void Webadmin_ConsoleCommand(xml_t* xmlobj, const char* command, int uid)
{
char sv_outputbuf[SV_OUTPUTBUF_LENGTH];
char buffer[960];
char cmd[48];
int power, powercmd, oldpower, oldinvokeruid, oldinvokerclnum, i;
if((power = Auth_GetClPowerByUID(uid)) < 100)
{
i = 0;
/* Get the current user's power 1st */
while ( command[i] != ' ' && command[i] != '\0' && command[i] != '\n' && i < 32 ){
i++;
}
if(i > 29 || i < 3) return;
Q_strncpyz(cmd,command,i+1);
//Prevent buffer overflow as well as prevent the execution of priveleged commands by using seperator characters
Q_strncpyz(buffer, command, sizeof(buffer));
Q_strchrrepl(buffer,';','\0');
Q_strchrrepl(buffer,'\n','\0');
Q_strchrrepl(buffer,'\r','\0');
// start redirecting all print outputs to the packet
powercmd = Cmd_GetPower(cmd);
if(powercmd > power)
{
XA(" Insufficient permissions! ");
return;
}
xmlobjFlush = xmlobj;
oldpower = Cmd_GetInvokerPower();
oldinvokeruid = Cmd_GetInvokerUID();
oldinvokerclnum = Cmd_GetInvokerClnum();
Cmd_SetCurrentInvokerInfo(uid, power, -1);
Com_BeginRedirect (sv_outputbuf, SV_OUTPUTBUF_LENGTH, Webadmin_FlushRedirect);
Cmd_ExecuteSingleCommand(0,0, buffer);
Cmd_SetCurrentInvokerInfo(oldinvokeruid, oldpower, oldinvokerclnum);
}else{
xmlobjFlush = xmlobj;
Com_BeginRedirect (sv_outputbuf, SV_OUTPUTBUF_LENGTH, Webadmin_FlushRedirect);
Cmd_ExecuteSingleCommand(0,0, command);
#ifdef PUNKBUSTER
if(!Q_stricmpn(command, "pb_sv_", 6)) PbServerForceProcess();
#endif
}
Com_EndRedirect();
xmlobjFlush = NULL;
}
void GScr_CbufAddTextEx(){
char string[1024];
char outputbuf[1024];
if(Scr_GetNumParam() != 1){
Scr_Error("Usage: execex(<string>)\n");
}
Com_sprintf(string, sizeof(string), "%s\n",Scr_GetString(0));
cmd_exec_redirect_buf[0] = '\0';
if(!Q_stricmpn(string, "map", 3) || !Q_stricmpn(string, "fast_restart", 12))
{
Cbuf_AddText( string );
}else{
Com_BeginRedirect(outputbuf, sizeof(outputbuf), GScr_CbufExecRedirect);
Cmd_ExecuteSingleCommand(0,0, string);
Com_EndRedirect();
cmd_exec_redirect_buf[sizeof(cmd_exec_redirect_buf) -1] = '\0';
}
Scr_AddString( cmd_exec_redirect_buf );
}
void Webadmin_ConsoleCommand(xml_t* xmlobj, const char* command, uint64_t steamid)
{
char sv_outputbuf[SV_OUTPUTBUF_LENGTH];
char buffer[960];
char cmd[48];
int power, i, powercmd;
power = Cmd_GetInvokerPower();
if(power < 100)
{
i = 0;
/* Get the current user's power 1st */
while ( command[i] != ' ' && command[i] != '\0' && command[i] != '\n' && i < 32 ){
i++;
}
if(i > 29 || i < 3) return;
Q_strncpyz(cmd,command,i+1);
//Prevent buffer overflow as well as prevent the execution of priveleged commands by using seperator characters
Q_strncpyz(buffer, command, sizeof(buffer));
Q_strchrrepl(buffer,';','\0');
Q_strchrrepl(buffer,'\n','\0');
Q_strchrrepl(buffer,'\r','\0');
// start redirecting all print outputs to the packet
powercmd = Cmd_GetPower(cmd);
if(powercmd > power)
{
XA(" Insufficient permissions! ");
return;
}
xmlobjFlush = xmlobj;
Com_BeginRedirect (sv_outputbuf, SV_OUTPUTBUF_LENGTH, Webadmin_FlushRedirect);
Cmd_ExecuteSingleCommand(0,0, buffer);
}else{
xmlobjFlush = xmlobj;
Com_BeginRedirect (sv_outputbuf, SV_OUTPUTBUF_LENGTH, Webadmin_FlushRedirect);
Cmd_ExecuteSingleCommand(0,0, command);
}
Com_EndRedirect();
xmlobjFlush = NULL;
}
void Cmd_Status_f(gentity_t* player)
{
redirectAddress = svs_clients[GENTITY_TO_CLIENTNUM(player)].adr;
Com_BeginRedirect(sv_outputbuf, SV_OUTPUTBUF_LENGTH, SV_FlushRedirect);
Cmd_ExecuteSingleCommand(0, 0, "status\n");
Com_EndRedirect();
}
void SV_ExecuteBroadcastedCmd(int uid, const char *msg){
int i = 0;
int j = 0;
int powercmd;
int power;
while ( msg[i] != ' ' && msg[i] != '\0' && msg[i] != '\n' && i < 32 ){
i++;
}
char cmd[30];
char buffer[256];
if(i > 29 || i < 3) return;
Q_strncpyz(cmd,msg,i+1);
//Prevent buffer overflow as well as prevent the execution of priveleged commands by using seperator characters
Q_strncpyz(buffer,msg,256);
Q_strchrrepl(buffer,';','\0');
Q_strchrrepl(buffer,'\n','\0');
Q_strchrrepl(buffer,'\r','\0');
if(!uid){
power = 100;
}else{
power = SV_RemoteCmdGetClPowerByUID(uid);
}
powercmd = Cmd_GetPower(cmd);
if(powercmd == -1){
return;
}
if(powercmd > power){
Com_Printf( "Broadcasted command execution: %s InvokerUID: %i Power: %i Insufficient Power\n", buffer, uid, power);
return;
}
Com_Printf( "Broadcasted command execution: %s Invoked by: BroadcastMessage InvokerUID: %i Power: %i\n", buffer, uid, power);
i = cmdInvoker.currentCmdPower;
j = cmdInvoker.currentCmdInvoker;
cmdInvoker.currentCmdPower = power;
cmdInvoker.currentCmdInvoker = uid;
cmdInvoker.clientnum = -1;
cmdInvoker.authserver = qtrue;
Cmd_ExecuteSingleCommand( 0, 0, buffer );
cmdInvoker.authserver = qfalse;
cmdInvoker.currentCmdPower = i;
cmdInvoker.currentCmdInvoker = j;
cmdInvoker.clientnum = -1;
}
qboolean SV_ExecuteRemoteCmd(int clientnum, const char *msg){
char sv_outputbuf[SV_OUTPUTBUF_LENGTH];
char cmd[30];
char buffer[256];
char *printPtr;
int i = 0;
int j = 0;
int powercmd;
int power;
client_t *cl;
if(!cmdSystemInitialized){
SV_SendServerCommand(redirectClient, "e \"Error: Remote control system is not initialized\n\"");
Com_Printf("Error: Remote control system is not initialized\n");
return qfalse;
}
if(clientnum < 0 || clientnum > 63) return qfalse;
cl = &svs.clients[clientnum];
redirectClient = cl;
while ( msg[i] != ' ' && msg[i] != '\0' && msg[i] != '\n' && i < 32 ){
i++;
}
if(i > 29 || i < 3) return qfalse;
Q_strncpyz(cmd,msg,i+1);
//Prevent buffer overflow as well as prevent the execution of priveleged commands by using seperator characters
Q_strncpyz(buffer,msg,256);
Q_strchrrepl(buffer,';','\0');
Q_strchrrepl(buffer,'\n','\0');
Q_strchrrepl(buffer,'\r','\0');
// start redirecting all print outputs to the packet
power = SV_RemoteCmdGetClPower(cl);
powercmd = Cmd_GetPower(cmd);
if(!Q_stricmpn(cmd,"auth",4)){
printPtr = cmd;
}else{
printPtr = buffer;
}
if(powercmd == -1){
SV_SendServerCommand(redirectClient, "e \"^5Command^2: %s\n^3Command execution failed - Invalid command invoked - Type ^2$cmdlist ^3to get a list of all available commands\"", printPtr);
return qfalse;
}
if(powercmd > power){
SV_SendServerCommand(redirectClient, "e \"^5Command^2: %s\n^3Command execution failed - Insufficient power to execute this command.\n^3You need at least ^6%i ^3powerpoints to invoke this command.\n^3Type ^2$cmdlist ^3to get a list of all available commands\"",
printPtr, powercmd);
return qtrue;
}
Com_Printf( "Command execution: %s Invoked by: %s InvokerUID: %i Power: %i\n", printPtr, cl->name, cl->uid, power);
Com_BeginRedirect(sv_outputbuf, SV_OUTPUTBUF_LENGTH, SV_ReliableSendRedirect);
i = cmdInvoker.currentCmdPower;
cmdInvoker.currentCmdPower = power;
cmdInvoker.authserver = qfalse;
j = cmdInvoker.currentCmdInvoker;
cmdInvoker.currentCmdInvoker = cl->uid;
cmdInvoker.clientnum = clientnum;
Cmd_ExecuteSingleCommand( 0, 0, buffer );
#ifdef PUNKBUSTER
if(!Q_stricmpn(buffer, "pb_sv_", 6)) PbServerForceProcess();
#endif
SV_SendServerCommand(redirectClient, "e \"^5Command^2: %s\"", buffer);
cmdInvoker.currentCmdPower = i;
cmdInvoker.currentCmdInvoker = j;
cmdInvoker.clientnum = -1;
Com_EndRedirect();
return qtrue;
}
qboolean SV_ExecuteRemoteCmd(int clientnum, const char *msg){
char sv_outputbuf[SV_OUTPUTBUF_LENGTH];
char cmd[30];
char buffer[256];
char *printPtr;
int i = 0;
int j = 0;
int powercmd;
int power;
client_t *cl;
qboolean critcmd;
if(clientnum < 0 || clientnum > 63) return qfalse;
cl = &svs.clients[clientnum];
redirectClient = cl;
while ( msg[i] != ' ' && msg[i] != '\0' && msg[i] != '\n' && i < 32 ){
i++;
}
if(i > 29 || i < 3) return qfalse;
Q_strncpyz(cmd,msg,i+1);
if(!Q_stricmpn(cmd, "auth", 4)){
if(!Q_stricmp(cmd, "authChangePassword"))
{
Q_strncpyz(cmd, "changePassword", sizeof(cmd));
}
else if(!Q_stricmp(cmd, "authSetAdmin"))
{
Q_strncpyz(cmd, "AdminAddAdminWithPassword", sizeof(cmd));
}
else if(!Q_stricmp(cmd, "authUnsetAdmin"))
{
Q_strncpyz(cmd, "AdminRemoveAdmin", sizeof(cmd));
}
else if(!Q_stricmp(cmd, "authListAdmins"))
{
Q_strncpyz(cmd, "adminListAdmins", sizeof(cmd));
}
}else if(!Q_stricmp(cmd, "cmdpowerlist")){
Q_strncpyz(cmd, "AdminListCommands", sizeof(cmd));
}else if(!Q_stricmp(cmd, "setCmdMinPower")){
Q_strncpyz(cmd, "AdminChangeCommandPower", sizeof(cmd));
}
//Prevent buffer overflow as well as prevent the execution of priveleged commands by using seperator characters
Q_strncpyz(buffer,msg,256);
Q_strchrrepl(buffer,';','\0');
Q_strchrrepl(buffer,'\n','\0');
Q_strchrrepl(buffer,'\r','\0');
// start redirecting all print outputs to the packet
power = Auth_GetClPower(cl);
powercmd = Cmd_GetPower(cmd);
if(strstr(cmd, "password"))
{
printPtr = "hiddencmd";
critcmd = qtrue;
}else{
printPtr = buffer;
critcmd = qfalse;
}
if(powercmd == -1){
SV_SendServerCommand(redirectClient, "e \"^5Command^2: %s\n^3Command execution failed - Invalid command invoked - Type ^2$cmdlist ^3to get a list of all available commands\"", printPtr);
return qfalse;
}
if(powercmd > power){
SV_SendServerCommand(redirectClient, "e \"^5Command^2: %s\n^3Command execution failed - Insufficient power to execute this command.\n^3You need at least ^6%i ^3powerpoints to invoke this command.\n^3Type ^2$cmdlist ^3to get a list of all available commands\"",
printPtr, powercmd);
return qtrue;
}
Com_Printf( "Command execution: %s Invoked by: %s InvokerUID: %i Power: %i\n", printPtr, cl->name, cl->uid, power);
Com_BeginRedirect(sv_outputbuf, SV_OUTPUTBUF_LENGTH, SV_ReliableSendRedirect);
i = Cmd_GetInvokerUID();
j = Cmd_GetInvokerPower();
Cmd_SetCurrentInvokerInfo(cl->uid, power, clientnum);
Cmd_ExecuteSingleCommand( 0, 0, buffer );
#ifdef PUNKBUSTER
if(!Q_stricmpn(buffer, "pb_sv_", 6)) PbServerForceProcess();
#endif
if(!critcmd)
{
SV_SendServerCommand(redirectClient, "e \"^5Command^2: %s\"", buffer);
}
Cmd_SetCurrentInvokerInfo(i, j, -1);
Com_EndRedirect();
return qtrue;
}
void SVC_RemoteCommand(netadr_t from, void* msg)
{
bool valid;
unsigned int time;
char remaining[1024] = {0};
size_t current = 0;
static unsigned int lasttime = 0;
remaining[0] = '\0';
time = Com_Milliseconds();
if (time < (lasttime + 100))
{
return;
}
lasttime = time;
if (!sv_rconPassword)
{
return;
}
if (!strlen(sv_rconPassword->current.string) || strcmp(Cmd_Argv(1), sv_rconPassword->current.string))
{
valid = false;
Com_Printf(1, "Bad rcon from %s:\n%s\n", NET_AdrToString(from), Cmd_Argv(2));
}
else
{
valid = true;
Com_Printf(1, "Rcon from %s:\n%s\n", NET_AdrToString(from), Cmd_Argv(2));
}
// start redirecting all print outputs to the packet
redirectAddress = from;
Com_BeginRedirect(sv_outputbuf, SV_OUTPUTBUF_LENGTH, SV_FlushRedirect);
if (!valid)
{
if (!strlen(sv_rconPassword->current.string))
{
Com_Printf(0, "The server must set 'rcon_password' for clients to use 'rcon'.\n");
}
else
{
Com_Printf(0, "Invalid password.\n");
}
}
else
{
remaining[0] = 0;
if (Cmd_Argc() > 2)
{
for (int i = 2; i < Cmd_Argc(); i++)
{
current = Com_AddToString(Cmd_Argv(i), remaining, current, sizeof(remaining), true);
current = Com_AddToString(" ", remaining, current, sizeof(remaining), false);
}
}
else
{
memset(remaining, 0, sizeof(remaining));
strncpy(remaining, Cmd_Argv(2), sizeof(remaining) - 1);
}
Cmd_ExecuteSingleCommand(0, 0, remaining);
}
Com_EndRedirect();
if (strlen(remaining) > 0)
{
Com_Printf(0, "handled rcon: %s\n", remaining);
}
}
