleteGroup",
                                                 "GroupProfile" =>
                                                      "Do_GroupProfile")),
335 336 337 338 339
		 "ranking" =>
			array("file"    => "ranking.ajax",
			      "guest"   => false,
			      "methods" => array("RankList" =>
                                                     "Do_RankList")),
340 341 342 343 344 345
                 "announcement" =>
                        array("file"    => "announcement.ajax",
                              "guest"   => false,
                              "methods" => array("Dismiss" =>
                                                     "Do_Dismiss",
                                                 "Click" =>
Leigh B Stoller's avatar
Leigh B Stoller committed
346 347 348
                                                     "Do_Click",
                                                 "Announcements" =>
                                                     "Do_Announcements")),
349 350 351 352 353 354 355 356 357 358 359
		 "reserve" =>
			array("file"    => "reserve.ajax",
			      "guest"   => false,
			      "methods" => array("Reserve" =>
                                                     "Do_Reserve",
                                                 "Validate" =>
                                                     "Do_Validate",
                                                 "ListReservations" =>
                                                     "Do_ListReservations",
                                                 "GetReservation" =>
                                                     "Do_GetReservation",
360 361
                                                 "Approve" =>
                                                     "Do_Approve",
362 363
                                                 "WarnUser" =>
                                                     "Do_WarnUser",
364 365
                                                 "Delete" =>
                                                     "Do_Delete",
366 367
                                                 "Cancel" =>
                                                     "Do_Cancel",
368 369
                                                 "RequestInfo" =>
                                                     "Do_RequestInfo",
370
                                                 "ReservationInfo" =>
371 372 373
                                                     "Do_ReservationInfo",
                                                 "ReservationHistory" =>
                                                     "Do_ReservationHistory")),
374 375 376 377 378 379
		 "images" =>
			array("file"    => "images.ajax",
			      "guest"   => false,
			      "methods" => array("ListImages" =>
                                                     "Do_ListImages",
                                                 "DeleteImage" =>
380 381 382
                                                     "Do_DeleteImage",
                                                 "ClassicImages" =>
                                                     "Do_ClassicImageList")),
383 384
		 "news" =>
			array("file"    => "news.ajax",
385
			      "guest"   => false,
386 387 388 389 390 391 392 393
			      "methods" => array("create" =>
						      "Do_CreateNews",
						 "modify" =>
						      "Do_ModifyNews",
						 "delete" =>
						      "Do_DeleteNews",
						 "getnews" =>
						      "Do_GetNews")),
394 395 396 397
		 "experiments" =>
			array("file"    => "experiments.ajax",
			      "guest"   => false,
			      "methods" => array("ExperimentList" =>
398 399 400
                                                     "Do_ExperimentList",
                                                 "ExperimentErrors" =>
                                                     "Do_ExperimentErrors")),
401 402 403 404 405 406 407 408 409 410 411 412 413
		 "approve-projects" =>
			array("file"    => "approve-projects.ajax",
			      "guest"   => false,
			      "methods" => array("ProjectList" =>
                                                     "Do_ProjectList",
                                                 "SaveDescription" =>
                                                     "Do_SaveDescription",
                                                 "MoreInfo" =>
                                                     "Do_MoreInfo",
                                                 "Deny" =>
                                                     "Do_Deny",
                                                 "Approve" =>
                                                     "Do_Approve")),
414 415 416 417
		 "frontpage" =>
			array("file"    => "frontpage.ajax",
			      "guest"   => true,
			      "methods" => array("GetHealthStatus" =>
418 419 420
						    "Do_GetHealthStatus",
						 "GetWirelessStatus" =>
						    "Do_GetWirelessStatus")),
421 422 423 424 425
		 "memlane" =>
			array("file"    => "memlane.ajax",
			      "guest"   => false,
			      "methods" => array("HistoryRecord" =>
						    "Do_HistoryRecord")),
426
);
427

428 429 430 431 432 433 434 435 436 437 438 439
#
# Redefine this so we return XML instead of html for all errors.
#
$PAGEERROR_HANDLER = function($msg, $status_code = 0) {
    if ($status_code == 0) {
	$status_code = 1;
    }
    SPITAJAX_ERROR(1, $msg);
    return;
};

#
440
# Included file determines if guest user okay.
441 442
#
$this_user = CheckLogin($check_status);
443 444 445 446 447 448

#
# Check user login, called by included code. Basically just a
# way to let guest users pass through when allowed, without
# duplicating the code in each file.
#
449
function CheckLoginForAjax($route)
450 451
{
    global $this_user, $check_status;
452
    global $ISAPT;
453 454
    $guestokay = false;
    $unapprovedokay = false;
455
    $notloggedinokay = false;
456 457 458 459 460 461 462
    
    if (array_key_exists("guest", $route)) {
        $guestokay = $route["guest"];
    }
    if (array_key_exists("unapproved", $route)) {
        $unapprovedokay = $route["unapproved"];
    }
463 464 465
    if (array_key_exists("notloggedinokay", $route)) {
        $notloggedinokay = $route["notloggedinokay"];
    }
466 467
    # Known user, but timed out.
    if ($check_status & CHECKLOGIN_TIMEDOUT) {
468 469
	SPITAJAX_ERROR(222, "Your login has timed out");
	exit(1);
470 471 472 473
    }
    # Logged in user always okay.
    if (isset($this_user)) {
	if ($check_status & CHECKLOGIN_MAYBEVALID) {
474 475 476
	    SPITAJAX_ERROR(222, "Your login cannot be verified. ".
                           "Cookie problem?");
	    exit(1);
477
	}
478 479
        # Known user, but not frozen.
        if ($check_status & CHECKLOGIN_FROZEN) {
480 481
            SPITAJAX_ERROR(222, "Your account has been frozen");
            exit(1);
482 483 484 485
        }
        if (! $unapprovedokay) {
            # Known user, but not approved.
            if ($check_status & CHECKLOGIN_UNAPPROVED) {
486 487
	        SPITAJAX_ERROR(222, "Your account has not been approved yet");
                exit(1);
488 489 490
            }
            # Known user, but not active.
            if (! ($check_status & CHECKLOGIN_ACTIVE)) {
491 492
                SPITAJAX_ERROR(222, "Your account is no longer active");
                exit(1);
493
            }
494 495 496 497 498 499 500
            # Known user, but inactive.
            if ($check_status & CHECKLOGIN_INACTIVE) {
                SPITAJAX_ERROR(222, "Your account has gone inactive cause ".
                               "your last login was so long ago: " .
                               $this_user->weblogin_last());
                exit(1);
            }
501
        }
502 503 504 505
        # Kludge, still thinking about it. If a geni user has no project
        # permissions at their SA, then we mark the acount as WEBONLY, and
        # deny access to anything that is not marked as guest okay. 
	if ($check_status & CHECKLOGIN_WEBONLY && !$guestokay) {
506 507
	    SPITAJAX_ERROR(222, "Your account is not allowed to do this");
	    exit(1);
508
        }
509 510
	return;
    }
511
    if (!($guestokay || $notloggedinokay)) {
512 513
	SPITAJAX_ERROR(222, "You are not logged in");	
	exit(1);
514
    }
515 516
}

517 518 519 520 521 522 523 524 525 526 527 528 529 530 531 532 533 534 535 536 537 538 539 540 541 542
#
# So we can capture stderr. Sheesh.
# 
function myexec($cmd)
{
    ignore_user_abort(1);

    $myexec_output_array = array();
    $myexec_output       = "";
    $myexec_retval       = 0;
    
    exec("$cmd 2>&1", $myexec_output_array, $myexec_retval);
    if ($myexec_retval) {
	for ($i = 0; $i < count($myexec_output_array); $i++) {
	    $myexec_output .= "$myexec_output_array[$i]\n";
	}
	$foo  = "Shell Program Error. Exit status: $myexec_retval\n";
	$foo .= "  '$cmd'\n";
	$foo .= "\n";
	$foo .= $myexec_output;
	TBERROR($foo, 0);
	return 1;
    }
    return 0;
}

543 544 545
#
# Verify page arguments.
#
546
$optargs = RequiredPageArguments("ajax_route",    PAGEARG_STRING,
547 548 549 550
				 "ajax_method",   PAGEARG_STRING,
				 "ajax_args",     PAGEARG_ARRAY);

#
551
# Verify page and method.
552
#
553 554 555
if (! array_key_exists($ajax_route, $routing)) {
    SPITAJAX_ERROR(1, "Invalid route: $ajax_route");
    exit(1);
556
}
557 558 559
if (! array_key_exists($ajax_method, $routing[$ajax_route]["methods"])) {
    SPITAJAX_ERROR(1, "Invalid method: $ajax_route,$ajax_method");
    exit(1);
560
}
561
CheckLoginForAjax($routing[$ajax_route]);
562 563 564
include($routing[$ajax_route]["file"]);
call_user_func($routing[$ajax_route]["methods"][$ajax_method]);

565
?>