Skip to content
Toggle navigation
P
Projects
G
Groups
S
Snippets
Help
Gelencsér Szabolcs
/
cloud
This project
Loading...
Sign in
Toggle navigation
Go to a project
Project
Repository
Issues
0
Merge Requests
0
Pipelines
Wiki
Members
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Commit
198754b4
authored
Feb 26, 2013
by
Őry Máté
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
store-server: seteuided open of uploads
parent
cb82f9ac
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
33 additions
and
31 deletions
+33
-31
miscellaneous/store-server/CloudStore.py
+33
-31
No files found.
miscellaneous/store-server/CloudStore.py
View file @
198754b4
...
@@ -8,6 +8,9 @@ import uuid
...
@@ -8,6 +8,9 @@ import uuid
import
subprocess
import
subprocess
import
ConfigParser
import
ConfigParser
from
pwd
import
getpwnam
from
pwd
import
getpwnam
import
thread
setuid_lock
=
thread
.
allocate_lock
()
# Get configuration file
# Get configuration file
config
=
ConfigParser
.
ConfigParser
()
config
=
ConfigParser
.
ConfigParser
()
...
@@ -117,7 +120,10 @@ def cmd_upload(request, neptun, home_path):
...
@@ -117,7 +120,10 @@ def cmd_upload(request, neptun, home_path):
abort
(
400
,
'Invalid upload path.'
)
abort
(
400
,
'Invalid upload path.'
)
if
os
.
path
.
exists
(
up_path
)
==
True
and
os
.
path
.
isdir
(
up_path
):
if
os
.
path
.
exists
(
up_path
)
==
True
and
os
.
path
.
isdir
(
up_path
):
up_hash
=
str
(
uuid
.
uuid4
())
up_hash
=
str
(
uuid
.
uuid4
())
os
.
symlink
(
up_path
,
ROOT_WWW_FOLDER
+
'/'
+
up_hash
)
link
=
ROOT_WWW_FOLDER
+
'/'
+
up_hash
os
.
symlink
(
up_path
,
link
)
passwd
=
getpwnam
(
neptun
)
os
.
lchown
(
link
,
passwd
.
pw_uid
,
passwd
.
pw_gid
)
return
json
.
dumps
({
'LINK'
:
SITE_URL
+
'/ul/'
+
up_hash
})
return
json
.
dumps
({
'LINK'
:
SITE_URL
+
'/ul/'
+
up_hash
})
else
:
else
:
abort
(
400
,
'Upload directory not exists!'
)
abort
(
400
,
'Upload directory not exists!'
)
...
@@ -277,59 +283,55 @@ def upload_allow(hash_num):
...
@@ -277,59 +283,55 @@ def upload_allow(hash_num):
@route
(
'/ul/<hash_num>'
,
method
=
'POST'
)
@route
(
'/ul/<hash_num>'
,
method
=
'POST'
)
def
upload
(
hash_num
):
def
upload
(
hash_num
):
if
not
os
.
path
.
exists
(
ROOT_WWW_FOLDER
+
'/'
+
hash_num
):
link
=
ROOT_WWW_FOLDER
+
'/'
+
hash_num
if
not
os
.
path
.
exists
(
link
):
abort
(
404
,
'Token not found!'
)
abort
(
404
,
'Token not found!'
)
try
:
try
:
file_data
=
request
.
files
.
data
file_data
=
request
.
files
.
data
file_name
=
file_data
.
filename
file_name
=
file_data
.
filename
except
:
except
:
if
os
.
path
.
exists
(
ROOT_WWW_FOLDER
+
'/'
+
hash_num
):
if
os
.
path
.
exists
(
link
):
os
.
remove
(
ROOT_WWW_FOLDER
+
'/'
+
hash_num
)
os
.
remove
(
link
)
abort
(
400
,
'No file was specified!'
)
abort
(
400
,
'No file was specified!'
)
up_path
=
os
.
path
.
realpath
(
ROOT_WWW_FOLDER
+
'/'
+
hash_num
+
'/'
+
file_name
)
up_path
=
os
.
path
.
realpath
(
link
+
'/'
+
file_name
)
if
os
.
path
.
exists
(
up_path
):
if
os
.
path
.
exists
(
up_path
):
abort
(
400
,
'File already exists'
)
abort
(
400
,
'File already exists'
)
# Check if upload path valid
if
not
up_path
.
startswith
(
'/home'
):
if
not
up_path
.
startswith
(
'/home'
):
abort
(
400
,
'Invalid path.'
)
abort
(
400
,
'Invalid path.'
)
linkstat
=
os
.
stat
(
link
)
os
.
remove
(
link
)
os
.
remove
(
ROOT_WWW_FOLDER
+
'/'
+
hash_num
)
try
:
# Get the real upload path
with
setuid_lock
:
# Delete the hash link
try
:
# Get the username from path for proper ownership
os
.
setegid
(
linkstat
.
st_gid
)
username
=
up_path
.
split
(
'/'
,
3
)[
2
]
os
.
seteuid
(
linkstat
.
st_uid
)
# os.setegid(getpwnam(username).pw_gid)
file
=
open
(
up_path
,
'wb'
,
0600
)
# os.seteuid(getpwnam(username).pw_uid)
finally
:
# TODO setuid subcommand
os
.
seteuid
(
0
)
# Check if file exist (root can overwrite anything not safe)
os
.
setegid
(
0
)
with
open
(
up_path
,
'wb'
)
as
f
:
while
True
:
datalength
=
0
chunk
=
file_data
.
file
.
read
(
256
*
1024
)
for
chunk
in
fbuffer
(
file_data
.
file
,
chunk_size
=
1048576
):
if
not
chunk
:
f
.
write
(
chunk
)
break
datalength
+=
len
(
chunk
)
file
.
write
(
chunk
)
os
.
chown
(
up_path
,
getpwnam
(
username
)
.
pw_uid
,
getpwnam
(
username
)
.
pw_gid
)
except
:
os
.
chmod
(
up_path
,
0644
)
abort
(
400
,
'Write failed.'
)
finally
:
file
.
close
()
try
:
try
:
redirect_address
=
request
.
headers
.
get
(
'Referer'
)
redirect_address
=
request
.
headers
.
get
(
'Referer'
)
except
:
except
:
redirect_address
=
REDIRECT_URL
redirect_address
=
REDIRECT_URL
response
.
set_header
(
'Access-Control-Allow-Origin'
,
'*'
)
response
.
set_header
(
'Access-Control-Allow-Origin'
,
'*'
)
response
.
set_header
(
'Access-Control-Allow-Methods'
,
'POST, GET, OPTIONS'
)
response
.
set_header
(
'Access-Control-Allow-Methods'
,
'POST, GET, OPTIONS'
)
response
.
set_header
(
'Access-Control-Allow-Headers'
,
'Content-Type, Content-Range, Content-Disposition, Content-Description'
)
response
.
set_header
(
'Access-Control-Allow-Headers'
,
'Content-Type, Content-Range, Content-Disposition, Content-Description'
)
redirect
(
redirect_address
)
redirect
(
redirect_address
)
#return 'Upload finished: '+file_name+' - '+str(datalength)+' Byte'
# Return hard quota from quota
# Return hard quota from quota
def
hard_quota
(
quota
):
def
hard_quota
(
quota
):
return
str
(
int
(
int
(
quota
)
*
1.25
))
return
str
(
int
(
int
(
quota
)
*
1.25
))
# Define filebuffer for big uploads
def
fbuffer
(
f
,
chunk_size
=
4096
):
while
True
:
chunk
=
f
.
read
(
chunk_size
)
if
not
chunk
:
break
yield
chunk
# Update users .ssh/authorized_keys
# Update users .ssh/authorized_keys
def
updateSSHAuthorizedKeys
(
username
,
key_list
):
def
updateSSHAuthorizedKeys
(
username
,
key_list
):
user_uid
=
getpwnam
(
username
)
.
pw_uid
user_uid
=
getpwnam
(
username
)
.
pw_uid
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment