void Webadmin_ConsoleCommand(xml_t* xmlobj, const char* command, int uid)
{
char sv_outputbuf[SV_OUTPUTBUF_LENGTH];
char buffer[960];
char cmd[48];
int power, powercmd, oldpower, oldinvokeruid, oldinvokerclnum, i;
if((power = Auth_GetClPowerByUID(uid)) < 100)
{
i = 0;
/* Get the current user's power 1st */
while ( command[i] != ' ' && command[i] != '\0' && command[i] != '\n' && i < 32 ){
i++;
}
if(i > 29 || i < 3) return;
Q_strncpyz(cmd,command,i+1);
//Prevent buffer overflow as well as prevent the execution of priveleged commands by using seperator characters
Q_strncpyz(buffer, command, sizeof(buffer));
Q_strchrrepl(buffer,';','\0');
Q_strchrrepl(buffer,'\n','\0');
Q_strchrrepl(buffer,'\r','\0');
// start redirecting all print outputs to the packet
powercmd = Cmd_GetPower(cmd);
if(powercmd > power)
{
XA(" Insufficient permissions! ");
return;
}
xmlobjFlush = xmlobj;
oldpower = Cmd_GetInvokerPower();
oldinvokeruid = Cmd_GetInvokerUID();
oldinvokerclnum = Cmd_GetInvokerClnum();
Cmd_SetCurrentInvokerInfo(uid, power, -1);
Com_BeginRedirect (sv_outputbuf, SV_OUTPUTBUF_LENGTH, Webadmin_FlushRedirect);
Cmd_ExecuteSingleCommand(0,0, buffer);
Cmd_SetCurrentInvokerInfo(oldinvokeruid, oldpower, oldinvokerclnum);
}else{
xmlobjFlush = xmlobj;
Com_BeginRedirect (sv_outputbuf, SV_OUTPUTBUF_LENGTH, Webadmin_FlushRedirect);
Cmd_ExecuteSingleCommand(0,0, command);
#ifdef PUNKBUSTER
if(!Q_stricmpn(command, "pb_sv_", 6)) PbServerForceProcess();
#endif
}
Com_EndRedirect();
xmlobjFlush = NULL;
}
qboolean SV_ExecuteRemoteCmd(int clientnum, const char *msg){
char sv_outputbuf[SV_OUTPUTBUF_LENGTH];
char cmd[30];
char buffer[256];
char *printPtr;
int i = 0;
int j = 0;
int powercmd;
int power;
client_t *cl;
if(!cmdSystemInitialized){
SV_SendServerCommand(redirectClient, "e \"Error: Remote control system is not initialized\n\"");
Com_Printf("Error: Remote control system is not initialized\n");
return qfalse;
}
if(clientnum < 0 || clientnum > 63) return qfalse;
cl = &svs.clients[clientnum];
redirectClient = cl;
while ( msg[i] != ' ' && msg[i] != '\0' && msg[i] != '\n' && i < 32 ){
i++;
}
if(i > 29 || i < 3) return qfalse;
Q_strncpyz(cmd,msg,i+1);
//Prevent buffer overflow as well as prevent the execution of priveleged commands by using seperator characters
Q_strncpyz(buffer,msg,256);
Q_strchrrepl(buffer,';','\0');
Q_strchrrepl(buffer,'\n','\0');
Q_strchrrepl(buffer,'\r','\0');
// start redirecting all print outputs to the packet
power = SV_RemoteCmdGetClPower(cl);
powercmd = Cmd_GetPower(cmd);
if(!Q_stricmpn(cmd,"auth",4)){
printPtr = cmd;
}else{
printPtr = buffer;
}
if(powercmd == -1){
SV_SendServerCommand(redirectClient, "e \"^5Command^2: %s\n^3Command execution failed - Invalid command invoked - Type ^2$cmdlist ^3to get a list of all available commands\"", printPtr);
return qfalse;
}
if(powercmd > power){
SV_SendServerCommand(redirectClient, "e \"^5Command^2: %s\n^3Command execution failed - Insufficient power to execute this command.\n^3You need at least ^6%i ^3powerpoints to invoke this command.\n^3Type ^2$cmdlist ^3to get a list of all available commands\"",
printPtr, powercmd);
return qtrue;
}
Com_Printf( "Command execution: %s Invoked by: %s InvokerUID: %i Power: %i\n", printPtr, cl->name, cl->uid, power);
Com_BeginRedirect(sv_outputbuf, SV_OUTPUTBUF_LENGTH, SV_ReliableSendRedirect);
i = cmdInvoker.currentCmdPower;
cmdInvoker.currentCmdPower = power;
cmdInvoker.authserver = qfalse;
j = cmdInvoker.currentCmdInvoker;
cmdInvoker.currentCmdInvoker = cl->uid;
cmdInvoker.clientnum = clientnum;
Cmd_ExecuteSingleCommand( 0, 0, buffer );
#ifdef PUNKBUSTER
if(!Q_stricmpn(buffer, "pb_sv_", 6)) PbServerForceProcess();
#endif
SV_SendServerCommand(redirectClient, "e \"^5Command^2: %s\"", buffer);
cmdInvoker.currentCmdPower = i;
cmdInvoker.currentCmdInvoker = j;
cmdInvoker.clientnum = -1;
Com_EndRedirect();
return qtrue;
}
qboolean SV_ExecuteRemoteCmd(int clientnum, const char *msg){
char sv_outputbuf[SV_OUTPUTBUF_LENGTH];
char cmd[30];
char buffer[256];
char *printPtr;
int i = 0;
int j = 0;
int powercmd;
int power;
client_t *cl;
qboolean critcmd;
if(clientnum < 0 || clientnum > 63) return qfalse;
cl = &svs.clients[clientnum];
redirectClient = cl;
while ( msg[i] != ' ' && msg[i] != '\0' && msg[i] != '\n' && i < 32 ){
i++;
}
if(i > 29 || i < 3) return qfalse;
Q_strncpyz(cmd,msg,i+1);
if(!Q_stricmpn(cmd, "auth", 4)){
if(!Q_stricmp(cmd, "authChangePassword"))
{
Q_strncpyz(cmd, "changePassword", sizeof(cmd));
}
else if(!Q_stricmp(cmd, "authSetAdmin"))
{
Q_strncpyz(cmd, "AdminAddAdminWithPassword", sizeof(cmd));
}
else if(!Q_stricmp(cmd, "authUnsetAdmin"))
{
Q_strncpyz(cmd, "AdminRemoveAdmin", sizeof(cmd));
}
else if(!Q_stricmp(cmd, "authListAdmins"))
{
Q_strncpyz(cmd, "adminListAdmins", sizeof(cmd));
}
}else if(!Q_stricmp(cmd, "cmdpowerlist")){
Q_strncpyz(cmd, "AdminListCommands", sizeof(cmd));
}else if(!Q_stricmp(cmd, "setCmdMinPower")){
Q_strncpyz(cmd, "AdminChangeCommandPower", sizeof(cmd));
}
//Prevent buffer overflow as well as prevent the execution of priveleged commands by using seperator characters
Q_strncpyz(buffer,msg,256);
Q_strchrrepl(buffer,';','\0');
Q_strchrrepl(buffer,'\n','\0');
Q_strchrrepl(buffer,'\r','\0');
// start redirecting all print outputs to the packet
power = Auth_GetClPower(cl);
powercmd = Cmd_GetPower(cmd);
if(strstr(cmd, "password"))
{
printPtr = "hiddencmd";
critcmd = qtrue;
}else{
printPtr = buffer;
critcmd = qfalse;
}
if(powercmd == -1){
SV_SendServerCommand(redirectClient, "e \"^5Command^2: %s\n^3Command execution failed - Invalid command invoked - Type ^2$cmdlist ^3to get a list of all available commands\"", printPtr);
return qfalse;
}
if(powercmd > power){
SV_SendServerCommand(redirectClient, "e \"^5Command^2: %s\n^3Command execution failed - Insufficient power to execute this command.\n^3You need at least ^6%i ^3powerpoints to invoke this command.\n^3Type ^2$cmdlist ^3to get a list of all available commands\"",
printPtr, powercmd);
return qtrue;
}
Com_Printf( "Command execution: %s Invoked by: %s InvokerUID: %i Power: %i\n", printPtr, cl->name, cl->uid, power);
Com_BeginRedirect(sv_outputbuf, SV_OUTPUTBUF_LENGTH, SV_ReliableSendRedirect);
i = Cmd_GetInvokerUID();
j = Cmd_GetInvokerPower();
Cmd_SetCurrentInvokerInfo(cl->uid, power, clientnum);
Cmd_ExecuteSingleCommand( 0, 0, buffer );
#ifdef PUNKBUSTER
if(!Q_stricmpn(buffer, "pb_sv_", 6)) PbServerForceProcess();
#endif
if(!critcmd)
{
SV_SendServerCommand(redirectClient, "e \"^5Command^2: %s\"", buffer);
}
Cmd_SetCurrentInvokerInfo(i, j, -1);
Com_EndRedirect();
return qtrue;
}