X-Git-Url: http://git.rot13.org/?a=blobdiff_plain;f=lib%2FBackupPC%2FCGI%2FLib.pm;h=a1abccfb8727c8c6320ec41dc451d976a9b49920;hb=1ad5ae30debf935221d2a2bb36289a87cb604a18;hp=bec4ea8240e869fa39562923e4ff51cf9be8626b;hpb=5b3e6091d542c2e7445d5dd511cdf6e20aec8b8d;p=BackupPC.git

diff --git a/lib/BackupPC/CGI/Lib.pm b/lib/BackupPC/CGI/Lib.pm
index bec4ea8..a1abccf 100644
--- a/lib/BackupPC/CGI/Lib.pm
+++ b/lib/BackupPC/CGI/Lib.pm
@@ -11,7 +11,7 @@
 #   Craig Barratt  <cbarratt@users.sourceforge.net>
 #
 # COPYRIGHT
-#   Copyright (C) 2003  Craig Barratt
+#   Copyright (C) 2003-2009  Craig Barratt
 #
 #   This program is free software; you can redistribute it and/or modify
 #   it under the terms of the GNU General Public License as published by
@@ -29,7 +29,7 @@
 #
 #========================================================================
 #
-# Version 3.0.0alpha, released 23 Jan 2006.
+# Version 3.2.0, released 31 Jul 2010.
 #
 # See http://backuppc.sourceforge.net.
 #
@@ -102,11 +102,16 @@ sub NewRequest
 	%Conf   = $bpc->Conf();
 	$Lang   = $bpc->Lang();
 	$ConfigMTime = $bpc->ConfigMTime();
+        umask($Conf{UmaskMode});
     } elsif ( $bpc->ConfigMTime() != $ConfigMTime ) {
         $bpc->ConfigRead();
+	$TopDir = $bpc->TopDir();
+	$LogDir = $bpc->LogDir();
+	$BinDir = $bpc->BinDir();
         %Conf   = $bpc->Conf();
         $Lang   = $bpc->Lang();
         $ConfigMTime = $bpc->ConfigMTime();
+        umask($Conf{UmaskMode});
     }
 
     #
@@ -123,10 +128,16 @@ sub NewRequest
     #
     $MyURL  = $ENV{SCRIPT_NAME};
     $User   = $ENV{REMOTE_USER};
+
     #
-    # Handle LDAP uid=user when using mod_authz_ldap
+    # Handle LDAP uid=user when using mod_authz_ldap and otherwise untaint
     #
-    $User   = $1 if ( $User =~ /uid=([^,]+)/i );        
+    $User   = $1 if ( $User =~ /uid=([^,]+)/i || $User =~ /(.*)/ );
+
+    # strip Active directory domain in front of user
+    $User   = $1 if ( $User =~ /\w+\\(\w+)/ );
+use Data::Dump qw(dump);
+warn "XX User: $User",dump( \%ENV );
 
     #
     # Clean up %ENV for taint checking
@@ -177,7 +188,10 @@ sub timeStamp2
     my($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst)
               = localtime($_[0] == 0 ? time : $_[0] );
     $mon++;
-    if ( $Conf{CgiDateFormatMMDD} ) {
+    if ( $Conf{CgiDateFormatMMDD} == 2 ) {
+        $year += 1900;
+        return sprintf("%04d-%02d-%02d %02d:%02d", $year, $mon, $mday, $hour, $min);
+    } elsif ( $Conf{CgiDateFormatMMDD} ) {
         return sprintf("$mon/$mday %02d:%02d", $hour, $min);
     } else {
         return sprintf("$mday/$mon %02d:%02d", $hour, $min);
@@ -285,7 +299,8 @@ sub ServerConnect
             Trailer();
             exit(1);
         } else {
-            ErrorExit(eval("qq{$Lang->{Unable_to_connect_to_BackupPC_server}}"));
+            ErrorExit(eval("qq{$Lang->{Unable_to_connect_to_BackupPC_server}}"),
+                      eval("qq{$Lang->{Unable_to_connect_to_BackupPC_server_error_message}}"));
         }
     }
 }
@@ -333,10 +348,10 @@ sub CheckPermission
 	       || $host ne "" && !defined($Hosts->{$host}) );
     if ( $Conf{CgiAdminUserGroup} ne "" ) {
         my($n,$p,$gid,$mem) = getgrnam($Conf{CgiAdminUserGroup});
-        $Privileged ||= ($mem =~ /\b$User\b/);
+        $Privileged ||= ($mem =~ /\b\Q$User\E\b/);
     }
     if ( $Conf{CgiAdminUsers} ne "" ) {
-        $Privileged ||= ($Conf{CgiAdminUsers} =~ /\b$User\b/);
+        $Privileged ||= ($Conf{CgiAdminUsers} =~ /\b\Q$User\E\b/);
         $Privileged ||= $Conf{CgiAdminUsers} eq "*";
     }
     $PrivAdmin = $Privileged;
@@ -344,6 +359,10 @@ sub CheckPermission
 
     $Privileged ||= $User eq $Hosts->{$host}{user};
     $Privileged ||= defined($Hosts->{$host}{moreUsers}{$User});
+
+    # XXX check against REMOTE_NTGROUP from mod_ntlm
+    $Privileged ||= $Conf{CgiAdminUserGroup} eq $ENV{REMOTE_NTGROUP};
+
     return $Privileged;
 }
 
@@ -411,14 +430,14 @@ sub Header
     my($title, $content, $noBrowse, $contentSub, $contentPost) = @_;
     my @adminLinks = (
         { link => "",                      name => $Lang->{Status}},
-        { link => "?action=adminOpts",     name => $Lang->{Admin_Options},
-                                           priv => 1},
+        { link => "?action=summary",       name => $Lang->{PC_Summary}},
         { link => "?action=editConfig",    name => $Lang->{CfgEdit_Edit_Config},
                                            priv => 1},
         { link => "?action=editConfig&newMenu=hosts",
                                            name => $Lang->{CfgEdit_Edit_Hosts},
                                            priv => 1},
-        { link => "?action=summary",       name => $Lang->{PC_Summary}},
+        { link => "?action=adminOpts",     name => $Lang->{Admin_Options},
+                                           priv => 1},
         { link => "?action=view&type=LOG", name => $Lang->{LOG_file},
                                            priv => 1},
         { link => "?action=LOGlist",       name => $Lang->{Old_LOGs},
@@ -427,17 +446,25 @@ sub Header
                                            priv => 1},
         { link => "?action=queue",         name => $Lang->{Current_queues},
                                            priv => 1},
+	# XXX additional search extensions
+        { link => "?action=search",        name => $Lang->{Search_archive},
+                                           priv => 0},
+        { link => "?action=burn",          name => $Lang->{Burn_media},
+                                           priv => 1},
         @{$Conf{CgiNavBarLinks} || []},
     );
     my $host = $In{host};
 
+    binmode(STDOUT, ":utf8");
     print $Cgi->header(-charset => "utf-8");
     print <<EOF;
 <!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN">
 <html><head>
 <title>$title</title>
 <link rel=stylesheet type="text/css" href="$Conf{CgiImageDirURL}/$Conf{CgiCSSFile}" title="CSSFile">
+<link rel=icon href="$Conf{CgiImageDirURL}/favicon.ico" type="image/x-icon">
 $Conf{CgiHeaders}
+<script src="$Conf{CgiImageDirURL}/sorttable.js"></script>
 </head><body onLoad="document.getElementById('NavMenu').style.height=document.body.scrollHeight">
 <a href="http://backuppc.sourceforge.net"><img src="$Conf{CgiImageDirURL}/logo.gif" hspace="5" vspace="7" border="0"></a><br>
 EOF
@@ -491,8 +518,8 @@ EOF
 EOF
     my $hostSelectbox = "<option value=\"#\">$Lang->{Select_a_host}</option>";
     my @hosts = GetUserHosts($Conf{CgiNavBarAdminAllHosts});
+    NavSectionTitle($Lang->{Hosts});
     if ( defined($Hosts) && %$Hosts > 0 && @hosts ) {
-	NavSectionTitle($Lang->{Hosts});
         foreach my $host ( @hosts ) {
 	    NavLink("?host=${EscURI($host)}", $host)
 		    if ( @hosts < $Conf{CgiNavBarAdminAllHosts} );