egroupware_official/admin/remote.php

<?php
/**
 * eGgroupWare admin - remote admin command execution
 *
 * @link http://www.egroupware.org
 * @author Ralf Becker <RalfBecker-AT-outdoor-training.de>
 * @package admin
 * @copyright (c) 2007 by Ralf Becker <RalfBecker-AT-outdoor-training.de>
 * @license http://opensource.org/licenses/gpl-license.php GPL - GNU General Public License
 * @version $Id$ 
 */

/**
 * @var array
 */
$GLOBALS['egw_info'] = array(
	'flags' => array(
		'currentapp' => 'login',
		'noheader' => true,
	)
);

include('../header.inc.php');

$GLOBALS['egw']->applications->read_installed_apps();	// set $GLOBALS['egw_info']['apps'] (not set for login)

$instance = isset($_GET['domain']) ? $_GET['domain'] : $_REQUEST['domain'];	// use GET before the rest
if (!isset($GLOBALS['egw_domain'][$instance]))
{
	$instance = $GLOBALS['egw_info']['server']['default_domain'];
}
$domain_data = $GLOBALS['egw_domain'][$instance];
//echo $instance; _debug_array($domain_data);

// as a security measure remote administration need to be enabled under Admin > Site configuration
list(,$remote_admin_install_id) = explode('-',$_REQUEST['uid']);
$allowed_remote_admin_ids = $GLOBALS['egw_info']['server']['allow_remote_admin'] ? explode(',',$GLOBALS['egw_info']['server']['allow_remote_admin']) : array();
// to authenticate with the installation we use a secret, which is a md5 hash build from the uid 
// of the command (to not allow to send new commands with an earsdroped secret) and the md5 hash 
// of the md5 hash of the config password and the install_id (egw_admin_remote.remote_hash)
if (!$domain_data || is_numeric($_REQUEST['uid']) || !in_array($remote_admin_install_id,$allowed_remote_admin_ids) ||
	$_REQUEST['secret'] != ($md5=md5($_REQUEST['uid'].admin_cmd::remote_hash($GLOBALS['egw_info']['server']['install_id'],$domain_data['config_passwd']))))
{
	header("HTTP/1.1 200 Unauthorized");
	//die("0 secret != '$md5'");
	echo lang('0 Permission denied!');
	if (!in_array($remote_admin_install_id,$allowed_remote_admin_ids))
	{
		echo "\n".lang('Remote administration need to be enabled in the remote instance under Admin > Site configuration!');
	}
	$GLOBALS['egw']->common->egw_exit();
}

require_once(EGW_INCLUDE_ROOT.'/admin/inc/class.admin_cmd.inc.php');

// check if uid belongs to an existing command --> return it's status
// this is also a security meassure, as a captured uid+secret can not be used to send new commands
$cmd = admin_cmd::read($_REQUEST['uid']);
if (is_object($cmd))
{
	exit_with_status($cmd);
}

// check if requests contains a reasonable looking admin command to be queued
if (!$_REQUEST['uid'] ||	// no uid
	!$_REQUEST['type'] ||	// no command class name
	!$_REQUEST['creator_email'])	// no creator email
{
	header("HTTP/1.1 200 Bad format!");
	echo lang('0 Bad format!');
	$GLOBALS['egw']->common->egw_exit();
}

// create command from request data
$data = isset($_POST['uid']) ? $_POST : $_GET;
unset($data['secret']);
unset($data['id']);			// we are remote
unset($data['remote_id']);
$data['creator'] = 0;	// remote
if (isset($data['modifier'])) $data['modifier'] = 0;
if (isset($data['requested'])) $data['requested'] = 0;

// instanciate comand and run it
try {
	$cmd = admin_cmd::instanciate($data);
	//_debug_array($cmd); exit;
	$success_msg = $cmd->run();
	
	$GLOBALS['egw']->translation->convert($success_msg,$GLOBALS['egw']->translation->charset(),'utf-8');

	if (!is_string($success_msg))
	{
		$success_msg = serialize($success_msg);
	}
}
catch (Exception $e) {
	header('HTTP/1.1 200 '.$e->getMessage());
	echo $e->getCode().' '.$e->getMessage();
	$GLOBALS['egw']->common->egw_exit();
}
exit_with_status($cmd,$success_msg);

function exit_with_status($cmd,$success_msg='Successful')
{
	switch($cmd->status)
	{
		case admin_cmd::failed:	// errors are returned as 400 HTTP status
			header('HTTP/1.1 200 '.$cmd->error);
			echo $cmd->errno.' '.$cmd->error;
			break;
			
		default:				// everything else is returned as 200 HTTP status
			$success_msg = $cmd->stati[$cmd->status];
			// fall through
		case admin_cmd::successful:
			header('HTTP/1.1 200 '.$cmd->stati[$cmd->status]);
			header('Content-type: text/plain; charset=utf-8');
			echo $success_msg;
	}
	$GLOBALS['egw']->common->egw_exit();
}
A very first step to remodel our current admin backend: - all commands get loged and optional documented with requesting person and a comment - all commands can be run immediatly or scheduled for a later execusion - all commands can be run either from a command line (admin-cli), from the web GUI or via a remore administration from a different instance current status: - command queue / history table created (need to be installed) - base class for all comments - one exemplary command to change application rights of users or groups - admin-cli used the above comment and has additional parameters to set the requesting person, scheduled execution time and comment - GUI to watch the queue / history - URL to excute/schedule commands remote More to come now on a daily basis 2007-11-22 01:57:12 +01:00			`<?php`
			`/**`
first version of a setup command that can run via admins remote command execution 2007-12-05 03:27:49 +01:00			`* eGgroupWare admin - remote admin command execution`
A very first step to remodel our current admin backend: - all commands get loged and optional documented with requesting person and a comment - all commands can be run immediatly or scheduled for a later execusion - all commands can be run either from a command line (admin-cli), from the web GUI or via a remore administration from a different instance current status: - command queue / history table created (need to be installed) - base class for all comments - one exemplary command to change application rights of users or groups - admin-cli used the above comment and has additional parameters to set the requesting person, scheduled execution time and comment - GUI to watch the queue / history - URL to excute/schedule commands remote More to come now on a daily basis 2007-11-22 01:57:12 +01:00			`*`
			`* @link http://www.egroupware.org`
			`* @author Ralf Becker <RalfBecker-AT-outdoor-training.de>`
			`* @package admin`
			`* @copyright (c) 2007 by Ralf Becker <RalfBecker-AT-outdoor-training.de>`
			`* @license http://opensource.org/licenses/gpl-license.php GPL - GNU General Public License`
			`* @version $Id$`
			`*/`

first version of a setup command that can run via admins remote command execution 2007-12-05 03:27:49 +01:00			`/**`
			`* @var array`
			`*/`
A very first step to remodel our current admin backend: - all commands get loged and optional documented with requesting person and a comment - all commands can be run immediatly or scheduled for a later execusion - all commands can be run either from a command line (admin-cli), from the web GUI or via a remore administration from a different instance current status: - command queue / history table created (need to be installed) - base class for all comments - one exemplary command to change application rights of users or groups - admin-cli used the above comment and has additional parameters to set the requesting person, scheduled execution time and comment - GUI to watch the queue / history - URL to excute/schedule commands remote More to come now on a daily basis 2007-11-22 01:57:12 +01:00			`$GLOBALS['egw_info'] = array(`
			`'flags' => array(`
			`'currentapp' => 'login',`
			`'noheader' => true,`
			`)`
			`);`

			`include('../header.inc.php');`

			`$GLOBALS['egw']->applications->read_installed_apps(); // set $GLOBALS['egw_info']['apps'] (not set for login)`

first version of a setup command that can run via admins remote command execution 2007-12-05 03:27:49 +01:00			`$instance = isset($_GET['domain']) ? $_GET['domain'] : $_REQUEST['domain']; // use GET before the rest`
A very first step to remodel our current admin backend: - all commands get loged and optional documented with requesting person and a comment - all commands can be run immediatly or scheduled for a later execusion - all commands can be run either from a command line (admin-cli), from the web GUI or via a remore administration from a different instance current status: - command queue / history table created (need to be installed) - base class for all comments - one exemplary command to change application rights of users or groups - admin-cli used the above comment and has additional parameters to set the requesting person, scheduled execution time and comment - GUI to watch the queue / history - URL to excute/schedule commands remote More to come now on a daily basis 2007-11-22 01:57:12 +01:00			`if (!isset($GLOBALS['egw_domain'][$instance]))`
			`{`
			`$instance = $GLOBALS['egw_info']['server']['default_domain'];`
			`}`
			`$domain_data = $GLOBALS['egw_domain'][$instance];`
next step admin-cli can send now commands to remote installs (defined direct in egw_admin_remote, no GUI yet) 2007-11-23 21:04:26 +01:00			`//echo $instance; _debug_array($domain_data);`
A very first step to remodel our current admin backend: - all commands get loged and optional documented with requesting person and a comment - all commands can be run immediatly or scheduled for a later execusion - all commands can be run either from a command line (admin-cli), from the web GUI or via a remore administration from a different instance current status: - command queue / history table created (need to be installed) - base class for all comments - one exemplary command to change application rights of users or groups - admin-cli used the above comment and has additional parameters to set the requesting person, scheduled execution time and comment - GUI to watch the queue / history - URL to excute/schedule commands remote More to come now on a daily basis 2007-11-22 01:57:12 +01:00
next steps: UI to add remote sites, remote admin needs not to be configured/allowed on the remote side 2007-11-24 20:56:58 +01:00			`// as a security measure remote administration need to be enabled under Admin > Site configuration`
			`list(,$remote_admin_install_id) = explode('-',$_REQUEST['uid']);`
			`$allowed_remote_admin_ids = $GLOBALS['egw_info']['server']['allow_remote_admin'] ? explode(',',$GLOBALS['egw_info']['server']['allow_remote_admin']) : array();`
next step admin-cli can send now commands to remote installs (defined direct in egw_admin_remote, no GUI yet) 2007-11-23 21:04:26 +01:00			`// to authenticate with the installation we use a secret, which is a md5 hash build from the uid`
			`// of the command (to not allow to send new commands with an earsdroped secret) and the md5 hash`
			`// of the md5 hash of the config password and the install_id (egw_admin_remote.remote_hash)`
next steps: UI to add remote sites, remote admin needs not to be configured/allowed on the remote side 2007-11-24 20:56:58 +01:00			`if (!$domain_data \|\| is_numeric($_REQUEST['uid']) \|\| !in_array($remote_admin_install_id,$allowed_remote_admin_ids) \|\|`
moved remote hash calculation to a function 2007-12-07 01:03:31 +01:00			`$_REQUEST['secret'] != ($md5=md5($_REQUEST['uid'].admin_cmd::remote_hash($GLOBALS['egw_info']['server']['install_id'],$domain_data['config_passwd']))))`
A very first step to remodel our current admin backend: - all commands get loged and optional documented with requesting person and a comment - all commands can be run immediatly or scheduled for a later execusion - all commands can be run either from a command line (admin-cli), from the web GUI or via a remore administration from a different instance current status: - command queue / history table created (need to be installed) - base class for all comments - one exemplary command to change application rights of users or groups - admin-cli used the above comment and has additional parameters to set the requesting person, scheduled execution time and comment - GUI to watch the queue / history - URL to excute/schedule commands remote More to come now on a daily basis 2007-11-22 01:57:12 +01:00			`{`
next steps: UI to add remote sites, remote admin needs not to be configured/allowed on the remote side 2007-11-24 20:56:58 +01:00			`header("HTTP/1.1 200 Unauthorized");`
moved remote hash calculation to a function 2007-12-07 01:03:31 +01:00			`//die("0 secret != '$md5'");`
next step admin-cli can send now commands to remote installs (defined direct in egw_admin_remote, no GUI yet) 2007-11-23 21:04:26 +01:00			`echo lang('0 Permission denied!');`
next steps: UI to add remote sites, remote admin needs not to be configured/allowed on the remote side 2007-11-24 20:56:58 +01:00			`if (!in_array($remote_admin_install_id,$allowed_remote_admin_ids))`
			`{`
			`echo "\n".lang('Remote administration need to be enabled in the remote instance under Admin > Site configuration!');`
			`}`
A very first step to remodel our current admin backend: - all commands get loged and optional documented with requesting person and a comment - all commands can be run immediatly or scheduled for a later execusion - all commands can be run either from a command line (admin-cli), from the web GUI or via a remore administration from a different instance current status: - command queue / history table created (need to be installed) - base class for all comments - one exemplary command to change application rights of users or groups - admin-cli used the above comment and has additional parameters to set the requesting person, scheduled execution time and comment - GUI to watch the queue / history - URL to excute/schedule commands remote More to come now on a daily basis 2007-11-22 01:57:12 +01:00			`$GLOBALS['egw']->common->egw_exit();`
			`}`

			`require_once(EGW_INCLUDE_ROOT.'/admin/inc/class.admin_cmd.inc.php');`

			`// check if uid belongs to an existing command --> return it's status`
			`// this is also a security meassure, as a captured uid+secret can not be used to send new commands`
			`$cmd = admin_cmd::read($_REQUEST['uid']);`
			`if (is_object($cmd))`
			`{`
			`exit_with_status($cmd);`
			`}`

			`// check if requests contains a reasonable looking admin command to be queued`
			`if (!$_REQUEST['uid'] \|\| // no uid`
			`!$_REQUEST['type'] \|\| // no command class name`
			`!$_REQUEST['creator_email']) // no creator email`
			`{`
next steps: UI to add remote sites, remote admin needs not to be configured/allowed on the remote side 2007-11-24 20:56:58 +01:00			`header("HTTP/1.1 200 Bad format!");`
next step admin-cli can send now commands to remote installs (defined direct in egw_admin_remote, no GUI yet) 2007-11-23 21:04:26 +01:00			`echo lang('0 Bad format!');`
A very first step to remodel our current admin backend: - all commands get loged and optional documented with requesting person and a comment - all commands can be run immediatly or scheduled for a later execusion - all commands can be run either from a command line (admin-cli), from the web GUI or via a remore administration from a different instance current status: - command queue / history table created (need to be installed) - base class for all comments - one exemplary command to change application rights of users or groups - admin-cli used the above comment and has additional parameters to set the requesting person, scheduled execution time and comment - GUI to watch the queue / history - URL to excute/schedule commands remote More to come now on a daily basis 2007-11-22 01:57:12 +01:00			`$GLOBALS['egw']->common->egw_exit();`
			`}`

			`// create command from request data`
			`$data = isset($_POST['uid']) ? $_POST : $_GET;`
			`unset($data['secret']);`
next step admin-cli can send now commands to remote installs (defined direct in egw_admin_remote, no GUI yet) 2007-11-23 21:04:26 +01:00			`unset($data['id']); // we are remote`
			`unset($data['remote_id']);`
A very first step to remodel our current admin backend: - all commands get loged and optional documented with requesting person and a comment - all commands can be run immediatly or scheduled for a later execusion - all commands can be run either from a command line (admin-cli), from the web GUI or via a remore administration from a different instance current status: - command queue / history table created (need to be installed) - base class for all comments - one exemplary command to change application rights of users or groups - admin-cli used the above comment and has additional parameters to set the requesting person, scheduled execution time and comment - GUI to watch the queue / history - URL to excute/schedule commands remote More to come now on a daily basis 2007-11-22 01:57:12 +01:00			`$data['creator'] = 0; // remote`
			`if (isset($data['modifier'])) $data['modifier'] = 0;`
			`if (isset($data['requested'])) $data['requested'] = 0;`

			`// instanciate comand and run it`
			`try {`
			`$cmd = admin_cmd::instanciate($data);`
			`//_debug_array($cmd); exit;`
next step admin-cli can send now commands to remote installs (defined direct in egw_admin_remote, no GUI yet) 2007-11-23 21:04:26 +01:00			`$success_msg = $cmd->run();`
added draft of an exception class for eGW, plus a global exception handler and replaced the fatal errors in the db-class plus the application rights check in the egw object with exceptions, modified the exceptions in admin_cmd* to use egw_excpetion*, instead just Exception 2007-12-06 09:00:41 +01:00
			`$GLOBALS['egw']->translation->convert($success_msg,$GLOBALS['egw']->translation->charset(),'utf-8');`

			`if (!is_string($success_msg))`
			`{`
			`$success_msg = serialize($success_msg);`
			`}`
A very first step to remodel our current admin backend: - all commands get loged and optional documented with requesting person and a comment - all commands can be run immediatly or scheduled for a later execusion - all commands can be run either from a command line (admin-cli), from the web GUI or via a remore administration from a different instance current status: - command queue / history table created (need to be installed) - base class for all comments - one exemplary command to change application rights of users or groups - admin-cli used the above comment and has additional parameters to set the requesting person, scheduled execution time and comment - GUI to watch the queue / history - URL to excute/schedule commands remote More to come now on a daily basis 2007-11-22 01:57:12 +01:00			`}`
			`catch (Exception $e) {`
next steps: UI to add remote sites, remote admin needs not to be configured/allowed on the remote side 2007-11-24 20:56:58 +01:00			`header('HTTP/1.1 200 '.$e->getMessage());`
A very first step to remodel our current admin backend: - all commands get loged and optional documented with requesting person and a comment - all commands can be run immediatly or scheduled for a later execusion - all commands can be run either from a command line (admin-cli), from the web GUI or via a remore administration from a different instance current status: - command queue / history table created (need to be installed) - base class for all comments - one exemplary command to change application rights of users or groups - admin-cli used the above comment and has additional parameters to set the requesting person, scheduled execution time and comment - GUI to watch the queue / history - URL to excute/schedule commands remote More to come now on a daily basis 2007-11-22 01:57:12 +01:00			`echo $e->getCode().' '.$e->getMessage();`
			`$GLOBALS['egw']->common->egw_exit();`
			`}`
			`exit_with_status($cmd,$success_msg);`

			`function exit_with_status($cmd,$success_msg='Successful')`
			`{`
			`switch($cmd->status)`
			`{`
			`case admin_cmd::failed: // errors are returned as 400 HTTP status`
next steps: UI to add remote sites, remote admin needs not to be configured/allowed on the remote side 2007-11-24 20:56:58 +01:00			`header('HTTP/1.1 200 '.$cmd->error);`
A very first step to remodel our current admin backend: - all commands get loged and optional documented with requesting person and a comment - all commands can be run immediatly or scheduled for a later execusion - all commands can be run either from a command line (admin-cli), from the web GUI or via a remore administration from a different instance current status: - command queue / history table created (need to be installed) - base class for all comments - one exemplary command to change application rights of users or groups - admin-cli used the above comment and has additional parameters to set the requesting person, scheduled execution time and comment - GUI to watch the queue / history - URL to excute/schedule commands remote More to come now on a daily basis 2007-11-22 01:57:12 +01:00			`echo $cmd->errno.' '.$cmd->error;`
			`break;`

			`default: // everything else is returned as 200 HTTP status`
			`$success_msg = $cmd->stati[$cmd->status];`
			`// fall through`
			`case admin_cmd::successful:`
			`header('HTTP/1.1 200 '.$cmd->stati[$cmd->status]);`
added draft of an exception class for eGW, plus a global exception handler and replaced the fatal errors in the db-class plus the application rights check in the egw object with exceptions, modified the exceptions in admin_cmd* to use egw_excpetion*, instead just Exception 2007-12-06 09:00:41 +01:00			`header('Content-type: text/plain; charset=utf-8');`
A very first step to remodel our current admin backend: - all commands get loged and optional documented with requesting person and a comment - all commands can be run immediatly or scheduled for a later execusion - all commands can be run either from a command line (admin-cli), from the web GUI or via a remore administration from a different instance current status: - command queue / history table created (need to be installed) - base class for all comments - one exemplary command to change application rights of users or groups - admin-cli used the above comment and has additional parameters to set the requesting person, scheduled execution time and comment - GUI to watch the queue / history - URL to excute/schedule commands remote More to come now on a daily basis 2007-11-22 01:57:12 +01:00			`echo $success_msg;`
			`}`
			`$GLOBALS['egw']->common->egw_exit();`
			`}`