Commit 61e87ff8 authored by Thimo Kraemer's avatar Thimo Kraemer
Browse files

Update bbexplorer.cgi

parent c2b83f51
......@@ -59,15 +59,15 @@ import cgi, cgitb
import os, sys
import subprocess
import re
import md5
from hashlib import md5
import datetime
import tarfile
import tempfile
# Globals
script_path = os.path.realpath(sys.argv[0])
script_user = os.stat(script_path)[4]
path_temp = os.path.join(tempfile.gettempdir(), 'boxbackup')
SCRIPT_PATH = os.path.realpath(sys.argv[0])
PATH_TEMP = os.path.join(tempfile.gettempdir(), 'boxbackup')
class Templite(object):
......@@ -472,7 +472,7 @@ ${:endif}$
title="joonis new media" /></a>
<a href=""
target="_blank">Box Backup Explorer 0.2.3</a>
target="_blank">Box Backup Explorer 0.2.4</a>
......@@ -483,9 +483,9 @@ ${:endif}$
self.message = {'info': [], 'error': []}
def __sudo(self, *args):
'''Execute a method of class SudoAccess via sudo'''
"""Execute a method of class SudoAccess via sudo"""
proc = subprocess.Popen(
[path_sudo, script_path] + list(args),
[PATH_SUDO, SCRIPT_PATH] + list(args),
......@@ -501,10 +501,10 @@ ${:endif}$
# Some security checks
remote_user = os.environ.get('REMOTE_USER')
remote_addr = os.environ.get('REMOTE_ADDR')
if script_user != os.geteuid() \
or (auth_hosts and remote_addr not in auth_hosts) \
or (auth_users and remote_user not in auth_users) \
or not (auth_users or remote_user):
if SCRIPT_USER != os.geteuid() \
or (AUTH_HOSTS and remote_addr not in AUTH_HOSTS) \
or (AUTH_USERS and remote_user not in AUTH_USERS) \
or not (AUTH_USERS or remote_user):
return '''Status: 403 Forbidden\nContent-Type: text/html; charset=utf-8\n
......@@ -522,7 +522,7 @@ ${:endif}$
info = self.message['info']
error = self.message['error']
if None in auth_users:
if None in AUTH_USERS:
info.append('<b>Warning:</b> Anonymous users not blocked!')
# Process extraction
......@@ -536,9 +536,9 @@ ${:endif}$
# Prepare target folder
if download:
target = path_temp
target = PATH_TEMP
target = form.getfirst('target', path_temp)
target = form.getfirst('target', PATH_TEMP)
target = os.path.normpath(target)
if not target.startswith('/'):
error.append('Target directory must be an absolute path')
......@@ -566,7 +566,7 @@ ${:endif}$
status = -1
if not status:
result = self.__sudo('extract', isfile, deleted, dir, object_id, dst_path)
if result.count('fetched sucessfully') or result.count('Restore complete'):
if result in ('', '...') or result.count('fetched sucessfully') or result.count('Restore complete'):
info.append("%s '%s' successfully extracted to '%s'" % (src_type[int(isfile)], name, target))
status = 1
......@@ -575,7 +575,7 @@ ${:endif}$
if restore:
extracted[object_id] = status
if int(isold):
extracted[md5.md5(name).hexdigest()] = status
extracted[md5(name).hexdigest()] = status
# Create tar archive
if download and not error:
tar_path = self.__sudo('pack', target)
......@@ -589,8 +589,8 @@ ${:endif}$
if tar_path and os.path.exists(tar_path):
self.__sudo('removedir', target)
self.__sudo('remove', tar_path)
self.__sudo('remove', target)
if not error:
return '\n'.join(retval)
......@@ -611,14 +611,14 @@ ${:endif}$
'id': cols[0],
'name': cols[4],
'modified': modified,
'size': int(cols[3]) * blocksize,
'size': int(cols[3]) * BLOCKSIZE,
'file': ('f' in cols[1]),
'directory': ('d' in cols[1]),
'deleted': ('X' in cols[1]),
'old': ('o' in cols[1]),
'remove': ('R' in cols[1]),
'attributes': ('a' in cols[1]),
'md5': md5.md5(cols[4]).hexdigest(),
'md5': md5(cols[4]).hexdigest(),
'new': (now - modified).days == 0,
# Group objects by name
......@@ -660,8 +660,8 @@ ${:endif}$
return self.template.render({
'request_uri': os.environ['REQUEST_URI'],
'script_name': os.environ['SCRIPT_NAME'],
'path_images': path_images,
'path_temp': path_temp,
'path_images': PATH_IMAGES,
'path_temp': PATH_TEMP,
'dir': dir,
'message': self.message,
'content': content,
......@@ -674,16 +674,16 @@ class SudoAccess(object):
"""These methods are executed with root privileges"""
def __init__(self):
if script_user != int(os.environ.get('SUDO_UID', -1)):
if SCRIPT_USER != int(os.environ.get('SUDO_UID', -1)):
raise Exception('Executing user does not match script owner')
def __bbquery(self, *args):
'''Send a query to storage server'''
return[path_bbquery, '-q'] + list(args) + ['quit'])
"""Send a query to storage server"""
return[PATH_BBQUERY, '-q'] + list(args) + ['quit'])
def _check_dir(self, dir):
if not dir.startswith(path_temp):
raise Exception('Path (%s) does not match temp path (%s)!' % (dir, path_temp))
if not dir.startswith(PATH_TEMP):
raise Exception('Path (%s) does not match temp path (%s)!' % (dir, PATH_TEMP))
def list(self, dir):
return self.__bbquery('list -dots "%s"' % dir)
......@@ -704,14 +704,17 @@ class SudoAccess(object):
return 0
def removedir(self, dir):
for root, dirs, files in os.walk(dir, topdown=False):
def remove(self, path):
if os.path.isfile(path):
return 0
for root, dirs, files in os.walk(path, topdown=False):
for name in files:
os.remove(os.path.join(root, name))
for name in dirs:
os.rmdir(os.path.join(root, name))
return 0
def rename(self, path):
......@@ -725,14 +728,14 @@ class SudoAccess(object):
print dst
return 0
def pack(self, dir):
file = dir + '.tar.gz'
def pack(self, path):
file = path + '.tar.gz'
tar =, 'w:gz')
print file
tar.add(dir, os.path.split(dir)[1])
tar.add(path, os.path.split(path)[1])
os.chown(file, script_user, script_user)
os.chown(file, SCRIPT_USER, SCRIPT_USER)
return 0
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment