Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Open sidebar
Thimo Kraemer
boxbackup-explorer
Commits
61e87ff8
Commit
61e87ff8
authored
Nov 26, 2017
by
Thimo Kraemer
Browse files
Update bbexplorer.cgi
parent
c2b83f51
Changes
1
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
39 additions
and
36 deletions
+39
-36
bbexplorer.cgi
bbexplorer.cgi
+39
-36
No files found.
bbexplorer.cgi
View file @
61e87ff8
...
...
@@ -59,15 +59,15 @@ import cgi, cgitb
import os, sys
import subprocess
import re
import md5
from hashlib
import md5
import datetime
import tarfile
import tempfile
# Globals
script_path
= os.path.realpath(sys.argv[0])
script_user = os.stat(script_path
)[4]
path_temp
= os.path.join(tempfile.gettempdir(), 'boxbackup')
SCRIPT_PATH
= os.path.realpath(sys.argv[0])
SCRIPT_USER = os.stat(SCRIPT_PATH
)[4]
PATH_TEMP
= os.path.join(tempfile.gettempdir(), 'boxbackup')
class Templite(object):
...
...
@@ -472,7 +472,7 @@ ${:endif}$
src=
"http://www.joonis.de/common/images/joonis_button.gif"
title=
"joonis new media"
/></a>
<a
href=
"http://www.joonis.de/boxbackup-explorer"
target=
"_blank"
>
Box Backup Explorer 0.2.
3
</a>
target=
"_blank"
>
Box Backup Explorer 0.2.
4
</a>
</div>
</body>
</html>
...
...
@@ -483,9 +483,9 @@ ${:endif}$
self.message = {'info': [], 'error': []}
def __sudo(self, *args):
'''
Execute a method of class SudoAccess via sudo
'''
"""
Execute a method of class SudoAccess via sudo
"""
proc = subprocess.Popen(
[
path_sudo, script_path
] + list(args),
[
PATH_SUDO, SCRIPT_PATH
] + list(args),
stdout=subprocess.PIPE,
stderr=subprocess.PIPE,
)
...
...
@@ -501,10 +501,10 @@ ${:endif}$
# Some security checks
remote_user = os.environ.get('REMOTE_USER')
remote_addr = os.environ.get('REMOTE_ADDR')
if
script_user
!= os.geteuid() \
or (
auth_hosts
and remote_addr not in
auth_hosts
) \
or (
auth_users
and remote_user not in
auth_users
) \
or not (
auth_users
or remote_user):
if
SCRIPT_USER
!= os.geteuid() \
or (
AUTH_HOSTS
and remote_addr not in
AUTH_HOSTS
) \
or (
AUTH_USERS
and remote_user not in
AUTH_USERS
) \
or not (
AUTH_USERS
or remote_user):
return '''Status: 403 Forbidden\nContent-Type: text/html; charset=utf-8\n
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html>
...
...
@@ -522,7 +522,7 @@ ${:endif}$
info = self.message['info']
error = self.message['error']
if None in
auth_users
:
if None in
AUTH_USERS
:
info.append('
<b>
Warning:
</b>
Anonymous users not blocked!')
# Process extraction
...
...
@@ -536,9 +536,9 @@ ${:endif}$
else:
# Prepare target folder
if download:
target =
path_temp
target =
PATH_TEMP
else:
target = form.getfirst('target',
path_temp
)
target = form.getfirst('target',
PATH_TEMP
)
target = os.path.normpath(target)
if not target.startswith('/'):
error.append('Target directory must be an absolute path')
...
...
@@ -566,7 +566,7 @@ ${:endif}$
status = -1
if not status:
result = self.__sudo('extract', isfile, deleted, dir, object_id, dst_path)
if result.count('fetched sucessfully') or result.count('Restore complete'):
if
result in ('', '...') or
result.count('fetched sucessfully') or result.count('Restore complete'):
info.append("%s '%s' successfully extracted to '%s'" % (src_type[int(isfile)], name, target))
status = 1
else:
...
...
@@ -575,7 +575,7 @@ ${:endif}$
if restore:
extracted[object_id] = status
if int(isold):
extracted[md5
.md5
(name).hexdigest()] = status
extracted[md5(name).hexdigest()] = status
# Create tar archive
if download and not error:
tar_path = self.__sudo('pack', target)
...
...
@@ -589,8 +589,8 @@ ${:endif}$
retval.append(tar.read())
tar.close()
if tar_path and os.path.exists(tar_path):
os.
remove
(
tar_path)
self.__sudo('remove
dir
', target)
self.__sudo('
remove
',
tar_path)
self.__sudo('remove', target)
if not error:
return '\n'.join(retval)
...
...
@@ -611,14 +611,14 @@ ${:endif}$
'id': cols[0],
'name': cols[4],
'modified': modified,
'size': int(cols[3]) *
blocksize
,
'size': int(cols[3]) *
BLOCKSIZE
,
'file': ('f' in cols[1]),
'directory': ('d' in cols[1]),
'deleted': ('X' in cols[1]),
'old': ('o' in cols[1]),
'remove': ('R' in cols[1]),
'attributes': ('a' in cols[1]),
'md5':
md5.
md5(cols[4]).hexdigest(),
'md5': md5(cols[4]).hexdigest(),
'new': (now - modified).days == 0,
}
# Group objects by name
...
...
@@ -660,8 +660,8 @@ ${:endif}$
return self.template.render({
'request_uri': os.environ['REQUEST_URI'],
'script_name': os.environ['SCRIPT_NAME'],
'path_images':
path_images
,
'path_temp':
path_temp
,
'path_images':
PATH_IMAGES
,
'path_temp':
PATH_TEMP
,
'dir': dir,
'message': self.message,
'content': content,
...
...
@@ -674,16 +674,16 @@ class SudoAccess(object):
"""These methods are executed with root privileges"""
def __init__(self):
if
script_user
!= int(os.environ.get('SUDO_UID', -1)):
if
SCRIPT_USER
!= int(os.environ.get('SUDO_UID', -1)):
raise Exception('Executing user does not match script owner')
def __bbquery(self, *args):
'''
Send a query to storage server
'''
return subprocess.call([
path_bbquery
, '-q'] + list(args) + ['quit'])
"""
Send a query to storage server
"""
return subprocess.call([
PATH_BBQUERY
, '-q'] + list(args) + ['quit'])
def _check_dir(self, dir):
if not dir.startswith(
path_temp
):
raise Exception('Path (%s) does not match temp path (%s)!' % (dir,
path_temp
))
if not dir.startswith(
PATH_TEMP
):
raise Exception('Path (%s) does not match temp path (%s)!' % (dir,
PATH_TEMP
))
def list(self, dir):
return self.__bbquery('list -dots "%s"' % dir)
...
...
@@ -704,14 +704,17 @@ class SudoAccess(object):
os.makedirs(dir)
return 0
def removedir(self, dir):
self._check_dir(dir)
for root, dirs, files in os.walk(dir, topdown=False):
def remove(self, path):
self._check_dir(path)
if os.path.isfile(path):
os.remove(path)
return 0
for root, dirs, files in os.walk(path, topdown=False):
for name in files:
os.remove(os.path.join(root, name))
for name in dirs:
os.rmdir(os.path.join(root, name))
os.rmdir(
dir
)
os.rmdir(
path
)
return 0
def rename(self, path):
...
...
@@ -725,14 +728,14 @@ class SudoAccess(object):
print dst
return 0
def pack(self,
dir
):
self._check_dir(
dir
)
file =
dir
+ '.tar.gz'
def pack(self,
path
):
self._check_dir(
path
)
file =
path
+ '.tar.gz'
tar = tarfile.open(file, 'w:gz')
print file
tar.add(
dir
, os.path.split(
dir
)[1])
tar.add(
path
, os.path.split(
path
)[1])
tar.close()
os.chown(file,
script_user, script_user
)
os.chown(file,
SCRIPT_USER, SCRIPT_USER
)
return 0
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment