close
Warning:
Failed to sync with repository "ogBrowser-Git": (1366, "Incorrect string value: '\\xF0\\x9F\\x93\\xA6 I...' for column 'message' at row 1"); repository information may be out of date. Look in the Trac log for more information including mitigation strategies.
918-git-images-111dconfigure-oglivegit-imageslgromero-new-oglivemainmaint-cronmount-efivarfsmultivmmultivm-ogboot-installerogClonningEngineogboot-installer-jenkinsoglive-ipv6test-python-scriptsticket-301ticket-50ticket-50-oldticket-577ticket-585ticket-611ticket-612ticket-693ticket-700ubu24tplunification2use-local-agent-oglivevarios-instalacion
|
Last change
on this file since b0c7586 was
18eb8d6,
checked in by Ramón M. Gómez <ramongomez@…>, 6 years ago
|
|
#958: Avoid SQL injection in addtodhcp and listclientlive.
|
-
Property mode set to
100755
|
|
File size:
1.3 KB
|
| Line | |
|---|
| 1 | #!/bin/bash |
|---|
| 2 | #/** |
|---|
| 3 | #@file listclientlive |
|---|
| 4 | #@brief Lista la distribución ogLive asociada a los clientes, ya sea un equipo o un aula. |
|---|
| 5 | #@usage listclientlive Ambito |
|---|
| 6 | #@param Ambito nombre de ordenador o nombre de aula |
|---|
| 7 | #@version 1.1.0 - Versión inicial basada en el script "listclientmode" |
|---|
| 8 | #@author Ramón M. Gómez, ETSII Universidad de Sevilla |
|---|
| 9 | #@date 2017-06-01 |
|---|
| 10 | #**/ |
|---|
| 11 | |
|---|
| 12 | |
|---|
| 13 | # Variables. |
|---|
| 14 | OPENGNSYS=${OPENGNSYS:-"/opt/opengnsys"} |
|---|
| 15 | SERVERCONF=$OPENGNSYS/etc/ogAdmServer.cfg |
|---|
| 16 | TFTPDIR=$OPENGNSYS/tftpboot |
|---|
| 17 | |
|---|
| 18 | source $OPENGNSYS/lib/ogfunctions.sh || exit 1 |
|---|
| 19 | |
|---|
| 20 | # Control básico de errores. |
|---|
| 21 | [ "$*" == "help" ] && help |
|---|
| 22 | [ "$*" == "version" ] && version |
|---|
| 23 | [ $# -eq 1 ] || raiseError usage |
|---|
| 24 | [ "$USER" != "root" ] && raiseError access "Need to be root" |
|---|
| 25 | source $SERVERCONF 2>/dev/null || raiseError access "Sin acceso a fichero de configuración" |
|---|
| 26 | |
|---|
| 27 | # Sustituir caracteres ' por \' para evitar inyección SQL. |
|---|
| 28 | RESOURCE="${1//\'/\\\'}" |
|---|
| 29 | # Obtener nombre de ordenador individual o todos los de una aula e indicar su plantilla asociada. |
|---|
| 30 | dbexec "SELECT CONCAT_WS('', 'Equipo \"', ord.nombreordenador, '\" asociado a cliente \"', |
|---|
| 31 | ord.oglivedir, '\" $([ -e $TFTPDIR/$OGLIVE ] || echo "(inexistente)")') |
|---|
| 32 | FROM ordenadores AS ord |
|---|
| 33 | JOIN aulas USING (idaula) |
|---|
| 34 | WHERE aulas.nombreaula='$RESOURCE' |
|---|
| 35 | OR ord.nombreordenador='$RESOURCE';" |
|---|
| 36 | |
|---|
Note: See
TracBrowser
for help on using the repository browser.
