예제 #1
0
void Webadmin_ConsoleCommand(xml_t* xmlobj, const char* command, int uid)
{
	char sv_outputbuf[SV_OUTPUTBUF_LENGTH];
	char buffer[960];
	char cmd[48];
	int power, powercmd, oldpower, oldinvokeruid, oldinvokerclnum, i;
	
	
	if((power = Auth_GetClPowerByUID(uid)) < 100)
	{
		i = 0;
		/* Get the current user's power 1st */
		while ( command[i] != ' ' && command[i] != '\0' && command[i] != '\n' && i < 32 ){
			i++;
		}
		if(i > 29 || i < 3) return;
		
		Q_strncpyz(cmd,command,i+1);
		
		//Prevent buffer overflow as well as prevent the execution of priveleged commands by using seperator characters
		Q_strncpyz(buffer, command, sizeof(buffer));
		Q_strchrrepl(buffer,';','\0');
		Q_strchrrepl(buffer,'\n','\0');
		Q_strchrrepl(buffer,'\r','\0');
		// start redirecting all print outputs to the packet
		
		powercmd = Cmd_GetPower(cmd);
		if(powercmd > power)
		{
			XA(" Insufficient permissions! ");
				return;
		}
		
		xmlobjFlush = xmlobj;
		
		oldpower = Cmd_GetInvokerPower();
		oldinvokeruid = Cmd_GetInvokerUID();
		oldinvokerclnum = Cmd_GetInvokerClnum();
		Cmd_SetCurrentInvokerInfo(uid, power, -1);
		
		Com_BeginRedirect (sv_outputbuf, SV_OUTPUTBUF_LENGTH, Webadmin_FlushRedirect);
		Cmd_ExecuteSingleCommand(0,0, buffer);
		
		Cmd_SetCurrentInvokerInfo(oldinvokeruid, oldpower, oldinvokerclnum);
		
	}else{
		xmlobjFlush = xmlobj;
		Com_BeginRedirect (sv_outputbuf, SV_OUTPUTBUF_LENGTH, Webadmin_FlushRedirect);
		Cmd_ExecuteSingleCommand(0,0, command);
#ifdef PUNKBUSTER
		if(!Q_stricmpn(command, "pb_sv_", 6)) PbServerForceProcess();
#endif
	}

	Com_EndRedirect();

	xmlobjFlush = NULL;
}
예제 #2
0
qboolean SV_ExecuteRemoteCmd(int clientnum, const char *msg){
	char sv_outputbuf[SV_OUTPUTBUF_LENGTH];
	char cmd[30];
	char buffer[256];
	char *printPtr;
	int i = 0;
	int j = 0;
	int powercmd;
	int power;
	client_t *cl;

        if(!cmdSystemInitialized){
            SV_SendServerCommand(redirectClient, "e \"Error: Remote control system is not initialized\n\"");
            Com_Printf("Error: Remote control system is not initialized\n");
            return qfalse;
        }


	if(clientnum < 0 || clientnum > 63) return qfalse;
	cl = &svs.clients[clientnum];
	redirectClient = cl;

	while ( msg[i] != ' ' && msg[i] != '\0' && msg[i] != '\n' && i < 32 ){
		i++;
	}
	
	if(i > 29 || i < 3) return qfalse;

	Q_strncpyz(cmd,msg,i+1);


	//Prevent buffer overflow as well as prevent the execution of priveleged commands by using seperator characters
	Q_strncpyz(buffer,msg,256);
	Q_strchrrepl(buffer,';','\0');
	Q_strchrrepl(buffer,'\n','\0');
	Q_strchrrepl(buffer,'\r','\0');
	// start redirecting all print outputs to the packet

    power = SV_RemoteCmdGetClPower(cl);
    powercmd = Cmd_GetPower(cmd);
	
    if(!Q_stricmpn(cmd,"auth",4)){
       printPtr = cmd;
        
    }else{
	    printPtr = buffer;
    }

	if(powercmd == -1){
            SV_SendServerCommand(redirectClient, "e \"^5Command^2: %s\n^3Command execution failed - Invalid command invoked - Type ^2$cmdlist ^3to get a list of all available commands\"", printPtr);
            return qfalse;
	}
	if(powercmd > power){
            SV_SendServerCommand(redirectClient, "e \"^5Command^2: %s\n^3Command execution failed - Insufficient power to execute this command.\n^3You need at least ^6%i ^3powerpoints to invoke this command.\n^3Type ^2$cmdlist ^3to get a list of all available commands\"",
            printPtr, powercmd);
	    return qtrue;
	}
	Com_Printf( "Command execution: %s   Invoked by: %s   InvokerUID: %i Power: %i\n", printPtr, cl->name, cl->uid, power);

	Com_BeginRedirect(sv_outputbuf, SV_OUTPUTBUF_LENGTH, SV_ReliableSendRedirect);

	i = cmdInvoker.currentCmdPower;
	cmdInvoker.currentCmdPower = power;
	cmdInvoker.authserver = qfalse;

	j = cmdInvoker.currentCmdInvoker;
	cmdInvoker.currentCmdInvoker = cl->uid;

	cmdInvoker.clientnum = clientnum;

	Cmd_ExecuteSingleCommand( 0, 0, buffer );
#ifdef PUNKBUSTER
	if(!Q_stricmpn(buffer, "pb_sv_", 6)) PbServerForceProcess();
#endif
	SV_SendServerCommand(redirectClient, "e \"^5Command^2: %s\"", buffer);

	cmdInvoker.currentCmdPower = i;
	cmdInvoker.currentCmdInvoker = j;
	cmdInvoker.clientnum = -1;

	Com_EndRedirect();
	return qtrue;
}
예제 #3
0
qboolean SV_ExecuteRemoteCmd(int clientnum, const char *msg){
	char sv_outputbuf[SV_OUTPUTBUF_LENGTH];
	char cmd[30];
	char buffer[256];
	char *printPtr;
	int i = 0;
	int j = 0;
	int powercmd;
	int power;
	client_t *cl;
	qboolean critcmd;

	if(clientnum < 0 || clientnum > 63) return qfalse;
	cl = &svs.clients[clientnum];
	redirectClient = cl;

	while ( msg[i] != ' ' && msg[i] != '\0' && msg[i] != '\n' && i < 32 ){
		i++;
	}
	
	if(i > 29 || i < 3) return qfalse;

	Q_strncpyz(cmd,msg,i+1);


	if(!Q_stricmpn(cmd, "auth", 4)){
		if(!Q_stricmp(cmd, "authChangePassword"))
		{
			Q_strncpyz(cmd, "changePassword", sizeof(cmd));
		}
		else if(!Q_stricmp(cmd, "authSetAdmin"))
		{
			Q_strncpyz(cmd, "AdminAddAdminWithPassword", sizeof(cmd));
		}
		else if(!Q_stricmp(cmd, "authUnsetAdmin"))
		{
			Q_strncpyz(cmd, "AdminRemoveAdmin", sizeof(cmd));
		}
		else if(!Q_stricmp(cmd, "authListAdmins"))
		{
			Q_strncpyz(cmd, "adminListAdmins", sizeof(cmd));
		}
	}else if(!Q_stricmp(cmd, "cmdpowerlist")){
		Q_strncpyz(cmd, "AdminListCommands", sizeof(cmd));
	}else if(!Q_stricmp(cmd, "setCmdMinPower")){
		Q_strncpyz(cmd, "AdminChangeCommandPower", sizeof(cmd));
	}

	//Prevent buffer overflow as well as prevent the execution of priveleged commands by using seperator characters
	Q_strncpyz(buffer,msg,256);
	Q_strchrrepl(buffer,';','\0');
	Q_strchrrepl(buffer,'\n','\0');
	Q_strchrrepl(buffer,'\r','\0');
	// start redirecting all print outputs to the packet

	power = Auth_GetClPower(cl);
	powercmd = Cmd_GetPower(cmd);

    if(strstr(cmd, "password"))
    {
            printPtr = "hiddencmd";
            critcmd = qtrue;
    }else{
	    printPtr = buffer;
            critcmd = qfalse;
    }

	if(powercmd == -1){
            SV_SendServerCommand(redirectClient, "e \"^5Command^2: %s\n^3Command execution failed - Invalid command invoked - Type ^2$cmdlist ^3to get a list of all available commands\"", printPtr);
            return qfalse;
	}
	if(powercmd > power){
            SV_SendServerCommand(redirectClient, "e \"^5Command^2: %s\n^3Command execution failed - Insufficient power to execute this command.\n^3You need at least ^6%i ^3powerpoints to invoke this command.\n^3Type ^2$cmdlist ^3to get a list of all available commands\"",
            printPtr, powercmd);
	    return qtrue;
	}
	Com_Printf( "Command execution: %s   Invoked by: %s   InvokerUID: %i Power: %i\n", printPtr, cl->name, cl->uid, power);

	Com_BeginRedirect(sv_outputbuf, SV_OUTPUTBUF_LENGTH, SV_ReliableSendRedirect);

	i = Cmd_GetInvokerUID();
	j = Cmd_GetInvokerPower();

	Cmd_SetCurrentInvokerInfo(cl->uid, power, clientnum);
	
	Cmd_ExecuteSingleCommand( 0, 0, buffer );
#ifdef PUNKBUSTER
	if(!Q_stricmpn(buffer, "pb_sv_", 6)) PbServerForceProcess();
#endif

	if(!critcmd)
	{
		SV_SendServerCommand(redirectClient, "e \"^5Command^2: %s\"", buffer);
	}
	Cmd_SetCurrentInvokerInfo(i, j, -1);

	Com_EndRedirect();
	return qtrue;
}