def main(client_id, user_arguments_dict):
"""Main function used by front end"""
(configuration, logger, output_objects, op_name) = \
initialize_main_variables(client_id)
client_dir = client_id_dir(client_id)
status = returnvalues.OK
defaults = signature()[1]
(validate_status, accepted) = validate_input_and_cert(
user_arguments_dict,
defaults,
output_objects,
client_id,
configuration,
allow_rejects=False,
# NOTE: path can use wildcards
typecheck_overrides={'path': valid_path_pattern},
)
if not validate_status:
return (accepted, returnvalues.CLIENT_ERROR)
flags = ''.join(accepted['flags'])
patterns = accepted['path']
search = accepted['pattern'][-1]
# Please note that base_dir must end in slash to avoid access to other
# user dirs when own name is a prefix of another user name
base_dir = os.path.abspath(os.path.join(configuration.user_home,
client_dir)) + os.sep
if verbose(flags):
for flag in flags:
output_objects.append({'object_type': 'text', 'text':
'%s using flag: %s' % (op_name, flag)})
for pattern in patterns:
# Check directory traversal attempts before actual handling to avoid
# leaking information about file system layout while allowing
# consistent error messages
unfiltered_match = glob.glob(base_dir + pattern)
match = []
for server_path in unfiltered_match:
# IMPORTANT: path must be expanded to abs for proper chrooting
abs_path = os.path.abspath(server_path)
if not valid_user_path(configuration, abs_path, base_dir, True):
# out of bounds - save user warning for later to allow
# partial match:
# ../*/* is technically allowed to match own files.
logger.warning('%s tried to %s restricted path %s! (%s)'
% (client_id, op_name, abs_path, pattern))
continue
match.append(abs_path)
# Now actually treat list of allowed matchings and notify if no
# (allowed) match
if not match:
output_objects.append({'object_type': 'file_not_found',
'name': pattern})
status = returnvalues.FILE_NOT_FOUND
for abs_path in match:
relative_path = abs_path.replace(base_dir, '')
output_lines = []
try:
matching = pattern_match_file(search, abs_path)
for line in matching:
output_lines.append(line)
except Exception as exc:
output_objects.append({'object_type': 'error_text',
'text': "%s: '%s': %s" % (op_name,
relative_path, exc)})
logger.error("%s: failed on '%s': %s" % (op_name,
relative_path, exc))
status = returnvalues.SYSTEM_ERROR
continue
entry = {'object_type': 'file_output',
'lines': output_lines,
'wrap_binary': binary(flags),
'wrap_targets': ['lines']}
if verbose(flags):
entry['path'] = relative_path
output_objects.append(entry)
return (output_objects, status)
def main(client_id, user_arguments_dict):
"""Main function used by front end"""
(configuration, logger, output_objects, op_name) = \
initialize_main_variables(client_id)
client_dir = client_id_dir(client_id)
defaults = signature()[1]
(validate_status, accepted) = validate_input_and_cert(
user_arguments_dict,
defaults,
output_objects,
client_id,
configuration,
allow_rejects=False,
# NOTE: path can use wildcards, dst and current_dir cannot
typecheck_overrides={'path': valid_path_pattern},
)
if not validate_status:
return (accepted, returnvalues.CLIENT_ERROR)
flags = ''.join(accepted['flags'])
pattern_list = accepted['path']
dst = accepted['dst'][-1]
current_dir = accepted['current_dir'][-1].lstrip(os.sep)
# All paths are relative to current_dir
pattern_list = [os.path.join(current_dir, i) for i in pattern_list]
if dst:
dst = os.path.join(current_dir, dst)
# Please note that base_dir must end in slash to avoid access to other
# user dirs when own name is a prefix of another user name
base_dir = os.path.abspath(
os.path.join(configuration.user_home, client_dir)) + os.sep
status = returnvalues.OK
if verbose(flags):
for flag in flags:
output_objects.append({
'object_type': 'text',
'text': '%s using flag: %s' % (op_name, flag)
})
# IMPORTANT: path must be expanded to abs for proper chrooting
abs_dir = os.path.abspath(
os.path.join(base_dir, current_dir.lstrip(os.sep)))
if not valid_user_path(configuration, abs_dir, base_dir, True):
output_objects.append({
'object_type':
'error_text',
'text':
"You're not allowed to work in %s!" % current_dir
})
logger.warning('%s tried to %s restricted path %s ! (%s)' %
(client_id, op_name, abs_dir, current_dir))
return (output_objects, returnvalues.CLIENT_ERROR)
if verbose(flags):
output_objects.append({
'object_type': 'text',
'text': "working in %s" % current_dir
})
if dst:
if not safe_handler(configuration, 'post', op_name, client_id,
get_csrf_limit(configuration), accepted):
output_objects.append({
'object_type':
'error_text',
'text':
'''Only accepting
CSRF-filtered POST requests to prevent unintended updates'''
})
return (output_objects, returnvalues.CLIENT_ERROR)
# NOTE: dst already incorporates current_dir prefix here
# IMPORTANT: path must be expanded to abs for proper chrooting
abs_dest = os.path.abspath(os.path.join(base_dir, dst))
logger.info('chksum in %s' % abs_dest)
# Don't use abs_path in output as it may expose underlying
# fs layout.
relative_dest = abs_dest.replace(base_dir, '')
if not valid_user_path(configuration, abs_dest, base_dir, True):
output_objects.append({
'object_type':
'error_text',
'text':
"Invalid path! (%s expands to an illegal path)" % dst
})
logger.warning('%s tried to %s restricted path %s !(%s)' %
(client_id, op_name, abs_dest, dst))
return (output_objects, returnvalues.CLIENT_ERROR)
if not check_write_access(abs_dest, parent_dir=True):
logger.warning('%s called without write access: %s' %
(op_name, abs_dest))
output_objects.append({
'object_type':
'error_text',
'text':
'cannot checksum to "%s": inside a read-only location!' %
relative_dest
})
return (output_objects, returnvalues.CLIENT_ERROR)
all_lines = []
for pattern in pattern_list:
# Check directory traversal attempts before actual handling to avoid
# leaking information about file system layout while allowing
# consistent error messages
unfiltered_match = glob.glob(base_dir + pattern)
match = []
for server_path in unfiltered_match:
# IMPORTANT: path must be expanded to abs for proper chrooting
abs_path = os.path.abspath(server_path)
if not valid_user_path(configuration, abs_path, base_dir, True):
# out of bounds - save user warning for later to allow
# partial match:
# ../*/* is technically allowed to match own files.
logger.warning('%s tried to %s restricted path %s ! (%s)' %
(client_id, op_name, abs_path, pattern))
continue
match.append(abs_path)
# Now actually treat list of allowed matchings and notify if no
# (allowed) match
if not match:
output_objects.append({
'object_type': 'file_not_found',
'name': pattern
})
status = returnvalues.FILE_NOT_FOUND
# NOTE: we produce output matching an invocation of:
# du -aL --apparent-size --block-size=1 PATH [PATH ...]
filedus = []
summarize_output = summarize(flags)
for abs_path in match:
if invisible_path(abs_path):
continue
relative_path = abs_path.replace(base_dir, '')
# cache accumulated sub dir sizes - du sums into parent dir size
dir_sizes = {}
try:
# Assume a directory to walk
for (root, dirs, files) in walk(abs_path,
topdown=False,
followlinks=True):
if invisible_path(root):
continue
dir_bytes = 0
for name in files:
real_file = os.path.join(root, name)
if invisible_path(real_file):
continue
relative_file = real_file.replace(base_dir, '')
size = os.path.getsize(real_file)
dir_bytes += size
if not summarize_output:
filedus.append({
'object_type': 'filedu',
'name': relative_file,
'bytes': size
})
for name in dirs:
real_dir = os.path.join(root, name)
if invisible_path(real_dir):
continue
dir_bytes += dir_sizes[real_dir]
relative_root = root.replace(base_dir, '')
dir_bytes += os.path.getsize(root)
dir_sizes[root] = dir_bytes
if root == abs_path or not summarize_output:
filedus.append({
'object_type': 'filedu',
'name': relative_root,
'bytes': dir_bytes
})
if os.path.isfile(abs_path):
# Fall back to plain file where walk is empty
size = os.path.getsize(abs_path)
filedus.append({
'object_type': 'filedu',
'name': relative_path,
'bytes': size
})
except Exception as exc:
output_objects.append({
'object_type':
'error_text',
'text':
"%s: '%s': %s" % (op_name, relative_path, exc)
})
logger.error("%s: failed on '%s': %s" %
(op_name, relative_path, exc))
status = returnvalues.SYSTEM_ERROR
continue
if dst:
all_lines += [
'%(bytes)d\t\t%(name)s\n' % entry for entry in filedus
]
else:
output_objects.append({
'object_type': 'filedus',
'filedus': filedus
})
if dst and not write_file(''.join(all_lines), abs_dest, logger):
output_objects.append({
'object_type':
'error_text',
'text':
"failed to write disk use to %s" % relative_dest
})
logger.error("writing disk use to %s for %s failed" %
(abs_dest, client_id))
status = returnvalues.SYSTEM_ERROR
return (output_objects, status)
def main(client_id, user_arguments_dict, environ=None):
"""Main function used by front end"""
if environ is None:
environ = os.environ
(configuration, logger, output_objects, op_name) = \
initialize_main_variables(client_id, op_header=False,
op_menu=client_id)
client_dir = client_id_dir(client_id)
status = returnvalues.OK
defaults = signature()[1]
(validate_status, accepted) = validate_input(
user_arguments_dict,
defaults,
output_objects,
allow_rejects=False,
# NOTE: path cannot use wildcards here
typecheck_overrides={},
)
if not validate_status:
return (accepted, returnvalues.CLIENT_ERROR)
flags = ''.join(accepted['flags'])
patterns = accepted['path']
current_dir = accepted['current_dir'][-1]
share_id = accepted['share_id'][-1]
if not safe_handler(configuration, 'post', op_name, client_id,
get_csrf_limit(configuration), accepted):
output_objects.append({
'object_type':
'error_text',
'text':
'''Only accepting
CSRF-filtered POST requests to prevent unintended updates'''
})
return (output_objects, returnvalues.CLIENT_ERROR)
# Either authenticated user client_id set or sharelink ID
if client_id:
user_id = client_id
target_dir = client_id_dir(client_id)
base_dir = configuration.user_home
id_query = ''
page_title = 'Create User Directory'
userstyle = True
widgets = True
elif share_id:
try:
(share_mode, _) = extract_mode_id(configuration, share_id)
except ValueError as err:
logger.error('%s called with invalid share_id %s: %s' %
(op_name, share_id, err))
output_objects.append({
'object_type': 'error_text',
'text': 'Invalid sharelink ID: %s' % share_id
})
return (output_objects, returnvalues.CLIENT_ERROR)
# TODO: load and check sharelink pickle (currently requires client_id)
user_id = 'anonymous user through share ID %s' % share_id
if share_mode == 'read-only':
logger.error('%s called without write access: %s' %
(op_name, accepted))
output_objects.append({
'object_type': 'error_text',
'text': 'No write access!'
})
return (output_objects, returnvalues.CLIENT_ERROR)
target_dir = os.path.join(share_mode, share_id)
base_dir = configuration.sharelink_home
id_query = '?share_id=%s' % share_id
page_title = 'Create Shared Directory'
userstyle = False
widgets = False
else:
logger.error('%s called without proper auth: %s' % (op_name, accepted))
output_objects.append({
'object_type': 'error_text',
'text': 'Authentication is missing!'
})
return (output_objects, returnvalues.SYSTEM_ERROR)
# Please note that base_dir must end in slash to avoid access to other
# user dirs when own name is a prefix of another user name
base_dir = os.path.abspath(os.path.join(base_dir, target_dir)) + os.sep
title_entry = find_entry(output_objects, 'title')
title_entry['text'] = page_title
title_entry['skipwidgets'] = not widgets
title_entry['skipuserstyle'] = not userstyle
output_objects.append({'object_type': 'header', 'text': page_title})
# Input validation assures target_dir can't escape base_dir
if not os.path.isdir(base_dir):
output_objects.append({
'object_type': 'error_text',
'text': 'Invalid client/sharelink id!'
})
return (output_objects, returnvalues.CLIENT_ERROR)
if verbose(flags):
for flag in flags:
output_objects.append({
'object_type': 'text',
'text': '%s using flag: %s' % (op_name, flag)
})
for pattern in patterns:
# Check directory traversal attempts before actual handling to avoid
# leaking information about file system layout while allowing
# consistent error messages
# NB: Globbing disabled on purpose here
unfiltered_match = [base_dir + os.sep + current_dir + os.sep + pattern]
match = []
for server_path in unfiltered_match:
# IMPORTANT: path must be expanded to abs for proper chrooting
abs_path = os.path.abspath(server_path)
if not valid_user_path(configuration, abs_path, base_dir, True):
# out of bounds - save user warning for later to allow
# partial match:
# ../*/* is technically allowed to match own files.
logger.warn('%s tried to %s %s restricted path! (%s)' %
(client_id, op_name, abs_path, pattern))
continue
match.append(abs_path)
# Now actually treat list of allowed matchings and notify if no
# (allowed) match
if not match:
output_objects.append({
'object_type':
'error_text',
'text':
"%s: cannot create directory '%s': Permission denied" %
(op_name, pattern)
})
status = returnvalues.CLIENT_ERROR
for abs_path in match:
relative_path = abs_path.replace(base_dir, '')
if verbose(flags):
output_objects.append({
'object_type': 'file',
'name': relative_path
})
if not parents(flags) and os.path.exists(abs_path):
output_objects.append({
'object_type': 'error_text',
'text': '%s: path exist!' % pattern
})
status = returnvalues.CLIENT_ERROR
continue
if not check_write_access(abs_path, parent_dir=True):
logger.warning('%s called without write access: %s' %
(op_name, abs_path))
output_objects.append({
'object_type':
'error_text',
'text':
'cannot create "%s": inside a read-only location!' %
pattern
})
status = returnvalues.CLIENT_ERROR
continue
try:
gdp_iolog(configuration, client_id, environ['REMOTE_ADDR'],
'created', [relative_path])
if parents(flags):
if not os.path.isdir(abs_path):
os.makedirs(abs_path)
else:
os.mkdir(abs_path)
logger.info('%s %s done' % (op_name, abs_path))
except Exception as exc:
if not isinstance(exc, GDPIOLogError):
gdp_iolog(configuration,
client_id,
environ['REMOTE_ADDR'],
'created', [relative_path],
failed=True,
details=exc)
output_objects.append({
'object_type':
'error_text',
'text':
"%s: '%s' failed!" % (op_name, relative_path)
})
logger.error("%s: failed on '%s': %s" %
(op_name, relative_path, exc))
status = returnvalues.SYSTEM_ERROR
continue
output_objects.append({
'object_type':
'text',
'text':
"created directory %s" % (relative_path)
})
if id_query:
open_query = "%s;current_dir=%s" % (id_query, relative_path)
else:
open_query = "?current_dir=%s" % relative_path
output_objects.append({
'object_type': 'link',
'destination': 'ls.py%s' % open_query,
'text': 'Open %s' % relative_path
})
output_objects.append({'object_type': 'text', 'text': ''})
output_objects.append({
'object_type': 'link',
'destination': 'ls.py%s' % id_query,
'text': 'Return to files overview'
})
return (output_objects, status)
def main(client_id, user_arguments_dict):
"""Main function used by front end"""
(configuration, logger, output_objects, op_name) = \
initialize_main_variables(client_id)
client_dir = client_id_dir(client_id)
defaults = signature()[1]
(validate_status, accepted) = validate_input_and_cert(
user_arguments_dict,
defaults,
output_objects,
client_id,
configuration,
allow_rejects=False,
# NOTE: path can use wildcards, dst and current_dir cannot
typecheck_overrides={'path': valid_path_pattern},
)
if not validate_status:
return (accepted, returnvalues.CLIENT_ERROR)
flags = ''.join(accepted['flags'])
algo_list = accepted['hash_algo']
max_chunks = int(accepted['max_chunks'][-1])
pattern_list = accepted['path']
dst = accepted['dst'][-1]
current_dir = accepted['current_dir'][-1].lstrip(os.sep)
# All paths are relative to current_dir
pattern_list = [os.path.join(current_dir, i) for i in pattern_list]
if dst:
dst = os.path.join(current_dir, dst)
# Please note that base_dir must end in slash to avoid access to other
# user dirs when own name is a prefix of another user name
base_dir = os.path.abspath(
os.path.join(configuration.user_home, client_dir)) + os.sep
status = returnvalues.OK
if verbose(flags):
for flag in flags:
output_objects.append({
'object_type': 'text',
'text': '%s using flag: %s' % (op_name, flag)
})
# IMPORTANT: path must be expanded to abs for proper chrooting
abs_dir = os.path.abspath(
os.path.join(base_dir, current_dir.lstrip(os.sep)))
if not valid_user_path(configuration, abs_dir, base_dir, True):
output_objects.append({
'object_type':
'error_text',
'text':
"You're not allowed to work in %s!" % current_dir
})
logger.warning('%s tried to %s restricted path %s ! (%s)' %
(client_id, op_name, abs_dir, current_dir))
return (output_objects, returnvalues.CLIENT_ERROR)
if verbose(flags):
output_objects.append({
'object_type': 'text',
'text': "working in %s" % current_dir
})
if dst:
if not safe_handler(configuration, 'post', op_name, client_id,
get_csrf_limit(configuration), accepted):
output_objects.append({
'object_type':
'error_text',
'text':
'''Only accepting
CSRF-filtered POST requests to prevent unintended updates'''
})
return (output_objects, returnvalues.CLIENT_ERROR)
# NOTE: dst already incorporates current_dir prefix here
# IMPORTANT: path must be expanded to abs for proper chrooting
abs_dest = os.path.abspath(os.path.join(base_dir, dst))
logger.info('chksum in %s' % abs_dest)
# Don't use abs_path in output as it may expose underlying
# fs layout.
relative_dest = abs_dest.replace(base_dir, '')
if not valid_user_path(configuration, abs_dest, base_dir, True):
output_objects.append({
'object_type':
'error_text',
'text':
"Invalid path! (%s expands to an illegal path)" % dst
})
logger.warning('%s tried to %s restricted path %s !(%s)' %
(client_id, op_name, abs_dest, dst))
return (output_objects, returnvalues.CLIENT_ERROR)
if not check_write_access(abs_dest, parent_dir=True):
logger.warning('%s called without write access: %s' %
(op_name, abs_dest))
output_objects.append({
'object_type':
'error_text',
'text':
'cannot checksum to "%s": inside a read-only location!' %
relative_dest
})
return (output_objects, returnvalues.CLIENT_ERROR)
all_lines = []
for pattern in pattern_list:
# Check directory traversal attempts before actual handling to avoid
# leaking information about file system layout while allowing
# consistent error messages
unfiltered_match = glob.glob(base_dir + pattern)
match = []
for server_path in unfiltered_match:
# IMPORTANT: path must be expanded to abs for proper chrooting
abs_path = os.path.abspath(server_path)
if not valid_user_path(configuration, abs_path, base_dir, True):
# out of bounds - save user warning for later to allow
# partial match:
# ../*/* is technically allowed to match own files.
logger.warning('%s tried to %s restricted path %s ! (%s)' %
(client_id, op_name, abs_path, pattern))
continue
match.append(abs_path)
# Now actually treat list of allowed matchings and notify if no
# (allowed) match
if not match:
output_objects.append({
'object_type': 'file_not_found',
'name': pattern
})
status = returnvalues.FILE_NOT_FOUND
for abs_path in match:
relative_path = abs_path.replace(base_dir, '')
output_lines = []
for hash_algo in algo_list:
try:
chksum_helper = _algo_map.get(hash_algo, _algo_map["md5"])
checksum = chksum_helper(abs_path, max_chunks=max_chunks)
line = "%s %s\n" % (checksum, relative_path)
logger.info("%s %s of %s: %s" %
(op_name, hash_algo, abs_path, checksum))
output_lines.append(line)
except Exception as exc:
output_objects.append({
'object_type':
'error_text',
'text':
"%s: '%s': %s" % (op_name, relative_path, exc)
})
logger.error("%s: failed on '%s': %s" %
(op_name, relative_path, exc))
status = returnvalues.SYSTEM_ERROR
continue
entry = {'object_type': 'file_output', 'lines': output_lines}
output_objects.append(entry)
all_lines += output_lines
if dst and not write_file(''.join(all_lines), abs_dest, logger):
output_objects.append({
'object_type':
'error_text',
'text':
"failed to write checksums to %s" % relative_dest
})
logger.error("writing checksums to %s for %s failed" %
(abs_dest, client_id))
status = returnvalues.SYSTEM_ERROR
return (output_objects, status)
def main(client_id, user_arguments_dict, environ=None):
"""Main function used by front end"""
if environ is None:
environ = os.environ
(configuration, logger, output_objects, op_name) = \
initialize_main_variables(client_id)
client_dir = client_id_dir(client_id)
defaults = signature()[1]
status = returnvalues.OK
(validate_status, accepted) = validate_input_and_cert(
user_arguments_dict,
defaults,
output_objects,
client_id,
configuration,
allow_rejects=False,
# NOTE: path can use wildcards, dst cannot
typecheck_overrides={'path': valid_path_pattern},
)
if not validate_status:
return (accepted, returnvalues.CLIENT_ERROR)
flags = ''.join(accepted['flags'])
patterns = accepted['path']
dst = accepted['dst'][-1].lstrip(os.sep)
# Please note that base_dir must end in slash to avoid access to other
# user dirs when own name is a prefix of another user name
base_dir = os.path.abspath(
os.path.join(configuration.user_home, client_dir)) + os.sep
if verbose(flags):
for flag in flags:
output_objects.append({
'object_type': 'text',
'text': '%s using flag: %s' % (op_name, flag)
})
if dst:
if not safe_handler(configuration, 'post', op_name, client_id,
get_csrf_limit(configuration), accepted):
output_objects.append({
'object_type':
'error_text',
'text':
'''Only accepting
CSRF-filtered POST requests to prevent unintended updates'''
})
return (output_objects, returnvalues.CLIENT_ERROR)
dst_mode = "wb"
# IMPORTANT: path must be expanded to abs for proper chrooting
abs_dest = os.path.abspath(os.path.join(base_dir, dst))
relative_dst = abs_dest.replace(base_dir, '')
if not valid_user_path(configuration, abs_dest, base_dir, True):
logger.warning('%s tried to %s into restricted path %s ! (%s)' %
(client_id, op_name, abs_dest, dst))
output_objects.append({
'object_type': 'error_text',
'text': "invalid destination: '%s'" % dst
})
return (output_objects, returnvalues.CLIENT_ERROR)
for pattern in patterns:
# Check directory traversal attempts before actual handling to avoid
# leaking information about file system layout while allowing
# consistent error messages
unfiltered_match = glob.glob(base_dir + pattern)
match = []
for server_path in unfiltered_match:
# IMPORTANT: path must be expanded to abs for proper chrooting
abs_path = os.path.abspath(server_path)
if not valid_user_path(configuration, abs_path, base_dir, True):
# out of bounds - save user warning for later to allow
# partial match:
# ../*/* is technically allowed to match own files.
logger.warning('%s tried to %s restricted path %s ! (%s)' %
(client_id, op_name, abs_path, pattern))
continue
match.append(abs_path)
# Now actually treat list of allowed matchings and notify if no
# (allowed) match
if not match:
output_objects.append({
'object_type': 'file_not_found',
'name': pattern
})
status = returnvalues.FILE_NOT_FOUND
for abs_path in match:
output_lines = []
relative_path = abs_path.replace(base_dir, '')
try:
gdp_iolog(configuration, client_id, environ['REMOTE_ADDR'],
'accessed', [relative_path])
fd = open(abs_path, 'r')
# use file directly as iterator for efficiency
for line in fd:
output_lines.append(line)
fd.close()
except Exception as exc:
if not isinstance(exc, GDPIOLogError):
gdp_iolog(configuration,
client_id,
environ['REMOTE_ADDR'],
'accessed', [relative_path],
failed=True,
details=exc)
output_objects.append({
'object_type':
'error_text',
'text':
"%s: '%s': %s" % (op_name, relative_path, exc)
})
logger.error("%s: failed on '%s': %s" %
(op_name, relative_path, exc))
status = returnvalues.SYSTEM_ERROR
continue
if dst:
try:
gdp_iolog(configuration, client_id, environ['REMOTE_ADDR'],
'modified', [dst])
out_fd = open(abs_dest, dst_mode)
out_fd.writelines(output_lines)
out_fd.close()
logger.info('%s %s %s done' %
(op_name, abs_path, abs_dest))
except Exception as exc:
if not isinstance(exc, GDPIOLogError):
gdp_iolog(configuration,
client_id,
environ['REMOTE_ADDR'],
'modified', [dst],
failed=True,
details=exc)
output_objects.append({
'object_type': 'error_text',
'text': "write failed: '%s'" % exc
})
logger.error("%s: write failed on '%s': %s" %
(op_name, abs_dest, exc))
status = returnvalues.SYSTEM_ERROR
continue
output_objects.append({
'object_type':
'text',
'text':
"wrote %s to %s" % (relative_path, relative_dst)
})
# Prevent truncate after first write
dst_mode = "ab+"
else:
entry = {
'object_type': 'file_output',
'lines': output_lines,
'wrap_binary': binary(flags),
'wrap_targets': ['lines']
}
if verbose(flags):
entry['path'] = relative_path
output_objects.append(entry)
# TODO: rip this hack out into real download handler?
# Force download of files when output_format == 'file_format'
# This will only work for the first file matching a glob when
# using file_format.
# And it is supposed to only work for one file.
if 'output_format' in user_arguments_dict:
output_format = user_arguments_dict['output_format'][0]
if output_format == 'file':
output_objects.append({
'object_type':
'start',
'headers': [('Content-Disposition',
'attachment; filename="%s";' %
os.path.basename(abs_path))]
})
return (output_objects, status)
def main(client_id, user_arguments_dict, environ=None):
"""Main function used by front end"""
if environ is None:
environ = os.environ
(configuration, logger, output_objects, op_name) = \
initialize_main_variables(client_id, op_header=False,
op_menu=client_id)
client_dir = client_id_dir(client_id)
status = returnvalues.OK
defaults = signature()[1]
(validate_status, accepted) = validate_input(
user_arguments_dict,
defaults,
output_objects,
allow_rejects=False,
# NOTE: path can use wildcards
typecheck_overrides={'path': valid_path_pattern},
)
if not validate_status:
return (accepted, returnvalues.CLIENT_ERROR)
flags = ''.join(accepted['flags'])
pattern_list = accepted['path']
iosessionid = accepted['iosessionid'][-1]
share_id = accepted['share_id'][-1]
if not safe_handler(configuration, 'post', op_name, client_id,
get_csrf_limit(configuration), accepted):
output_objects.append({
'object_type':
'error_text',
'text':
'''Only accepting
CSRF-filtered POST requests to prevent unintended updates'''
})
return (output_objects, returnvalues.CLIENT_ERROR)
# Either authenticated user client_id set or sharelink ID
if client_id:
user_id = client_id
target_dir = client_id_dir(client_id)
base_dir = configuration.user_home
id_query = ''
page_title = 'Remove User File'
if force(flags):
rm_helper = delete_path
else:
rm_helper = remove_path
userstyle = True
widgets = True
elif share_id:
try:
(share_mode, _) = extract_mode_id(configuration, share_id)
except ValueError as err:
logger.error('%s called with invalid share_id %s: %s' %
(op_name, share_id, err))
output_objects.append({
'object_type': 'error_text',
'text': 'Invalid sharelink ID: %s' % share_id
})
return (output_objects, returnvalues.CLIENT_ERROR)
# TODO: load and check sharelink pickle (currently requires client_id)
user_id = 'anonymous user through share ID %s' % share_id
if share_mode == 'read-only':
logger.error('%s called without write access: %s' %
(op_name, accepted))
output_objects.append({
'object_type': 'error_text',
'text': 'No write access!'
})
return (output_objects, returnvalues.CLIENT_ERROR)
target_dir = os.path.join(share_mode, share_id)
base_dir = configuration.sharelink_home
id_query = '?share_id=%s' % share_id
page_title = 'Remove Shared File'
rm_helper = delete_path
userstyle = False
widgets = False
elif iosessionid.strip() and iosessionid.isalnum():
user_id = iosessionid
base_dir = configuration.webserver_home
target_dir = iosessionid
page_title = 'Remove Session File'
rm_helper = delete_path
userstyle = False
widgets = False
else:
logger.error('%s called without proper auth: %s' % (op_name, accepted))
output_objects.append({
'object_type': 'error_text',
'text': 'Authentication is missing!'
})
return (output_objects, returnvalues.SYSTEM_ERROR)
# Please note that base_dir must end in slash to avoid access to other
# user dirs when own name is a prefix of another user name
base_dir = os.path.abspath(os.path.join(base_dir, target_dir)) + os.sep
title_entry = find_entry(output_objects, 'title')
title_entry['text'] = page_title
title_entry['skipwidgets'] = not widgets
title_entry['skipuserstyle'] = not userstyle
output_objects.append({'object_type': 'header', 'text': page_title})
logger.debug("%s: with paths: %s" % (op_name, pattern_list))
# Input validation assures target_dir can't escape base_dir
if not os.path.isdir(base_dir):
output_objects.append({
'object_type': 'error_text',
'text': 'Invalid client/sharelink/session id!'
})
logger.warning('%s used %s with invalid base dir: %s' %
(user_id, op_name, base_dir))
return (output_objects, returnvalues.CLIENT_ERROR)
if verbose(flags):
for flag in flags:
output_objects.append({
'object_type': 'text',
'text': '%s using flag: %s' % (op_name, flag)
})
for pattern in pattern_list:
# Check directory traversal attempts before actual handling to avoid
# leaking information about file system layout while allowing
# consistent error messages
unfiltered_match = glob.glob(base_dir + pattern)
match = []
for server_path in unfiltered_match:
# IMPORTANT: path must be expanded to abs for proper chrooting
abs_path = os.path.abspath(server_path)
if not valid_user_path(configuration, abs_path, base_dir, True):
# out of bounds - save user warning for later to allow
# partial match:
# ../*/* is technically allowed to match own files.
logger.warning('%s tried to %s restricted path %s ! ( %s)' %
(client_id, op_name, abs_path, pattern))
continue
match.append(abs_path)
# Now actually treat list of allowed matchings and notify if no
# (allowed) match
if not match:
logger.warning("%s: no matching paths: %s" %
(op_name, pattern_list))
output_objects.append({
'object_type': 'file_not_found',
'name': pattern
})
status = returnvalues.FILE_NOT_FOUND
for abs_path in match:
real_path = os.path.realpath(abs_path)
relative_path = abs_path.replace(base_dir, '')
if verbose(flags):
output_objects.append({
'object_type': 'file',
'name': relative_path
})
# Make it harder to accidentially delete too much - e.g. do not
# delete VGrid files without explicit selection of subdir contents
if abs_path == os.path.abspath(base_dir):
logger.error("%s: refusing rm home dir: %s" %
(op_name, abs_path))
output_objects.append({
'object_type':
'warning',
'text':
"You're not allowed to delete your entire home directory!"
})
status = returnvalues.CLIENT_ERROR
continue
# Generally refuse handling symlinks including root vgrid shares
elif os.path.islink(abs_path):
logger.error("%s: refusing rm link: %s" % (op_name, abs_path))
output_objects.append({
'object_type':
'warning',
'text':
"""
You're not allowed to delete entire special folders like %s shares and %s
""" % (configuration.site_vgrid_label, trash_linkname)
})
status = returnvalues.CLIENT_ERROR
continue
# Additionally refuse operations on inherited subvgrid share roots
elif in_vgrid_share(configuration, abs_path) == relative_path:
output_objects.append({
'object_type':
'warning',
'text':
"""You're not allowed to
remove entire %s shared folders!""" % configuration.site_vgrid_label
})
status = returnvalues.CLIENT_ERROR
continue
elif os.path.isdir(abs_path) and not recursive(flags):
logger.error("%s: non-recursive call on dir '%s'" %
(op_name, abs_path))
output_objects.append({
'object_type':
'error_text',
'text':
"cannot remove '%s': is a direcory" % relative_path
})
status = returnvalues.CLIENT_ERROR
continue
trash_base = get_trash_location(configuration, abs_path)
if not trash_base and not force(flags):
logger.error("%s: no trash for dir '%s'" % (op_name, abs_path))
output_objects.append({
'object_type':
'error_text',
'text':
"No trash enabled for '%s' - read-only?" % relative_path
})
status = returnvalues.CLIENT_ERROR
continue
try:
if rm_helper == remove_path and \
os.path.commonprefix([real_path, trash_base]) \
== trash_base:
logger.warning("%s: already in trash: '%s'" %
(op_name, real_path))
output_objects.append({
'object_type':
'error_text',
'text':
"""
'%s' is already in trash - no action: use force flag to permanently delete""" %
relative_path
})
status = returnvalues.CLIENT_ERROR
continue
except Exception as err:
logger.error("%s: check trash failed: %s" % (op_name, err))
continue
if not check_write_access(abs_path):
logger.warning('%s called without write access: %s' %
(op_name, abs_path))
output_objects.append({
'object_type':
'error_text',
'text':
'cannot remove "%s": inside a read-only location!' %
pattern
})
status = returnvalues.CLIENT_ERROR
continue
# TODO: limit delete in vgrid share trash to vgrid owners / conf?
# ... malicious members can still e.g. truncate all files.
# we could consider removing write bit on move to trash.
# TODO: user setting to switch on/off trash?
# TODO: add direct delete checkbox in fileman move to trash dialog?
# TODO: add empty trash option for Trash?
# TODO: user settings to define read-only and auto-expire in trash?
# TODO: add trash support for sftp/ftps/webdavs?
gdp_iolog_action = 'deleted'
gdp_iolog_paths = [relative_path]
if rm_helper == remove_path:
gdp_iolog_action = 'moved'
trash_base_path = \
get_trash_location(configuration, abs_path, True)
trash_relative_path = \
trash_base_path.replace(configuration.user_home, '')
trash_relative_path = \
trash_relative_path.replace(
configuration.vgrid_files_home, '')
gdp_iolog_paths.append(trash_relative_path)
try:
gdp_iolog(configuration, client_id, environ['REMOTE_ADDR'],
gdp_iolog_action, gdp_iolog_paths)
gdp_iolog_status = True
except GDPIOLogError as exc:
gdp_iolog_status = False
rm_err = [str(exc)]
rm_status = False
if gdp_iolog_status:
(rm_status, rm_err) = rm_helper(configuration, abs_path)
if not rm_status or not gdp_iolog_status:
if gdp_iolog_status:
gdp_iolog(configuration,
client_id,
environ['REMOTE_ADDR'],
gdp_iolog_action,
gdp_iolog_paths,
failed=True,
details=rm_err)
logger.error("%s: failed on '%s': %s" %
(op_name, abs_path, ', '.join(rm_err)))
output_objects.append({
'object_type':
'error_text',
'text':
"remove '%s' failed: %s" %
(relative_path, '. '.join(rm_err))
})
status = returnvalues.SYSTEM_ERROR
continue
logger.info("%s: successfully (re)moved %s" % (op_name, abs_path))
output_objects.append({
'object_type': 'text',
'text': "removed %s" % (relative_path)
})
output_objects.append({
'object_type': 'link',
'destination': 'ls.py%s' % id_query,
'text': 'Return to files overview'
})
return (output_objects, status)
def main(client_id, user_arguments_dict):
"""Main function used by front end"""
(configuration, logger, output_objects, op_name) = \
initialize_main_variables(client_id)
client_dir = client_id_dir(client_id)
status = returnvalues.OK
defaults = signature()[1]
(validate_status, accepted) = validate_input_and_cert(
user_arguments_dict,
defaults,
output_objects,
client_id,
configuration,
allow_rejects=False,
)
if not validate_status:
return (accepted, returnvalues.CLIENT_ERROR)
flags = accepted['flags']
patterns = accepted['job_id']
if not configuration.site_enable_jobs:
output_objects.append({'object_type': 'error_text', 'text':
'''Job execution is not enabled on this system'''})
return (output_objects, returnvalues.SYSTEM_ERROR)
# Please note that base_dir must end in slash to avoid access to other
# user dirs when own name is a prefix of another user name
base_dir = \
os.path.abspath(os.path.join(configuration.mrsl_files_dir,
client_dir)) + os.sep
mrsl_keywords_dict = get_keywords_dict(configuration)
if verbose(flags):
for flag in flags:
output_objects.append({'object_type': 'text', 'text'
: '%s using flag: %s' % (op_name,
flag)})
for pattern in patterns:
# Add file extension
pattern += '.mRSL'
# Check directory traversal attempts before actual handling to avoid
# leaking information about file system layout while allowing
# consistent error messages
unfiltered_match = glob.glob(base_dir + pattern)
match = []
for server_path in unfiltered_match:
# IMPORTANT: path must be expanded to abs for proper chrooting
abs_path = os.path.abspath(server_path)
if not valid_user_path(configuration, abs_path, base_dir, True):
# out of bounds - save user warning for later to allow
# partial match:
# ../*/* is technically allowed to match own files.
logger.warning('%s tried to %s restricted path %s ! (%s)'
% (client_id, op_name, abs_path, pattern))
continue
match.append(abs_path)
# Now actually treat list of allowed matchings and notify if no
# (allowed) match
if not match:
output_objects.append({'object_type': 'file_not_found', 'name'
: pattern})
status = returnvalues.FILE_NOT_FOUND
for abs_path in match:
output_lines = []
relative_path = abs_path.replace(base_dir, '')
try:
mrsl_dict = unpickle(abs_path, logger)
if not mrsl_dict:
raise Exception('could not load job mRSL')
for (key, val) in mrsl_dict.items():
if not key in mrsl_keywords_dict.keys():
continue
if not val:
continue
output_lines.append('::%s::\n' % key)
if 'multiplestrings' == mrsl_keywords_dict[key]['Type']:
for line in val:
output_lines.append('%s\n' % line)
elif 'multiplekeyvalues' == mrsl_keywords_dict[key]['Type']:
for (left, right) in val:
output_lines.append('%s=%s\n' % (left, right))
else:
output_lines.append('%s\n' % val)
output_lines.append('\n')
except Exception as exc:
output_objects.append({'object_type': 'error_text', 'text'
: "%s: '%s': %s" % (op_name,
relative_path, exc)})
logger.error("%s: failed on '%s': %s" % (op_name,
relative_path, exc))
status = returnvalues.SYSTEM_ERROR
continue
if verbose(flags):
output_objects.append({'object_type': 'file_output', 'path'
: relative_path, 'lines'
: output_lines})
else:
output_objects.append({'object_type': 'file_output', 'lines'
: output_lines})
return (output_objects, status)
def main(client_id, user_arguments_dict):
"""Main function used by front end"""
(configuration, logger, output_objects, op_name) = \
initialize_main_variables(client_id, op_header=False)
client_dir = client_id_dir(client_id)
status = returnvalues.OK
defaults = signature()[1]
(validate_status, accepted) = validate_input_and_cert(
user_arguments_dict,
defaults,
output_objects,
client_id,
configuration,
allow_rejects=False,
)
if not validate_status:
logger.error("jobstatus input validation failed: %s" % accepted)
return (accepted, returnvalues.CLIENT_ERROR)
flags = ''.join(accepted['flags'])
max_jobs = int(accepted['max_jobs'][-1])
order = 'unsorted '
if sorted(flags):
order = 'sorted '
patterns = accepted['job_id']
project_names = accepted['project_name']
if len(project_names) > 0:
for project_name in project_names:
project_name_job_ids = \
get_job_ids_with_specified_project_name(client_id,
project_name, configuration.mrsl_files_dir, logger)
patterns.extend(project_name_job_ids)
if not configuration.site_enable_jobs:
output_objects.append({'object_type': 'error_text', 'text':
'''Job execution is not enabled on this system'''})
return (output_objects, returnvalues.SYSTEM_ERROR)
# Please note that base_dir must end in slash to avoid access to other
# user dirs when own name is a prefix of another user name
base_dir = \
os.path.abspath(os.path.join(configuration.mrsl_files_dir,
client_dir)) + os.sep
output_objects.append({'object_type': 'header', 'text': '%s %s job status' %
(configuration.short_title, order)})
if not patterns:
output_objects.append(
{'object_type': 'error_text', 'text': 'No job_id specified!'})
return (output_objects, returnvalues.NO_SUCH_JOB_ID)
if verbose(flags):
for flag in flags:
output_objects.append({'object_type': 'text', 'text': '%s using flag: %s' % (op_name,
flag)})
if not os.path.isdir(base_dir):
output_objects.append(
{'object_type': 'error_text', 'text': ('You have not been created as a user on the %s server! '
'Please contact the %s team.') %
(configuration.short_title, configuration.short_title)})
return (output_objects, returnvalues.CLIENT_ERROR)
filelist = []
for pattern in patterns:
pattern = pattern.strip()
# Backward compatibility - all_jobs keyword should match all jobs
if pattern == all_jobs:
pattern = '*'
# Check directory traversal attempts before actual handling to
# avoid leaking information about file system layout while
# allowing consistent error messages
unfiltered_match = glob.glob(base_dir + pattern + '.mRSL')
match = []
for server_path in unfiltered_match:
# IMPORTANT: path must be expanded to abs for proper chrooting
abs_path = os.path.abspath(server_path)
if not valid_user_path(configuration, abs_path, base_dir, True):
# out of bounds - save user warning for later to allow
# partial match:
# ../*/* is technically allowed to match own files.
logger.warning('%s tried to %s restricted path %s ! (%s)'
% (client_id, op_name, abs_path, pattern))
continue
# Insert valid job files in filelist for later treatment
match.append(abs_path)
# Now actually treat list of allowed matchings and notify if no
# (allowed) match....
if not match:
output_objects.append(
{'object_type': 'error_text', 'text': '%s: You do not have any matching job IDs!' % pattern})
status = returnvalues.CLIENT_ERROR
else:
filelist += match
if sorted(flags):
sort(filelist)
if max_jobs > 0 and max_jobs < len(filelist):
output_objects.append(
{'object_type': 'text', 'text': 'Only showing first %d of the %d matching jobs as requested'
% (max_jobs, len(filelist))})
filelist = filelist[:max_jobs]
# Iterate through jobs and list details for each
job_list = {'object_type': 'job_list', 'jobs': []}
for filepath in filelist:
# Extract job_id from filepath (replace doesn't modify filepath)
mrsl_file = filepath.replace(base_dir, '')
job_id = mrsl_file.replace('.mRSL', '')
job_dict = unpickle(filepath, logger)
if not job_dict:
status = returnvalues.CLIENT_ERROR
output_objects.append(
{'object_type': 'error_text', 'text': 'No such job: %s (could not load mRSL file %s)' %
(job_id, filepath)})
continue
# Expand any job variables before use
job_dict = expand_variables(job_dict)
job_obj = {'object_type': 'job', 'job_id': job_id}
job_obj['status'] = job_dict['STATUS']
time_fields = [
'VERIFIED',
'VERIFIED_TIMESTAMP',
'RECEIVED_TIMESTAMP',
'QUEUED_TIMESTAMP',
'SCHEDULE_TIMESTAMP',
'EXECUTING_TIMESTAMP',
'FINISHED_TIMESTAMP',
'FAILED_TIMESTAMP',
'CANCELED_TIMESTAMP',
]
for name in time_fields:
if name in job_dict:
# time objects cannot be marshalled, asctime if timestamp
try:
job_obj[name.lower()] = time.asctime(job_dict[name])
except Exception as exc:
# not a time object, just add
job_obj[name.lower()] = job_dict[name]
###########################################
# ARC job status retrieval on demand:
# But we should _not_ update the status in the mRSL files, since
# other MiG code might rely on finding only valid "MiG" states.
if configuration.arc_clusters and \
job_dict.get('UNIQUE_RESOURCE_NAME', 'unset') == 'ARC' \
and job_dict['STATUS'] == 'EXECUTING':
try:
home = os.path.join(configuration.user_home, client_dir)
arcsession = arcwrapper.Ui(home)
arcstatus = arcsession.jobStatus(job_dict['EXE'])
job_obj['status'] = arcstatus['status']
except arcwrapper.ARCWrapperError as err:
logger.error('Error retrieving ARC job status: %s' %
err.what())
job_obj['status'] += '(Error: ' + err.what() + ')'
except arcwrapper.NoProxyError as err:
logger.error('While retrieving ARC job status: %s' %
err.what())
job_obj['status'] += '(Error: ' + err.what() + ')'
except Exception as err:
logger.error('Error retrieving ARC job status: %s' % err)
job_obj['status'] += '(Error during retrieval)'
exec_histories = []
if verbose(flags):
if 'EXECUTE' in job_dict:
command_line = '; '.join(job_dict['EXECUTE'])
if len(command_line) > 256:
job_obj['execute'] = '%s ...' % command_line[:252]
else:
job_obj['execute'] = command_line
res_conf = job_dict.get('RESOURCE_CONFIG', {})
if 'RESOURCE_ID' in res_conf:
public_id = res_conf['RESOURCE_ID']
if res_conf.get('ANONYMOUS', True):
public_id = anon_resource_id(public_id)
job_obj['resource'] = public_id
if job_dict.get('PUBLICNAME', False):
job_obj['resource'] += ' (alias %(PUBLICNAME)s)' % job_dict
if 'RESOURCE_VGRID' in job_dict:
job_obj['vgrid'] = job_dict['RESOURCE_VGRID']
if 'EXECUTION_HISTORY' in job_dict:
counter = 0
for history_dict in job_dict['EXECUTION_HISTORY']:
exec_history = \
{'object_type': 'execution_history'}
if 'QUEUED_TIMESTAMP' in history_dict:
exec_history['queued'] = \
time.asctime(history_dict['QUEUED_TIMESTAMP'
])
if 'EXECUTING_TIMESTAMP' in history_dict:
exec_history['executing'] = \
time.asctime(history_dict['EXECUTING_TIMESTAMP'
])
if 'PUBLICNAME' in history_dict:
if history_dict['PUBLICNAME']:
exec_history['resource'] = \
history_dict['PUBLICNAME']
else:
exec_history['resource'] = 'HIDDEN'
if 'RESOURCE_VGRID' in history_dict:
exec_history['vgrid'] = \
history_dict['RESOURCE_VGRID']
if 'FAILED_TIMESTAMP' in history_dict:
exec_history['failed'] = \
time.asctime(history_dict['FAILED_TIMESTAMP'
])
if 'FAILED_MESSAGE' in history_dict:
exec_history['failed_message'] = \
history_dict['FAILED_MESSAGE']
exec_histories.append(
{'execution_history': exec_history, 'count': counter})
counter += 1
if 'SCHEDULE_HINT' in job_dict:
job_obj['schedule_hint'] = job_dict['SCHEDULE_HINT']
# We should not show raw schedule_targets due to lack of anonymization
if 'SCHEDULE_TARGETS' in job_dict:
job_obj['schedule_hits'] = len(job_dict['SCHEDULE_TARGETS'])
if 'EXPECTED_DELAY' in job_dict:
# Catch None value
if not job_dict['EXPECTED_DELAY']:
job_obj['expected_delay'] = 0
else:
job_obj['expected_delay'] = int(job_dict['EXPECTED_DELAY'])
job_obj['execution_histories'] = exec_histories
if interactive(flags):
job_obj['statuslink'] = {'object_type': 'link',
'destination': 'fileman.py?path=%s/%s/'
% (job_output_dir, job_id), 'text':
'View status files'}
job_obj['mrsllink'] = {'object_type': 'link',
'destination': 'mrslview.py?job_id=%s'
% job_id,
'text': 'View parsed mRSL contents'}
if 'OUTPUTFILES' in job_dict and job_dict['OUTPUTFILES']:
# Create a single ls link with all supplied outputfiles
path_string = ''
for path in job_dict['OUTPUTFILES']:
# OUTPUTFILES is either just combo path or src dst paths
parts = path.split()
# Always take last part as destination
path_string += 'path=%s;' % parts[-1]
job_obj['outputfileslink'] = {'object_type': 'link',
'destination': 'ls.py?%s' %
path_string,
'text': 'View output files'}
form_method = 'post'
csrf_limit = get_csrf_limit(configuration)
target_op = 'resubmit'
csrf_token = make_csrf_token(configuration, form_method, target_op,
client_id, csrf_limit)
js_name = 'resubmit%s' % hexlify(job_id)
helper = html_post_helper(js_name, '%s.py' % target_op,
{'job_id': job_id,
csrf_field: csrf_token})
output_objects.append({'object_type': 'html_form', 'text': helper})
job_obj['resubmitlink'] = {'object_type': 'link',
'destination':
"javascript: %s();" % js_name,
'text': 'Resubmit job'}
target_op = 'jobaction'
csrf_token = make_csrf_token(configuration, form_method, target_op,
client_id, csrf_limit)
js_name = 'freeze%s' % hexlify(job_id)
helper = html_post_helper(js_name, '%s.py' % target_op,
{'action': 'freeze', 'job_id': job_id,
csrf_field: csrf_token})
output_objects.append({'object_type': 'html_form', 'text': helper})
job_obj['freezelink'] = {'object_type': 'link',
'destination':
"javascript: %s();" % js_name,
'text': 'Freeze job in queue'}
js_name = 'thaw%s' % hexlify(job_id)
helper = html_post_helper(js_name, '%s.py' % target_op,
{'action': 'thaw', 'job_id': job_id,
csrf_field: csrf_token})
output_objects.append({'object_type': 'html_form', 'text': helper})
job_obj['thawlink'] = {'object_type': 'link',
'destination':
"javascript: %s();" % js_name,
'text': 'Thaw job in queue'}
js_name = 'cancel%s' % hexlify(job_id)
helper = html_post_helper(js_name, '%s.py' % target_op,
{'action': 'cancel', 'job_id': job_id,
csrf_field: csrf_token})
output_objects.append({'object_type': 'html_form', 'text': helper})
job_obj['cancellink'] = {'object_type': 'link',
'destination':
"javascript: %s();" % js_name,
'text': 'Cancel job'}
target_op = 'jobschedule'
csrf_token = make_csrf_token(configuration, form_method, target_op,
client_id, csrf_limit)
js_name = 'jobschedule%s' % hexlify(job_id)
helper = html_post_helper(js_name, '%s.py' % target_op,
{'job_id': job_id,
csrf_field: csrf_token})
output_objects.append({'object_type': 'html_form', 'text': helper})
job_obj['jobschedulelink'] = {'object_type': 'link',
'destination':
"javascript: %s();" % js_name,
'text':
'Request schedule information'}
target_op = 'jobfeasible'
csrf_token = make_csrf_token(configuration, form_method, target_op,
client_id, csrf_limit)
js_name = 'jobfeasible%s' % hexlify(job_id)
helper = html_post_helper(js_name, '%s.py' % target_op,
{'job_id': job_id,
csrf_field: csrf_token})
output_objects.append({'object_type': 'html_form', 'text': helper})
job_obj['jobfeasiblelink'] = {'object_type': 'link',
'destination':
"javascript: %s();" % js_name,
'text': 'Check job feasibility'}
job_obj['liveiolink'] = {'object_type': 'link',
'destination': 'liveio.py?job_id=%s' %
job_id, 'text': 'Request live I/O'}
job_list['jobs'].append(job_obj)
output_objects.append(job_list)
return (output_objects, status)
def main(client_id, user_arguments_dict, environ=None):
"""Main function used by front end"""
if environ is None:
environ = os.environ
(configuration, logger, output_objects, op_name) = \
initialize_main_variables(client_id)
client_dir = client_id_dir(client_id)
status = returnvalues.OK
defaults = signature()[1]
(validate_status, accepted) = validate_input_and_cert(
user_arguments_dict,
defaults,
output_objects,
client_id,
configuration,
allow_rejects=False,
# NOTE: src and dst can use wildcards here
typecheck_overrides={
'src': valid_path_pattern,
'dst': valid_path_pattern
},
)
if not validate_status:
return (accepted, returnvalues.CLIENT_ERROR)
flags = ''.join(accepted['flags'])
src_list = accepted['src']
dst = accepted['dst'][-1]
if not safe_handler(configuration, 'post', op_name, client_id,
get_csrf_limit(configuration), accepted):
output_objects.append({
'object_type':
'error_text',
'text':
'''Only accepting
CSRF-filtered POST requests to prevent unintended updates'''
})
return (output_objects, returnvalues.CLIENT_ERROR)
# Please note that base_dir must end in slash to avoid access to other
# user dirs when own name is a prefix of another user name
base_dir = os.path.abspath(
os.path.join(configuration.user_home, client_dir)) + os.sep
status = returnvalues.OK
abs_dest = base_dir + dst
dst_list = glob.glob(abs_dest)
if not dst_list:
# New destination?
if not glob.glob(os.path.dirname(abs_dest)):
output_objects.append({
'object_type': 'error_text',
'text': 'Illegal dst path provided!'
})
return (output_objects, returnvalues.CLIENT_ERROR)
else:
dst_list = [abs_dest]
# Use last match in case of multiple matches
dest = dst_list[-1]
if len(dst_list) > 1:
output_objects.append({
'object_type':
'warning',
'text':
'dst (%s) matches multiple targets - using last: %s' % (dst, dest)
})
# IMPORTANT: path must be expanded to abs for proper chrooting
abs_dest = os.path.abspath(dest)
# Don't use abs_path in output as it may expose underlying
# fs layout.
relative_dest = abs_dest.replace(base_dir, '')
if not valid_user_path(configuration, abs_dest, base_dir, True):
logger.warning('%s tried to %s to restricted path %s ! (%s)' %
(client_id, op_name, abs_dest, dst))
output_objects.append({
'object_type':
'error_text',
'text':
"Invalid path! (%s expands to an illegal path)" % dst
})
return (output_objects, returnvalues.CLIENT_ERROR)
if not check_write_access(abs_dest, parent_dir=True):
logger.warning('%s called without write access: %s' %
(op_name, abs_dest))
output_objects.append({
'object_type':
'error_text',
'text':
'cannot move to "%s": inside a read-only location!' % relative_dest
})
return (output_objects, returnvalues.CLIENT_ERROR)
for pattern in src_list:
unfiltered_match = glob.glob(base_dir + pattern)
match = []
for server_path in unfiltered_match:
# IMPORTANT: path must be expanded to abs for proper chrooting
abs_path = os.path.abspath(server_path)
if not valid_user_path(configuration, abs_path, base_dir, True):
logger.warning('%s tried to %s restricted path %s ! (%s)' %
(client_id, op_name, abs_path, pattern))
continue
match.append(abs_path)
# Now actually treat list of allowed matchings and notify if no
# (allowed) match
if not match:
output_objects.append({
'object_type':
'error_text',
'text':
'%s: no such file or directory! %s' % (op_name, pattern)
})
status = returnvalues.CLIENT_ERROR
for abs_path in match:
relative_path = abs_path.replace(base_dir, '')
if verbose(flags):
output_objects.append({
'object_type': 'file',
'name': relative_path
})
# Generally refuse handling symlinks including root vgrid shares
if os.path.islink(abs_path):
output_objects.append({
'object_type':
'warning',
'text':
"""You're not allowed to
move entire special folders like %s shared folders!""" %
configuration.site_vgrid_label
})
status = returnvalues.CLIENT_ERROR
continue
# Additionally refuse operations on inherited subvgrid share roots
elif in_vgrid_share(configuration, abs_path) == relative_path:
output_objects.append({
'object_type':
'warning',
'text':
"""You're not allowed to
move entire %s shared folders!""" % configuration.site_vgrid_label
})
status = returnvalues.CLIENT_ERROR
continue
elif os.path.realpath(abs_path) == os.path.realpath(base_dir):
logger.error("%s: refusing move home dir: %s" %
(op_name, abs_path))
output_objects.append({
'object_type':
'warning',
'text':
"You're not allowed to move your entire home directory!"
})
status = returnvalues.CLIENT_ERROR
continue
if not check_write_access(abs_path):
logger.warning('%s called without write access: %s' %
(op_name, abs_path))
output_objects.append({
'object_type':
'error_text',
'text':
'cannot move "%s": inside a read-only location!' % pattern
})
status = returnvalues.CLIENT_ERROR
continue
# If destination is a directory the src should be moved in there
# Move with existing directory as target replaces the directory!
abs_target = abs_dest
if os.path.isdir(abs_target):
if os.path.samefile(abs_target, abs_path):
output_objects.append({
'object_type':
'warning',
'text':
"Cannot move '%s' to a subdirectory of itself!" %
relative_path
})
status = returnvalues.CLIENT_ERROR
continue
abs_target = os.path.join(abs_target,
os.path.basename(abs_path))
try:
gdp_iolog(configuration, client_id, environ['REMOTE_ADDR'],
'moved', [relative_path, relative_dest])
shutil.move(abs_path, abs_target)
logger.info('%s %s %s done' % (op_name, abs_path, abs_target))
except Exception as exc:
if not isinstance(exc, GDPIOLogError):
gdp_iolog(configuration,
client_id,
environ['REMOTE_ADDR'],
'moved', [relative_path, relative_dest],
failed=True,
details=exc)
output_objects.append({
'object_type':
'error_text',
'text':
"%s: '%s': %s" % (op_name, relative_path, exc)
})
logger.error("%s: failed on '%s': %s" %
(op_name, relative_path, exc))
status = returnvalues.SYSTEM_ERROR
continue
return (output_objects, status)
def main(client_id, user_arguments_dict, environ=None):
"""Main function used by front end"""
if environ is None:
environ = os.environ
(configuration, logger, output_objects, op_name) = \
initialize_main_variables(client_id)
client_dir = client_id_dir(client_id)
defaults = signature()[1]
(validate_status, accepted) = validate_input_and_cert(
user_arguments_dict,
defaults,
output_objects,
client_id,
configuration,
allow_rejects=False,
# NOTE: src and dst can use wildcards here
typecheck_overrides={'src': valid_path_pattern,
'dst': valid_path_pattern},
)
if not validate_status:
return (accepted, returnvalues.CLIENT_ERROR)
flags = ''.join(accepted['flags'])
src_list = accepted['src']
dst = accepted['dst'][-1]
iosessionid = accepted['iosessionid'][-1]
share_id = accepted['share_id'][-1]
freeze_id = accepted['freeze_id'][-1]
if not safe_handler(configuration, 'post', op_name, client_id,
get_csrf_limit(configuration), accepted):
output_objects.append(
{'object_type': 'error_text', 'text': '''Only accepting
CSRF-filtered POST requests to prevent unintended updates'''
})
return (output_objects, returnvalues.CLIENT_ERROR)
# Please note that base_dir must end in slash to avoid access to other
# user dirs when own name is a prefix of another user name
base_dir = os.path.abspath(os.path.join(configuration.user_home,
client_dir)) + os.sep
# Special handling if used from a job (no client_id but iosessionid)
if not client_id and iosessionid:
base_dir = os.path.realpath(configuration.webserver_home
+ os.sep + iosessionid) + os.sep
# Use selected base as source and destination dir by default
src_base = dst_base = base_dir
# Sharelink import if share_id is given - change to sharelink as src base
if share_id:
try:
(share_mode, _) = extract_mode_id(configuration, share_id)
except ValueError as err:
logger.error('%s called with invalid share_id %s: %s' %
(op_name, share_id, err))
output_objects.append(
{'object_type': 'error_text', 'text':
'Invalid sharelink ID: %s' % share_id})
return (output_objects, returnvalues.CLIENT_ERROR)
# TODO: load and check sharelink pickle (currently requires client_id)
if share_mode == 'write-only':
logger.error('%s called import from write-only sharelink: %s'
% (op_name, accepted))
output_objects.append(
{'object_type': 'error_text', 'text':
'Sharelink %s is write-only!' % share_id})
return (output_objects, returnvalues.CLIENT_ERROR)
target_dir = os.path.join(share_mode, share_id)
src_base = os.path.abspath(os.path.join(configuration.sharelink_home,
target_dir)) + os.sep
if os.path.isfile(os.path.realpath(src_base)):
logger.error('%s called import on single file sharelink: %s'
% (op_name, share_id))
output_objects.append(
{'object_type': 'error_text', 'text': """Import is only
supported for directory sharelinks!"""})
return (output_objects, returnvalues.CLIENT_ERROR)
elif not os.path.isdir(src_base):
logger.error('%s called import with non-existant sharelink: %s'
% (client_id, share_id))
output_objects.append(
{'object_type': 'error_text', 'text': 'No such sharelink: %s'
% share_id})
return (output_objects, returnvalues.CLIENT_ERROR)
# Archive import if freeze_id is given - change to archive as src base
if freeze_id:
if not is_frozen_archive(client_id, freeze_id, configuration):
logger.error('%s called with invalid freeze_id: %s' %
(op_name, freeze_id))
output_objects.append(
{'object_type': 'error_text', 'text':
'Invalid archive ID: %s' % freeze_id})
return (output_objects, returnvalues.CLIENT_ERROR)
target_dir = os.path.join(client_dir, freeze_id)
src_base = os.path.abspath(os.path.join(configuration.freeze_home,
target_dir)) + os.sep
if not os.path.isdir(src_base):
logger.error('%s called import with non-existant archive: %s'
% (client_id, freeze_id))
output_objects.append(
{'object_type': 'error_text', 'text': 'No such archive: %s'
% freeze_id})
return (output_objects, returnvalues.CLIENT_ERROR)
status = returnvalues.OK
abs_dest = dst_base + dst
dst_list = glob.glob(abs_dest)
if not dst_list:
# New destination?
if not glob.glob(os.path.dirname(abs_dest)):
logger.error('%s called with illegal dst: %s'
% (op_name, dst))
output_objects.append(
{'object_type': 'error_text', 'text':
'Illegal dst path provided!'})
return (output_objects, returnvalues.CLIENT_ERROR)
else:
dst_list = [abs_dest]
# Use last match in case of multiple matches
dest = dst_list[-1]
if len(dst_list) > 1:
output_objects.append(
{'object_type': 'warning', 'text':
'dst (%s) matches multiple targets - using last: %s'
% (dst, dest)})
# IMPORTANT: path must be expanded to abs for proper chrooting
abs_dest = os.path.abspath(dest)
# Don't use abs_path in output as it may expose underlying
# fs layout.
relative_dest = abs_dest.replace(dst_base, '')
if not valid_user_path(configuration, abs_dest, dst_base, True):
logger.warning('%s tried to %s restricted path %s ! (%s)'
% (client_id, op_name, abs_dest, dst))
output_objects.append(
{'object_type': 'error_text', 'text':
"Invalid destination (%s expands to an illegal path)" % dst})
return (output_objects, returnvalues.CLIENT_ERROR)
# We must make sure target dir exists if called in import X mode
if (share_id or freeze_id) and not makedirs_rec(abs_dest, configuration):
logger.error('could not create import destination dir: %s' % abs_dest)
output_objects.append(
{'object_type': 'error_text', 'text':
'cannot import to "%s" : file in the way?' % relative_dest})
return (output_objects, returnvalues.SYSTEM_ERROR)
if not check_write_access(abs_dest, parent_dir=True):
logger.warning('%s called without write access: %s'
% (op_name, abs_dest))
output_objects.append(
{'object_type': 'error_text', 'text':
'cannot copy to "%s": inside a read-only location!'
% relative_dest})
return (output_objects, returnvalues.CLIENT_ERROR)
if share_id and not force(flags) and not check_empty_dir(abs_dest):
logger.warning('%s called %s sharelink import with non-empty dst: %s'
% (op_name, share_id, abs_dest))
output_objects.append(
{'object_type': 'error_text', 'text':
"""Importing a sharelink like '%s' into the non-empty '%s' folder
will potentially overwrite existing files with the sharelink version. If you
really want that, please try import again and select the overwrite box to
confirm it. You may want to back up any important data from %s first, however.
""" % (share_id, relative_dest, relative_dest)})
return (output_objects, returnvalues.CLIENT_ERROR)
if freeze_id and not force(flags) and not check_empty_dir(abs_dest):
logger.warning('%s called %s archive import with non-empty dst: %s'
% (op_name, freeze_id, abs_dest))
output_objects.append(
{'object_type': 'error_text', 'text':
"""Importing an archive like '%s' into the non-empty '%s' folder
will potentially overwrite existing files with the archive version. If you
really want that, please try import again and select the overwrite box to
confirm it. You may want to back up any important data from %s first, however.
""" % (freeze_id, relative_dest, relative_dest)})
return (output_objects, returnvalues.CLIENT_ERROR)
for pattern in src_list:
unfiltered_match = glob.glob(src_base + pattern)
match = []
for server_path in unfiltered_match:
# IMPORTANT: path must be expanded to abs for proper chrooting
abs_path = os.path.abspath(server_path)
if not valid_user_path(configuration, abs_path, src_base, True):
logger.warning('%s tried to %s restricted path %s ! (%s)'
% (client_id, op_name, abs_path, pattern))
continue
match.append(abs_path)
# Now actually treat list of allowed matchings and notify if no
# (allowed) match
if not match:
output_objects.append({'object_type': 'file_not_found',
'name': pattern})
status = returnvalues.FILE_NOT_FOUND
for abs_path in match:
relative_path = abs_path.replace(src_base, '')
if verbose(flags):
output_objects.append(
{'object_type': 'file', 'name': relative_path})
# Prevent vgrid share copy which would create read-only dot dirs
# Generally refuse handling symlinks including root vgrid shares
if os.path.islink(abs_path):
output_objects.append(
{'object_type': 'warning', 'text': """You're not allowed to
copy entire special folders like %s shared folders!"""
% configuration.site_vgrid_label})
status = returnvalues.CLIENT_ERROR
continue
elif os.path.realpath(abs_path) == os.path.realpath(base_dir):
logger.error("%s: refusing copy home dir: %s" % (op_name,
abs_path))
output_objects.append(
{'object_type': 'warning', 'text':
"You're not allowed to copy your entire home directory!"
})
status = returnvalues.CLIENT_ERROR
continue
# src must be a file unless recursive is specified
if not recursive(flags) and os.path.isdir(abs_path):
logger.warning('skipping directory source %s' % abs_path)
output_objects.append(
{'object_type': 'warning', 'text':
'skipping directory src %s!' % relative_path})
continue
# If destination is a directory the src should be copied there
abs_target = abs_dest
if os.path.isdir(abs_target):
abs_target = os.path.join(abs_target,
os.path.basename(abs_path))
if os.path.abspath(abs_path) == os.path.abspath(abs_target):
logger.warning('%s tried to %s %s to itself! (%s)'
% (client_id, op_name, abs_path, pattern))
output_objects.append(
{'object_type': 'warning', 'text':
"Cannot copy '%s' to self!" % relative_path})
status = returnvalues.CLIENT_ERROR
continue
if os.path.isdir(abs_path) and \
abs_target.startswith(abs_path + os.sep):
logger.warning('%s tried to %s %s to itself! (%s)'
% (client_id, op_name, abs_path, pattern))
output_objects.append(
{'object_type': 'warning', 'text':
"Cannot copy '%s' to (sub) self!" % relative_path})
status = returnvalues.CLIENT_ERROR
continue
try:
gdp_iolog(configuration,
client_id,
environ['REMOTE_ADDR'],
'copied',
[relative_path,
relative_dest
+ "/" + os.path.basename(relative_path)])
if os.path.isdir(abs_path):
shutil.copytree(abs_path, abs_target)
else:
shutil.copy(abs_path, abs_target)
logger.info('%s %s %s done' % (op_name, abs_path, abs_target))
except Exception as exc:
if not isinstance(exc, GDPIOLogError):
gdp_iolog(configuration,
client_id,
environ['REMOTE_ADDR'],
'copied',
[relative_path,
relative_dest
+ "/" + os.path.basename(relative_path)],
failed=True,
details=exc)
output_objects.append(
{'object_type': 'error_text',
'text': "%s: failed on '%s' to '%s'"
% (op_name, relative_path, relative_dest)})
logger.error("%s: failed on '%s': %s" % (op_name,
relative_path, exc))
status = returnvalues.SYSTEM_ERROR
return (output_objects, status)
def main(client_id, user_arguments_dict):
"""Main function used by front end"""
(configuration, logger, output_objects, op_name) = \
initialize_main_variables(client_id)
client_dir = client_id_dir(client_id)
status = returnvalues.OK
defaults = signature()[1]
(validate_status, accepted) = validate_input_and_cert(
user_arguments_dict,
defaults,
output_objects,
client_id,
configuration,
allow_rejects=False,
# NOTE: path can use wildcards
typecheck_overrides={'path': valid_path_pattern},
)
if not validate_status:
return (accepted, returnvalues.CLIENT_ERROR)
flags = ''.join(accepted['flags'])
patterns = accepted['path']
name_pattern = accepted['name'][-1]
# Please note that base_dir must end in slash to avoid access to other
# user dirs when own name is a prefix of another user name
base_dir = os.path.abspath(
os.path.join(configuration.user_home, client_dir)) + os.sep
if verbose(flags):
for flag in flags:
output_objects.append({
'object_type': 'text',
'text': '%s using flag: %s' % (op_name, flag)
})
# Shared URL helpers
id_args = ''
redirect_name = configuration.site_user_redirect
redirect_path = redirect_name
form_method = 'post'
csrf_limit = get_csrf_limit(configuration)
ls_url_template = 'ls.py?%scurrent_dir=%%(rel_dir_enc)s;flags=%s' % \
(id_args, flags)
csrf_token = make_csrf_token(configuration, form_method, 'rm', client_id,
csrf_limit)
rm_url_template = 'rm.py?%spath=%%(rel_path_enc)s;%s=%s' % \
(id_args, csrf_field, csrf_token)
rmdir_url_template = 'rm.py?%spath=%%(rel_path_enc)s;flags=r;%s=%s' % \
(id_args, csrf_field, csrf_token)
editor_url_template = 'editor.py?%spath=%%(rel_path_enc)s' % id_args
redirect_url_template = '/%s/%%(rel_path_enc)s' % redirect_path
dir_listings = []
output_objects.append({
'object_type': 'dir_listings',
'dir_listings': dir_listings,
'flags': flags,
'ls_url_template': ls_url_template,
'rm_url_template': rm_url_template,
'rmdir_url_template': rmdir_url_template,
'editor_url_template': editor_url_template,
'redirect_url_template': redirect_url_template,
})
for pattern in patterns:
# Check directory traversal attempts before actual handling to avoid
# leaking information about file system layout while allowing
# consistent error messages
unfiltered_match = glob.glob(base_dir + pattern)
match = []
for server_path in unfiltered_match:
# IMPORTANT: path must be expanded to abs for proper chrooting
abs_path = os.path.abspath(server_path)
if not valid_user_path(configuration, abs_path, base_dir, True):
# out of bounds - save user warning for later to allow
# partial match:
# ../*/* is technically allowed to match own files.
logger.warning('%s tried to %s restricted path %s ! (%s)' %
(client_id, op_name, abs_path, pattern))
continue
match.append(abs_path)
# Now actually treat list of allowed matchings and notify if no
# (allowed) match
if not match:
output_objects.append({
'object_type': 'file_not_found',
'name': pattern
})
status = returnvalues.FILE_NOT_FOUND
for abs_path in match:
output_lines = []
relative_path = abs_path.replace(base_dir, '')
entries = []
dir_listing = {
'object_type': 'dir_listing',
'relative_path': relative_path,
'entries': entries,
'flags': flags,
}
dir_listings.append(dir_listing)
try:
for (root, dirs, files) in walk(abs_path):
for filename in fnmatch.filter(files, name_pattern):
# IMPORTANT: this join always yields abs expanded path
abs_path = os.path.join(root, filename)
relative_path = abs_path.replace(base_dir, '')
if not valid_user_path(configuration, abs_path,
base_dir, True):
continue
file_with_dir = relative_path
file_obj = {
'object_type': 'direntry',
'type': 'file',
'name': filename,
'rel_path': file_with_dir,
'rel_path_enc': quote(file_with_dir),
'rel_dir_enc':
quote(os.path.dirname(file_with_dir)),
# NOTE: file_with_dir is kept for backwards compliance
'file_with_dir': file_with_dir,
'flags': flags,
'special': '',
}
entries.append(file_obj)
except Exception as exc:
output_objects.append({
'object_type':
'error_text',
'text':
"%s: '%s': %s" % (op_name, relative_path, exc)
})
logger.error("%s: failed on '%s': %s" %
(op_name, relative_path, exc))
status = returnvalues.SYSTEM_ERROR
continue
if verbose(flags):
output_objects.append({
'object_type': 'file_output',
'path': relative_path,
'lines': output_lines
})
else:
output_objects.append({
'object_type': 'file_output',
'lines': output_lines
})
return (output_objects, status)