defs.php3.in 21.1 KB
Newer Older
1 2
<?php
#
Leigh B Stoller's avatar
Leigh B Stoller committed
3
# Copyright (c) 2000-2014 University of Utah and the Flux Group.
4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22
# 
# {{{EMULAB-LICENSE
# 
# This file is part of the Emulab network testbed software.
# 
# This file is free software: you can redistribute it and/or modify it
# under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or (at
# your option) any later version.
# 
# This file is distributed in the hope that it will be useful, but WITHOUT
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Affero General Public
# License for more details.
# 
# You should have received a copy of the GNU Affero General Public License
# along with this file.  If not, see <http://www.gnu.org/licenses/>.
# 
# }}}
23
#
24 25 26

#
# Standard definitions.
27
#
28
$TBDIR          = "@prefix@/";
29
$OURDOMAIN      = "@OURDOMAIN@";
30
$BOSSNODE       = "@BOSSNODE@";
31
$USERNODE       = "@USERNODE@";
Leigh B. Stoller's avatar
Leigh B. Stoller committed
32
$CVSNODE	= "cvs.${OURDOMAIN}";
33
$WIKINODE	= $USERNODE;
34
$TBADMINGROUP   = "@TBADMINGROUP@";
35 36 37 38 39 40 41
$WWWHOST	= "@WWWHOST@";
$WWW		= "@WWW@";
$TBAUTHDOMAIN	= "@TBAUTHDOMAIN@";
$TBBASE		= "@TBBASE@";
$TBDOCBASE	= "@TBDOCBASE@";
$TBWWW		= "@TBWWW@";
$THISHOMEBASE	= "@THISHOMEBASE@";
42
$ELABINELAB     = @ELABINELAB@;
43
$PLABSUPPORT    = @PLABSUPPORT@;
44
$PUBSUPPORT     = @PUBSUPPORT@;
45
$WIKISUPPORT    = @WIKISUPPORT@;
46
$TRACSUPPORT    = @TRACSUPPORT@;
47
$BUGDBSUPPORT   = @BUGDBSUPPORT@;
48
$CVSSUPPORT     = @CVSSUPPORT@;
49
$MAILMANSUPPORT = @MAILMANSUPPORT@;
50
$CHATSUPPORT    = @CHATSUPPORT@;
51
$PROTOGENI      = @PROTOGENI_SUPPORT@;
Leigh B Stoller's avatar
Leigh B Stoller committed
52
$GENIRACK       = @PROTOGENI_GENIRACK@;
53
$ISCLRHOUSE     = @PROTOGENI_ISCLEARINGHOUSE@;
54
$EXP_VIS        = @EXP_VIS_SUPPORT@;
55
$ISOLATEADMINS  = @ISOLATEADMINS@;
56
$CONTROL_NETWORK= "@CONTROL_NETWORK@";
57
$CONTROL_NETMASK= "@CONTROL_NETMASK@";
Leigh B. Stoller's avatar
Leigh B. Stoller committed
58 59
$WIKIHOME       = "https://${USERNODE}/twiki";
$WIKIURL        = "${WIKIHOME}/bin/newlogon";
60
$WIKICOOKIENAME = "WikiCookie";
61 62
$BUGDBURL       = "https://${USERNODE}/flyspray";
$BUGDBCOOKIENAME= "FlysprayCookie";
63
$TRACCOOKIENAME = "TracCookie";
64
$MAILMANURL     = "http://${USERNODE}/mailman";
65
$OPSCVSURL      = "http://${USERNODE}/cvsweb/cvsweb.cgi";
66
$OPSJETIURL     = "http://${USERNODE}/jabber/jeti.php";
67
$WIKIDOCURL     = "http://${WIKINODE}/wikidocs/wiki";
68
$FORUMURL       = "http://groups.google.com/group/emulab-users";
69 70
$MIN_UNIX_UID   = @MIN_UNIX_UID@;
$MIN_UNIX_GID   = @MIN_UNIX_GID@;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
71
$EXPOSELINKTEST = 1;
72
$EXPOSESTATESAVE= 0;
73
$EXPOSEARCHIVE  = 0;
74
$EXPOSETEMPLATES= 0;
75
$USERSELECTUIDS = 1;
76
$REMOTEWIKIDOCS = @REMOTEWIKIDOCS@;
Kirk Webb's avatar
Kirk Webb committed
77
$FLAVOR         = "Emulab";
78
$GMAP_API_KEY   = "@GMAP_API_KEY@";
79
$NONAMEDSETUP	= @DISABLE_NAMED_SETUP@;
80
$OPS_VM		= @OPSVM_ENABLE@;
81 82
$PORTAL_ENABLE  = @PORTAL_ENABLE@;
$PORTAL_ISPRIMARY = @PORTAL_ISPRIMARY@;
83
$SPEWFROMOPS    = @SPEWFROMOPS@;
84
$BROWSER_CONSOLE_ENABLE = @BROWSER_CONSOLE_ENABLE@;
85

86 87 88 89 90 91
$TBMAILADDR_OPS		= "@TBOPSEMAIL_NOSLASH@";
$TBMAILADDR_WWW		= "@TBWWWEMAIL_NOSLASH@";
$TBMAILADDR_APPROVAL	= "@TBAPPROVALEMAIL_NOSLASH@";
$TBMAILADDR_LOGS	= "@TBLOGSEMAIL_NOSLASH@";
$TBMAILADDR_AUDIT	= "@TBAUDITEMAIL_NOSLASH@";

92 93 94 95 96
# Can override this in the defs file. 
$TBAUTHTIMEOUT  = "@TBAUTHTIMEOUT@";
$TBMAINSITE     = "@TBMAINSITE@";
$TBSECURECOOKIES= "@TBSECURECOOKIES@";
$TBCOOKIESUFFIX = "@TBCOOKIESUFFIX@";
97
$FANCYBANNER    = "@FANCYBANNER@";
98

Leigh B. Stoller's avatar
Leigh B. Stoller committed
99 100
$TBWWW_DIR	= "$TBDIR"."www/";
$TBBIN_DIR	= "$TBDIR"."bin/";
101
$TBETC_DIR	= "$TBDIR"."etc/";
102 103 104
$TBLIBEXEC_DIR	= "$TBDIR"."libexec/";
$TBSUEXEC_PATH  = "$TBLIBEXEC_DIR/suexec";
$TBCHKPASS_PATH = "$TBLIBEXEC_DIR/checkpass";
105
$TBCSLOGINS     = "$TBETC_DIR/cslogins";
Mike Hibler's avatar
Mike Hibler committed
106
$UUIDGEN_PATH   = "@UUIDGEN@";
107

108 109
#
# Hardcoded check against $WWWHOST, to prevent anyone from accidentally setting
110
# $TBMAINSITE when it should not be
111 112 113 114 115
#
if ($WWWHOST != "www.emulab.net") {
    $TBMAINSITE = 0;
}

116 117 118 119 120 121 122 123 124 125 126 127 128 129
#
# The wiki docs either come from the local node, or in most cases
# they are redirected back to Utah's emulab.
#
if ($TBMAINSITE) {
    $WIKIDOCURL  = "https://${WIKINODE}/wikidocs/wiki";
}
elseif ($REMOTEWIKIDOCS) {
    $WIKIDOCURL  = "https://wiki.emulab.net/wikidocs/wiki";
}
else {
    $WIKIDOCURL  = "/wikidocs/wiki";
}

130 131 132 133
$TBPROJ_DIR     = "@PROJROOT_DIR@";
$TBUSER_DIR	= "@USERSROOT_DIR@";
$TBGROUP_DIR	= "@GROUPSROOT_DIR@";
$TBSCRATCH_DIR	= "@SCRATCHROOT_DIR@";
134
$TBCVSREPO_DIR  = "$TBPROJ_DIR/cvsrepos";
Leigh B. Stoller's avatar
Leigh B. Stoller committed
135
$TBNSSUBDIR     = "nsdir";
Leigh B. Stoller's avatar
Leigh B. Stoller committed
136

137 138 139 140 141 142 143
$TBVALIDDIRS	  = "$TBPROJ_DIR, $TBUSER_DIR, $TBGROUP_DIR";
$TBVALIDDIRS_HTML = "<code>$TBPROJ_DIR</code>, <code>$TBUSER_DIR</code>, <code>$TBGROUP_DIR</code>";
if ($TBSCRATCH_DIR) {
    $TBVALIDDIRS .= ", $TBSCRATCH_DIR";
    $TBVALIDDIRS_HTML .= ", <code>$TBSCRATCH_DIR</code>";
}

144 145
$TBAUTHCOOKIE   = "NewHashCookie" . $TBCOOKIESUFFIX;
$TBNAMECOOKIE   = "NewMyUidCookie" . $TBCOOKIESUFFIX;
146
$TBEMAILCOOKIE  = "MyEmailCookie" . $TBCOOKIESUFFIX;
147
$TBLOGINCOOKIE  = "NewLoginCookie" . $TBCOOKIESUFFIX;
148

149
$HTTPTAG        = "http://";
150
$HTTPSTAG       = "https://";
151

152 153 154 155 156
$TBMAIL_OPS		= "Testbed Ops <$TBMAILADDR_OPS>";
$TBMAIL_WWW		= "Testbed WWW <$TBMAILADDR_WWW>";
$TBMAIL_APPROVAL	= "Testbed Approval <$TBMAILADDR_APPROVAL>";
$TBMAIL_LOGS		= "Testbed Logs <$TBMAILADDR_LOGS>";
$TBMAIL_AUDIT		= "Testbed Audit <$TBMAILADDR_AUDIT>";
157
$TBMAIL_NOREPLY		= "no-reply@$OURDOMAIN";
158

159
#
160 161 162
# This just spits out an email address in a page, so it does not need
# to be configured per development tree. It could be though ...
# 
163 164
$TBMAILADDR     = "<a href=\"mailto:$TBMAILADDR_OPS\">
                      Testbed Operations ($TBMAILADDR_OPS)</a>";
165

166 167 168
# So subscripts always know ...
putenv("HTTP_SCRIPT=1");

169 170 171 172 173 174
#
# Special headers alterting browsers to the fact that there's an RSS feed
# available for the page. Intended to be passed as an $extra_headers argument
# to PAGEHEADER
#
$RSS_HEADER_NEWS = "<link rel=\"alternate\" type=\"application/rss+xml\" " .
175
           "title=\"Emulab News\" href=\"$TBDOCBASE/news-rss.php3?protogeni=0\" />";
176

177 178 179
$RSS_HEADER_PGENINEWS =
   "<link rel=\"alternate\" type=\"application/rss+xml\" " .
   "title=\"ProtoGeni News\" href=\"$TBDOCBASE/news-rss.php3?protogeni=1\"/>";
180

Kirk Webb's avatar
Kirk Webb committed
181 182 183 184 185
$RSS_HEADER_PNNEWS =
   "<link rel=\"alternate\" type=\"application/rss+xml\" " .
   "title=\"PhantomNet News\" href=\"$TBDOCBASE/news-rss.php3?phantomnet=1\"/>";

#
186 187 188 189 190 191 192 193
# See if we should override any of the global web variables based on the
# virtual domain.  We include a site-dependent definitions file.
#
$ALTERNATE_DOMAINS = array();
$DOMVIEW           = NULL;
$altdomfile = strtolower("alternate_domains_${OURDOMAIN}.php");
if (file_exists($altdomfile)) {
    include($altdomfile);
Kirk Webb's avatar
Kirk Webb committed
194
}
195
SetDomainDefs();
Kirk Webb's avatar
Kirk Webb committed
196

197 198 199 200
#
# Database constants and the like.
#
include("dbdefs.php3");
201
include("url_defs.php");
202 203 204
include("user_defs.php");
include("group_defs.php");
include("project_defs.php");
205
include("experiment_defs.php");
206

207 208 209 210 211 212 213 214
#
# Control how error messages are returned to the user. If the session is
# not actually "interactive" then do not send any output to the browser.
# Just save it up and let the page deal with it. 
#
$session_interactive  = 1;
$session_errorhandler = 0;

215 216 217 218 219 220 221 222 223 224 225 226
#
# Wrap up the mail function so we can prepend a tag to the subject
# line that indicates what testbed. Useful when multiple testbed
# email to the same list.
#
# 
function TBMAIL($to, $subject, $message, $headers = 0)
{
    global $THISHOMEBASE;

    $subject = strtoupper($THISHOMEBASE) . ": $subject";

227
    $tag = "X-NetBed: " . basename($_SERVER["SCRIPT_NAME"]);
228 229 230 231 232 233 234 235
    
    if ($headers) {
	$headers = "$headers\n" . $tag;
    }
    else {
	$headers = $tag;
    }
    return mail($to, $subject, $message, $headers);
236 237
}

238 239 240 241 242 243 244 245
#
#
# Identical to perl function of the same name
#
#
function SendProjAdminMail($proj, $from, $to, $subject, $message, $headers = "")
{
    global $MAILMANSUPPORT, $TBMAIL_APPROVAL, $TBMAIL_AUDIT, $OURDOMAIN, $TBMAIL_WWW;
246 247
    $projadminmail = 0 && $MAILMANSUPPORT ?
	"$proj-admin@$OURDOMAIN" : $TBMAIL_APPROVAL;
248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273
    if ($headers) {
        $headers .= "\n";
    }
    if ($from == 'ADMIN') {
	$from = $projadminmail;
	$headers .= "Bcc: $projadminmail\n";
    } elseif ($to == 'ADMIN') {
	$to = $projadminmail;
	$headers .= "Reply-To: $projadminmail\n";
    } else {
	$headers .= "Bcc: $projadminmail\n";
    }
    $headers .= "From: $from\n";
    if ($from == 'AUDIT') {
	$from = $TBMAIL_AUDIT;
	$headers .= "Bcc: $TBMAIL_AUDIT\n";
    } elseif ($to == "AUDIT") {
	$to = $TBMAIL_AUDIT;
    } else {
	$headers .= "Bcc: $TBMAIL_AUDIT\n";
    }
    $headers .= "Errors-To: $TBMAIL_WWW\n"; # FIXME: Why?
    $headers = substr($headers, 0, -1);
    TBMAIL($to, $subject, $message, $headers);
}

274 275 276 277 278
#
# Internal errors should be reported back to the user simply. The actual 
# error information should be emailed to the list for action. The script
# should then terminate if required to do so.
#
279
function TBERROR ($message, $death, $xmp = 0) {
280 281 282
    global $TBMAIL_WWW, $TBMAIL_OPS, $TBMAILADDR, $TBMAILADDR_OPS;
    global $session_interactive, $session_errorhandler;
    $script = urldecode($_SERVER['REQUEST_URI']);
283

284 285
    CLEARBUSY();

286 287
    TBMAIL($TBMAIL_OPS,
         "WEB ERROR REPORT",
288
         "\n".
289
	 "In $script\n\n".
290 291 292
         "$message\n\n".
         "Thanks,\n".
         "Testbed WWW\n",
293
         "From: $TBMAIL_OPS\n".
294
         "Errors-To: $TBMAIL_WWW");
295

296
    if ($death) {
297 298 299 300 301 302 303
	if ($session_interactive)
	    PAGEERROR("Could not continue. Please contact $TBMAILADDR");
	elseif ($session_errorhandler) {
	    $session_errorhandler("Could not continue. ".
				  "Please contact $TBMAILADDR_OPS", $death);
	}
	exit(1);
304 305 306
    }
    return 0;
}
Leigh B. Stoller's avatar
Leigh B. Stoller committed
307 308

#
309 310 311 312 313
# General user errors should print something warm and fuzzy.  If a
# header is not already printed and the dealth paramater is true, then
# assume the error is a precheck error and send an appropriate HTTP
# response to prevent robots from indexing the page.  This currently
# defaults to a "400 Bad Request", but that may change in the future.
Leigh B. Stoller's avatar
Leigh B. Stoller committed
314
#
315 316
function USERERROR($message, $death = 1, 
	           $status_code = HTTP_400_BAD_REQUEST) {
317
    global $TBMAILADDR;
318 319
    global $session_interactive, $session_errorhandler;

320 321
    CLEARBUSY();

322 323 324 325 326 327 328 329 330 331
    if (! $session_interactive) {
	if ($session_errorhandler)
	    $session_errorhandler($message, $death);
	else
	    echo "$message";

	if ($death)
	    exit(1);
	return;
    }
332

333
    $msg = "<font size=+1><br>
334
            $message
335
      	    </font>
336
            <br><br><br>
337 338 339
            <font size=-1>
            Please contact $TBMAILADDR if you feel this message is an error.
            </font>\n";
340

Leigh B. Stoller's avatar
Leigh B. Stoller committed
341
    if ($death) {
342
	PAGEERROR($msg, $status_code);
Leigh B. Stoller's avatar
Leigh B. Stoller committed
343
    }
344 345
    else
        echo "$msg\n";
Leigh B. Stoller's avatar
Leigh B. Stoller committed
346 347
}

348 349 350 351 352 353 354 355
#
# A form error.
#
function FORMERROR($field) {
    USERERROR("Missing field; ".
              "Please go back and fill out the \"$field\" field!", 1);
}

356 357 358
#
# A page argument error. 
# 
359
function PAGEARGERROR($msg = 0) {
360 361
    $default = "Invalid page arguments: " .
          	htmlspecialchars($_SERVER['REQUEST_URI']);
362 363 364 365

    if ($msg) {
	$default = "$default<br><br>$msg";
    }
366
    USERERROR($default, 1, HTTP_400_BAD_REQUEST);
367 368
}

369
#
370
# SUEXEC stuff.
371
#
372 373
# Save this stuff so we can generate better error messages and such.
# 
374 375 376 377
$suexec_cmdandargs   = "";
$suexec_retval       = 0;
$suexec_output       = "";
$suexec_output_array = null;
378

379 380 381 382 383 384 385
#
# Actions for suexec. 
#
define("SUEXEC_ACTION_CONTINUE",	0);
define("SUEXEC_ACTION_DIE",		1);
define("SUEXEC_ACTION_USERERROR",	2);
define("SUEXEC_ACTION_IGNORE",		3);
386
define("SUEXEC_ACTION_DUPDIE",		4);
387 388
# SUEXEC_ACTION_MAIL_TBLOGS to be ored with one of the above actions
define("SUEXEC_ACTION_MAIL_TBLOGS",     64);
389

390 391 392 393 394
#
# An suexec error.
#
function SUEXECERROR($action)
{
395
    global $suexec_cmdandargs, $suexec_retval;
396
    global $suexec_output;
397

398 399
    $foo  = "Shell Program Error. Exit status: $suexec_retval\n";
    $foo .= "  '$suexec_cmdandargs'\n";
400 401 402
    $foo .= "\n";
    $foo .= $suexec_output;

403 404
    switch ($action) {
    case SUEXEC_ACTION_CONTINUE:
405
	TBERROR($foo, 0, 1);
406 407 408 409 410 411 412 413 414
        break;
    case SUEXEC_ACTION_DIE:
	TBERROR($foo, 1, 1);
        break;
    case SUEXEC_ACTION_USERERROR:
	USERERROR("<XMP>$foo</XMP>", 1);
        break;
    case SUEXEC_ACTION_IGNORE:
	break;
415 416 417 418
    case SUEXEC_ACTION_DUPDIE:
	TBERROR($foo, 0, 1);
	USERERROR("<XMP>$foo</XMP>", 1);
        break;
419 420 421 422 423 424 425 426 427 428
    default:
	TBERROR($foo, 1, 1);
    }
}

#
# Run a program as a user.
#
function SUEXEC($uid, $gid, $cmdandargs, $action) {
    global $TBSUEXEC_PATH;
429 430
    global $suexec_cmdandargs, $suexec_retval;
    global $suexec_output, $suexec_output_array;
431 432 433 434 435 436 437
    global $TBMAIL_LOGS;

    $mail_tblog = 0;
    if ($action & SUEXEC_ACTION_MAIL_TBLOGS) {
	$action &= ~SUEXEC_ACTION_MAIL_TBLOGS;
	$mail_tblog = 1;
    }
438 439 440

    ignore_user_abort(1);

441 442 443 444
    $suexec_cmdandargs   = "$uid $gid $cmdandargs";
    $suexec_output_array = array();
    $suexec_output       = "";
    $suexec_retval       = 0;
445
    
446 447 448 449 450 451 452 453 454 455 456 457 458
    exec("$TBSUEXEC_PATH $suexec_cmdandargs",
	 $suexec_output_array, $suexec_retval);

    # Yikes! Something is not doing integer conversion properly!
    if ($suexec_retval == 255) {
	$suexec_retval = -1;
    }

    if (count($suexec_output_array)) {
	for ($i = 0; $i < count($suexec_output_array); $i++) {
	    $suexec_output .= "$suexec_output_array[$i]\n";
	}
    }
459

460 461 462 463 464 465 466 467 468
    if ($mail_tblog) {
	$mesg  = "$TBSUEXEC_PATH $suexec_cmdandargs\n";
	$mesg .= "Return Value: $suexec_retval\n\n";
	$mesg .= "--------- OUTPUT ---------\n";
	$mesg .= $suexec_output;
	
	TBMAIL($TBMAIL_LOGS, "suexec: $cmdandargs", $mesg);
    }

469 470 471 472 473 474 475
    #
    # The output is still available of course, via $suexec_output.
    # 
    if ($suexec_retval == 0 || $action == SUEXEC_ACTION_IGNORE) {
	return $suexec_retval;
    }
    SUEXECERROR($action);
476 477
    # Must return the shell value!
    return $suexec_retval;
478 479
}

480 481 482 483 484 485
#
# We invoke addpubkey as user nobody all the time. The implied user is passed
# along in an HTTP_ variable (see tbauth). This avoids a bunch of confusion
# that results from new users who do not have a context yet. 
#
function ADDPUBKEY($cmdandargs) {
486 487
    global $TBSUEXEC_PATH;

488 489
    return SUEXEC("nobody", "nobody", "webaddpubkey $cmdandargs",
		  SUEXEC_ACTION_CONTINUE);
490 491
}

492 493 494 495
#
# Verify a URL.
#
function CHECKURL($url, &$error) {
496
    global $HTTPTAG, $HTTPSTAG;
497 498 499 500 501 502 503

    if (strlen($url)) {
	if (strstr($url, " ")) {
	    $error = "URL is malformed; spaces are not allowed!";
	    return 0;
	}
	
504 505 506
	if (strcmp($HTTPTAG, substr($url, 0, strlen($HTTPTAG))) &&
	    strcmp($HTTPSTAG, substr($url, 0, strlen($HTTPSTAG)))) {
	    $error = "URL is malformed; must begin with $HTTPTAG or $HTTPSTAG!";
507 508
	    return 0;
	}
509

510
	$fp = @fopen($url, "r");
Leigh B. Stoller's avatar
Leigh B. Stoller committed
511 512 513
	if (!$fp) {
	    $error = "URL is not valid; Cannot be accessed!";
	    return 0;
514
	}
Leigh B. Stoller's avatar
Leigh B. Stoller committed
515
	fclose($fp);
516 517 518 519 520 521 522 523 524 525
    }
    return 1;
}

#
# Check a password.
#
function CHECKPASSWORD($uid, $password, $name, $email, &$error)
{
    global $TBCHKPASS_PATH;
526

527 528
    # Watch for caller errors since this calls to the shell.
    if (empty($uid) || empty($password) || empty($name) || empty($email)) {
529
	$error = "Internal Error";
530 531
	return 0;
    }
532 533 534 535 536
    # Ascii only.
    if (! TBvalid_userdata($password)) {
	$error = "Invalid characters; ascii only please";
	return 0;
    }
537

538 539 540
    $uid      = escapeshellarg($uid);
    $password = escapeshellarg($password);
    $stuff    = escapeshellarg("$name:$email");
541
    
542
    $mypipe = popen("$TBCHKPASS_PATH $password $uid $stuff", "w+");
543 544 545 546 547 548 549 550 551 552 553 554 555
    
    if ($mypipe) { 
        $retval=fgets($mypipe, 1024);
        if (strcmp($retval,"ok\n") != 0) {
	    $error = "$retval";
	    return 0;
	}
	return 1;
    }
    TBERROR("Checkpass Failure! Returned '$mypipe'.\n\n".
	    "$TBCHKPASS_PATH $password $uid '$name:$email'", 1);
}

556 557 558 559 560 561 562 563 564 565 566 567 568 569 570
#
# Grab a UUID (universally unique identifier).
#
function NewUUID()
{
    global $UUIDGEN_PATH;

    $uuid = shell_exec($UUIDGEN_PATH);
    
    if (isset($uuid) && $uuid != "") {
	return rtrim($uuid);
    }
    TBERROR("$UUIDGEN_PATH Failure", 1);
}

Leigh B Stoller's avatar
Leigh B Stoller committed
571 572 573 574 575 576 577 578 579
# Check pattern.
function IsValidUUID($token)
{
    if (preg_match("/^\w+\-\w+\-\w+\-\w+\-\w+$/", $token)) {
	return 1;
    }
    return 0;
}

580 581 582 583
function LASTNODELOGIN($node)
{
}

584 585 586 587 588 589 590 591
function VALIDUSERPATH($path, $uid="", $pid="", $gid="", $eid="")
{
    global $TBPROJ_DIR, $TBUSER_DIR, $TBGROUP_DIR, $TBSCRATCH_DIR;

    #
    # No ids specified, just make sure it starts with an appropriate prefix.
    #
    if (!$uid && !$pid && !$gid && !$eid) {
Mike Hibler's avatar
Mike Hibler committed
592 593 594
	if (preg_match("#^$TBPROJ_DIR/.*#", $path) ||
	    preg_match("#^$TBUSER_DIR/.*#", $path) ||
	    preg_match("#^$TBGROUP_DIR/.*#", $path)) {
595 596
	    return 1;
	}
Mike Hibler's avatar
Mike Hibler committed
597
	if ($TBSCRATCH_DIR && preg_match("#^$TBSCRATCH_DIR/.*#", $path)) {
598 599 600 601 602 603 604 605 606
	    return 1;
	}
	return 0;
    }

    # XXX for now, see tbsetup/libtestbed.pm for what should happen
    return 0;
}

607 608 609 610 611 612 613 614 615 616 617 618 619 620 621 622
#
# A function to print the contents of an array (recursively).
# Mostly useful for debugging.
#
function ARRAY_PRINT($arr) {
  if (!is_array($arr)) { echo "non-array '$arr'\n"; }
  foreach ($arr as $i => $val) {
    echo("'$i' - '$val'\n");
    if (is_array($val)) {
      echo "Sub-array $i:\n";
      array_print($val);
      echo "End Sub-array $i.\n";
    }
  }
}

623 624 625 626 627 628 629
#
# Return Yes or No given boolean
#
function YesNo($bool) {
    return ($bool ? "Yes" : "No");
}

Kirk Webb's avatar
Kirk Webb committed
630 631 632
#
# See if someone is logged in, and if they need to be redirected.
#
Kirk Webb's avatar
Kirk Webb committed
633
function CheckRedirect() {
Kirk Webb's avatar
Kirk Webb committed
634 635 636 637 638 639 640 641 642 643 644 645 646 647 648 649
    global $stayhome;

    if (($this_user = CheckLogin($check_status))) {
	$check_status = $check_status & CHECKLOGIN_STATUSMASK;
	if ($check_status == CHECKLOGIN_MAYBEVALID) {
            # Maybe the reason was because they where not using HTTPS ...
	    RedirectHTTPS();
	}
	
	if (($firstinitstate = TBGetFirstInitState())) {
	    unset($stayhome);
	}
	if (!isset($stayhome)) {
	    if ($check_status == CHECKLOGIN_LOGGEDIN) {
		if ($firstinitstate == "createproject") {
                    # Zap to NewProject Page,
Kirk Webb's avatar
Kirk Webb committed
650
		    header("Location: $TBBASE/newproject.php3");
Kirk Webb's avatar
Kirk Webb committed
651 652 653
		}
		else {
                    # Zap to My Emulab page.
Kirk Webb's avatar
Kirk Webb committed
654
		    header("Location: $TBBASE/".
Kirk Webb's avatar
Kirk Webb committed
655 656 657 658 659 660 661 662
			   CreateURL("showuser", $this_user));
		}
		exit;
	    }
	}
    }
}

663 664 665 666 667 668 669 670 671 672 673
#
# Loop over the $ALTERNATE_DOMAINS global array and see if the incoming
# request asked for a virtual domain for which we have an alternate set
# of definitions and/or view.
#
# Return 1 if a domain in the array matched, 0 otherwise.  Has MAJOR
# side effects: updates/overrides many top-level variables.
#
function SetDomainDefs()
{
    global $WWWHOST, $OURDOMAIN, $WWW, $THISHOMEBASE, $TBAUTHDOMAIN, $TBBASE;
674
    global $TBDOCBASE, $TBWWW, $WIKINODE, $WIKIDOCURL, $TBMAINSITE, $FORUMURL;
Kirk Webb's avatar
Kirk Webb committed
675
    global $ALTERNATE_DOMAINS, $FLAVOR, $DOMVIEW;
676

677 678
    foreach ($ALTERNATE_DOMAINS as $altdom) {
	list($dpat, $ovr) = $altdom;
679 680 681 682 683 684 685 686 687 688 689 690 691
	if (preg_match($dpat, $_SERVER['SERVER_NAME']) == 1) {
	    # Replacement defs derived from the virtual domain itself.
	    $WWWHOST	  = $_SERVER['SERVER_NAME'];
	    $OURDOMAIN    = implode(".", array_slice(explode(".",$WWWHOST),1));
	    $WWW	  = $WWWHOST;
	    $TBAUTHDOMAIN = ".$OURDOMAIN";
	    $TBBASE	  = "https://$WWWHOST";
	    $TBDOCBASE	  = "http://$WWWHOST";
	    $TBWWW	  = "<$TBBASE/>";

	    # Defs that may be overriden in the domain's configuration array
	    if (isset($ovr['THISHOMEBASE'])) {
		$THISHOMEBASE = $ovr['THISHOMEBASE'];
Kirk Webb's avatar
Kirk Webb committed
692
		$FLAVOR       = $THISHOMEBASE;
693 694 695 696 697 698
	    }
	    if (isset($ovr['WIKINODE'])) {
		$WIKINODE     = $ovr['WIKINODE'];
	    } else {
		$WIKINODE     = "wiki.$OURDOMAIN";
	    }
699 700
	    if (isset($ovr['WIKIDOCURL'])) {
		$WIKIDOCURL   = $ovr['WIKIDOCURL'];
701
	    } else {
702
		$WIKIDOCURL   = "http://${WIKINODE}/wikidocs/wiki";
703
	    }
704 705 706
	    if (isset($ovr['FORUMURL'])) {
	        $FORUMURL     = $ovr['FORUMURL'];
	    }
707 708 709 710 711 712 713 714 715 716 717 718 719 720
	    if (isset($ovr['DOMVIEW'])) {
		$DOMVIEW      = $ovr['DOMVIEW'];
	    }

	    # Given that this is an alternate domain, clear TBMAINSITE
	    $TBMAINSITE = 0;
	    
	    # Bail after the first domain match.
	    return 1;
	}
    }
    return 0;
}

721 722 723 724 725 726 727 728 729 730 731 732 733 734 735 736 737 738
#
# If the page was accessed via http redirect to https and exit
# otherwise do nothing
#
function RedirectHTTPS() {
    global $WWWHOST,$drewheader;
    if ($drewheader) {
	trigger_error(
	    "PAGEHEADER called before RedirectHTTPS ".
	    "Won't be able to redirect to HTTPS if necessary ".
	    "in ". $_SERVER['SCRIPT_FILENAME'] . ",",
	    E_USER_WARNING);
    } else if (!@$_SERVER['HTTPS'] && $_SERVER['REQUEST_METHOD'] == 'GET') {
	header("Location: https://$WWWHOST". $_SERVER['REQUEST_URI']);
	exit;
    }
}

739 740 741 742 743 744 745 746
#
# Clean out going string to be html safe.
#
function CleanString($string)
{
    return htmlspecialchars($string, ENT_QUOTES);
}

747 748 749 750 751 752 753
#
# Generate an authentication object to pass to the browser that
# is passed to the web server on boss. This is used to grant
# permission to the user to invoke ssh to a local node using their
# emulab generated (no passphrase) key. This is basically a clone
# of what GateOne does, but that code was a mess. 
#
Leigh B Stoller's avatar
Leigh B Stoller committed
754
function UnusedSSHAuthObject($uid)
755 756 757 758 759 760 761 762 763 764 765 766 767 768 769 770 771 772 773 774 775 776 777 778 779 780 781 782 783 784 785 786 787 788
{
    $file = "/usr/testbed/etc/sshauth.key";
    
    #
    # We need the secret that is shared with ops.
    #
    $fp = fopen($file, "r");
    if (! $fp) {
	TBERROR("Error opening $file", 0);
	return null;
    }
    list($api_key,$secret) = preg_split('/:/', fread($fp, 128));
    fclose($fp);
    if (!($secret && $api_key)) {
	TBERROR("Could not get key from $file", 0);
	return null;
    }
    $secret = chop($secret);

    $authobj = array(
	'api_key' => $api_key,
	'upn' => $uid,
	'timestamp' => time() . '000',
	'signature_method' => 'HMAC-SHA1',
	'api_version' => '1.0'
    );
    $authobj['signature'] = hash_hmac('sha1',
				      $authobj['api_key'] . $authobj['upn'] .
				      $authobj['timestamp'], $secret);
    $valid_json_auth_object = json_encode($authobj);

    return $valid_json_auth_object;
}

789 790 791 792
#
# Beware empty spaces (cookies)!
# 
require("tbauth.php3");
793 794 795 796

#
# Okay, this is what checks the login and spits out the menu.
#
797
require("Sajax.php");
798
require("menu.php3");
799
?>