Exemplo n.º 1
0
func file_editor(ctx *macaron.Context) string {
	hcuser, auth := util.Auth(ctx, "any")
	if !auth {
		ctx.Redirect("/", 302)
		return ""
	}

	suser, err := user.Lookup(hcuser.System_username)

	if err != nil {
		return die(ctx, string(err.Error()))
	}

	selected_object := path.Clean(util.Query(ctx, "path"))
	full_object := path.Clean(suser.HomeDir + "/" + selected_object)

	// check ownership...
	uid, _ := strconv.Atoi(suser.Uid)
	gid, _ := strconv.Atoi(suser.Gid)
	if !util.ChkPerms(full_object, uid, gid) {
		return die(ctx, "You do not have access to object "+full_object)
	}

	filecontents := util.Query(ctx, "filecontents")
	if filecontents != "" {
		filecontents = strings.Replace(filecontents, "\r\n", "\n", -1)
		ioutil.WriteFile(full_object, []byte(filecontents), 0644)
	}

	rawcontents, err := ioutil.ReadFile(full_object)
	if err != nil {
		return die(ctx, string(err.Error()))
	}

	content := html.EscapeString(string(rawcontents))

	var tpl vision.New
	tpl.TemplateFile("template/file-editor.tpl")

	tpl.Assign("path_up", path.Dir(selected_object))
	tpl.Assign("selected_path", selected_object)
	tpl.Assign("current_path", full_object)
	tpl.Assign("filedata", content)

	tpl.Parse("file-editor")

	return header(ctx) + tpl.Out() + footer(ctx)
}
Exemplo n.º 2
0
func filemanager(ctx *macaron.Context) string {
	hcuser, auth := util.Auth(ctx, "any")
	if !auth {
		ctx.Redirect("/", 302)
		return ""
	}

	var tpl vision.New
	tpl.TemplateFile("template/filemanager.tpl")

	suser, err := user.Lookup(hcuser.System_username)

	if err != nil {
		return die(ctx, string(err.Error()))
	}

	uid, err := strconv.Atoi(suser.Uid)
	if err != nil {
		return die(ctx, string(err.Error()))
	}

	gid, err := strconv.Atoi(suser.Gid)
	if err != nil {
		return die(ctx, string(err.Error()))
	}

	selected_object := path.Clean(util.Query(ctx, "path"))

	full_object := path.Clean(suser.HomeDir + "/" + selected_object)

	// check ownership...
	if !util.ChkPerms(full_object, uid, gid) {
		return die(ctx, "You do not have access to object "+full_object)
	}

	delete_objectin := util.Query(ctx, "delete")
	delete_object := path.Clean(util.Query(ctx, "delete"))
	delete_object = path.Clean(suser.HomeDir + "/" + delete_object)

	if delete_objectin != "" {
		os.RemoveAll(delete_object)
	}

	newdirin := util.Query(ctx, "dirname")
	newdir := path.Clean(util.Query(ctx, "dirname"))
	newdir = path.Clean(full_object + "/" + newdir)

	newfilein := util.Query(ctx, "filename")
	newfile := path.Clean(util.Query(ctx, "filename"))
	newfile = path.Clean(full_object + "/" + newfile)

	if newdirin != "" {
		os.Mkdir(newdir, 0755)
		os.Chown(newdir, uid, gid)
	}

	if newfilein != "" {
		f, _ := os.Create(newfile)
		f.Close()
		os.Chown(newfile, uid, gid)
		os.Chmod(newfile, 0644)
	}

	tpl.GAssign("path_up", path.Dir(selected_object))
	tpl.GAssign("current_path", full_object)
	tpl.GAssign("selected_path", selected_object)

	objects, err := ioutil.ReadDir(full_object)

	if err != nil {
		return die(ctx, string(err.Error()))
	}

	tpl.Parse("filemanager")

	for _, file := range objects {
		tpl.Assign("filename", file.Name())

		mode := string(fmt.Sprintf("%s", file.Mode()))
		tpl.Assign("mode", mode)
		if file.IsDir() {
			tpl.Parse("filemanager/directory")
		} else {
			tpl.Parse("filemanager/file")
		}
	}

	return header(ctx) + tpl.Out() + footer(ctx)
}
Exemplo n.º 3
0
func AddFtpUser(ctx *macaron.Context) string {
	hcuser, auth := util.Auth(ctx, "ftpusers")
	if !auth {
		return "not_authorized"
	}

	suser, err := user.Lookup(hcuser.System_username)

	if err != nil {
		return string(err.Error())
	}

	username := util.Query(ctx, "ftpuser")
	if username == "" {
		return "ftpuser_required"
	}
	password := util.Query(ctx, "password")
	if password == "" {
		return "password_required"
	}
	homedir := util.Query(ctx, "homedir")
	if homedir == "" {
		return "homedir_required"
	}

	username = hcuser.System_username + "_" + username

	// attempt to make homedir as the user
	util.Cmd("su", []string{"-", hcuser.System_username, "-c", "mkdir -p " + homedir})

	// check ownership...
	uid, _ := strconv.Atoi(suser.Uid)
	gid, _ := strconv.Atoi(suser.Gid)
	if !util.ChkPerms(homedir, uid, gid) {
		return "invalid_homedir"
	}

	db, _ := util.MySQL()
	defer db.Close()

	// add the user
	// useradd {username} -g {gid} -u {uid} -s /sbin/nologin -o
	util.Cmd("useradd", []string{username, "-d", homedir, "-g", suser.Gid, "-u", suser.Uid, "-s", "/sbin/nologin", "-o"})

	// make sure user was added
	_, lookup_err2 := user.Lookup(username)
	if lookup_err2 != nil {
		return "unable_to_create"
	}

	// set the password
	util.Bash("echo " + util.SHSanitize(password) + " | passwd " + util.SHSanitize(username) + " --stdin")

	// add the user
	istmt, _ := db.Prepare("insert hostcontrol_ftpusers set ftpuser_id=null, ftpusername=?, homedir=?, system_username=?")

	istmt.Exec(username, homedir, hcuser.System_username)
	istmt.Close()

	return "success"
}