From 519a526419a6f28c837bd0db8ddd2f31acf729d2 Mon Sep 17 00:00:00 2001 From: BlackLight Date: Wed, 29 Dec 2010 21:32:43 +0100 Subject: [PATCH] Tons of multiuser fixes and improvements --- README | 14 ++- blash.json | 205 ---------------------------------- commands/cat.json | 14 ++- commands/cd.json | 6 +- commands/find.json | 4 +- commands/logout.json | 29 +++++ commands/ls.json | 33 ++++-- commands/passwd.json | 6 + commands/su.json | 29 ++++- commands/useradd.json | 6 + commands/whoami.json | 6 + index.html | 4 +- modules/users/.users.php.swp | Bin 20480 -> 0 bytes modules/users/files.php | 45 ++++++++ modules/users/user_utils.php | 208 +++++++++++++++++++++++++++++++++++ modules/users/userlist.php | 2 +- modules/users/users.php | 49 +++------ blash.js => system/blash.js | 62 +++++++++-- system/blash.json | 73 ++++++++++++ system/files.json | 158 ++++++++++++++++++++++++++ system/files_json.php | 163 +++++++++++++++++++++++++++ md5.js => system/md5.js | 0 22 files changed, 838 insertions(+), 278 deletions(-) delete mode 100644 blash.json delete mode 100644 modules/users/.users.php.swp create mode 100644 modules/users/files.php create mode 100644 modules/users/user_utils.php rename blash.js => system/blash.js (91%) create mode 100644 system/blash.json create mode 100644 system/files.json create mode 100644 system/files_json.php rename md5.js => system/md5.js (100%) diff --git a/README b/README index 926f392..dd916a6 100644 --- a/README +++ b/README @@ -27,6 +27,9 @@ pseudo-terminal are represented in normal font, the files that links to an external content is instead represented as an `executable' file (by default, in colour green). +Q.: Which is the default password for 'root' user? +A.: blash. Remember to use it only one time, then change it using the passwd command. + Q.: Which browsers are compatible with blash? A.: So far blash has been successfully tested with the following browsers: @@ -45,11 +48,14 @@ blash. Internet Explorer is currently NOT working with blash, at least any release <= 8. I'm sorry, choose a decent browser. Q.: How do I add the contents for my web site in blash? -A.: Open the file blash.json. This JSON file contains the preferences for your +A.: Open the file system/blash.json. This JSON file contains the preferences for your shell (banner, prompt style, default user, escape sequences recognized in the -prompt string...), the commands to be used, and the array "directories". This -array is the container of your web site data. Each element can have the -following fields: +prompt string...), the commands to be used, and so on. Change this file in order to +change the preferences of your CMS. + +The contents of your web site are held in the file system/files_json.php. Modify this +file directly using the example contents as trace for adding or removing new contents. +Each content can include the following fields: - path (MANDATORY), the full absolute path that identifies that resource - type (MANDATORY), the resource type (directory or file) diff --git a/blash.json b/blash.json deleted file mode 100644 index a3accad..0000000 --- a/blash.json +++ /dev/null @@ -1,205 +0,0 @@ -/** - * Sample configuration and contents - */ - -{ - "banner" : "blash version 0.1
" + - "Copyright (C) 2010 BlackLight <blacklight@autistici.org>" + - "
Licence GPLv3+: GNU GPL version 3 or later " + - "<" + - "http://gnu.org/licences/gpl.html>
" + - "Source code available at " + - "https://github.com/BlackLight/blash

" + - "This is free software; you are free to change and " + - "redistribuite it.
There is NO WARRANTY, to the " + - "extent permitted by law.
" + - "Type 'man blash' for help on usage and available commands

", - - "user" : "guest", - "machine" : "localhost", - "shellName" : "blash", - "basepath" : "/", - "promptText" : "[#{800}%n#{888}@#{800}%m#{888} %W] $ ", - "promptSequences" : [ - { - "sequence" : "%n", - "default_text" : "guest", - "text" : function () { - return shell.user; - }, - }, - { - "sequence" : "%m", - "default_text" : "localhost", - "text" : function () { - return shell.json.machine; - }, - }, - { - "sequence" : "%W", - "default_text" : "/", - "text" : function () { - return shell.path; - }, - } - ], - - "directories" : [ - { - "path" : "/", - "type" : "directory", - }, - { - "path" : "/blog", - "type" : "directory", - }, - { - "path" : "/news", - "type" : "directory", - }, - { - "path" : "/forum", - "type" : "directory", - }, - { - "path" : "/tutorials", - "type" : "directory", - }, - { - "path" : "/software", - "type" : "directory", - }, - { - "path" : "/etc", - "type" : "directory", - }, - { - "path" : "/home", - "type" : "directory", - }, - { - "path" : "/home/guest", - "type" : "directory", - }, - { - "path" : "/home/guest/mbox", - "type" : "file", - "content" : "No new mail", - }, - { - "path" : "/google", - "type" : "file", - "href" : "http://www.google.com", - }, - { - "path" : "/blog/post1", - "type" : "file", - "content" : "This is my first post", - }, - { - "path" : "/blog/post2", - "type" : "file", - "content" : "This is my second post", - }, - { - "path" : "/blog/post3", - "type" : "file", - "content" : "This is my third post", - }, - { - "path" : "/etc/blashrc", - "type" : "file", - "content" : "This is the default blash configuration file", - }, - { - "path" : "/forum/post1", - "type" : "file", - "content" : "Sent by admin at 00:00:01
Welcome to the forum

\n" + - "Sent by troll at 00:00:02
lulz
\n", - }, - { - "path" : "/forum/post2", - "type" : "file", - "content" : "Sent by lolcat at 00:00:03
Can I haz cheezburger?
\n", - }, - { - "path" : "/home/guest/.blashrc", - "type" : "file", - "content" : "Custom blash configuration file", - }, - { - "path" : "/home/guest/mbox", - "type" : "file", - "content" : "No new mail", - }, - { - "path" : "/news/news1", - "type" : "file", - "content" : "Nothing new under the sun", - }, - { - "path" : "/software/soft1", - "type" : "file", - "href" : "/software/soft1.tar.gz", - }, - { - "path" : "/software/soft2", - "type" : "file", - "href" : "/software/soft2.tar.gz", - }, - { - "path" : "/software/soft3", - "type" : "file", - "href" : "/software/soft3.tar.gz", - }, - { - "path" : "/tutorials/tut1", - "type" : "file", - "href" : "/software/tut1.pdf", - }, - { - "path" : "/tutorials/tut2", - "type" : "file", - "href" : "/software/tut2.pdf", - }, - { - "path" : "/github", - "type" : "file", - "href" : "https://github.com/BlackLight/blash", - }, - { - "path" : "/aboutme", - "type" : "file", - "content" : "Luke, I am your father", - }, - { - "path" : "/contacts", - "type" : "file", - "content" : "Contact me at spam@montypython.com", - }, - { - "path" : "/irc", - "type" : "file", - "content" : "IRC channel at #thegame@irc.randomstuff.com", - }, - ], - - "commands" : [ - "cat", - "cd", - "clear", - "echo", - "eval", - "find", - "logout", - "ls", - "man", - "passwd", - "pwd", - "su", - "useradd", - "whoami", - ], -} - diff --git a/commands/cat.json b/commands/cat.json index 753ca61..e560b36 100644 --- a/commands/cat.json +++ b/commands/cat.json @@ -9,14 +9,14 @@ "action" : function ( arg ) { var out = ''; + var found = false; + var dir = shell.files; if ( !arg || arg.length == 0 ) { return "Argument required
\n"; } - var found = false; - var dir = shell.json.directories; arg = shell.expandPath ( arg ); for ( var i=0; i < dir.length && !found; i++ ) @@ -39,7 +39,15 @@ } } + if ( !found ) + { + arg = arg.replace ( '<', '<' ); + arg = arg.replace ( '>', '>' ); + return "cat: " + arg + ": No such file or directory
\n"; + } + + out = out.replace ( /\s*$/, '' ); return out; - }, + } } diff --git a/commands/cd.json b/commands/cd.json index e1665fb..4dedda8 100644 --- a/commands/cd.json +++ b/commands/cd.json @@ -18,13 +18,13 @@ var found = false; arg = shell.expandPath ( arg ); - for ( var i=0; i < shell.json.directories.length && !found; i++ ) + for ( var i=0; i < shell.files.length && !found; i++ ) { - if ( shell.json.directories[i].path == arg ) + if ( shell.files[i].path == arg ) { found = true; - if ( shell.json.directories[i].type != 'directory' ) + if ( shell.files[i].type != 'directory' ) { return "cd: not a directory: " + arg + "
\n"; } diff --git a/commands/find.json b/commands/find.json index 596b6fd..c5501b7 100644 --- a/commands/find.json +++ b/commands/find.json @@ -22,9 +22,9 @@ var re = new RegExp ( arg, "i" ); - for ( var i in shell.json.directories ) + for ( var i in shell.files ) { - var dir = shell.json.directories[i]; + var dir = shell.files[i]; if ( dir.path.match ( re )) { diff --git a/commands/logout.json b/commands/logout.json index 116ee78..856b626 100644 --- a/commands/logout.json +++ b/commands/logout.json @@ -10,6 +10,12 @@ { var out = ''; + if ( !shell.has_users ) + { + return "Users module not enabled
\n"; + } + + if ( shell.user == shell.json.user ) { return out; @@ -27,6 +33,29 @@ http.setRequestHeader( "Content-type", "application/x-www-form-urlencoded" ); http.setRequestHeader( "Content-length", params.length ); http.setRequestHeader( "Connection", "close" ); + + http.onreadystatechange = function () + { + if ( http.readyState == 4 && http.status == 200 ) + { + var files_config = window.location.href; + files_config = files_config.replace ( /\/([a-zA-Z\.]+)$/, '/modules/users/files.php' ); + + var http2 = new XMLHttpRequest(); + http2.open ( "GET", files_config, true ); + + http2.onreadystatechange = function () + { + if ( http2.readyState == 4 && http2.status == 200 ) + { + shell.files = eval ( '(' + http2.responseText + ')' ); + } + } + + http2.send ( null ); + } + } + http.send ( params ); return out; }, diff --git a/commands/ls.json b/commands/ls.json index 373845d..56e421b 100644 --- a/commands/ls.json +++ b/commands/ls.json @@ -9,12 +9,13 @@ "action" : function ( arg ) { var dirs = new Array(); - var out = ''; var exists = false; + var re = null; if ( !arg || arg.length == 0 ) { - var re = null; + re = null; + arg = shell.path; if ( shell.path == '/' ) { @@ -24,14 +25,24 @@ } } else if ( arg && arg.length > 0 ) { arg = shell.expandPath ( arg ); - var re = new RegExp ( '^' + arg + '/[^/]+$' ); + re = new RegExp ( '^' + arg + '/[^/]+$' ); } - for ( var i=0; i < shell.json.directories.length; i++ ) - { - var dir = shell.json.directories[i]; + shell.re = re; + return this.ls ( arg ); + }, - if ( dir.path.match ( re )) + "ls" : function ( arg ) + { + var dirs = new Array(); + var out = ''; + var exists = false; + + for ( var i=0; i < shell.files.length; i++ ) + { + var dir = shell.files[i]; + + if ( dir.path.match ( shell.re )) { exists = true; dir.path.match ( /\/([^\/]+)$/ ); @@ -114,9 +125,9 @@ if ( !exists ) { - for ( var i=0; i < shell.json.directories.length; i++ ) + for ( var i=0; i < shell.files.length; i++ ) { - var dir = shell.json.directories[i]; + var dir = shell.files[i]; arg = arg.replace ( /\/+$/, '' ); if ( dir.path.match ( arg )) @@ -135,9 +146,9 @@ (( shell.path == '/' ) ? '' : '/' ) + arg ); } - for ( var i=0; i < shell.json.directories.length; i++ ) + for ( var i=0; i < shell.files.length; i++ ) { - var dir = shell.json.directories[i]; + var dir = shell.files[i]; if ( dir.path.match ( re )) { diff --git a/commands/passwd.json b/commands/passwd.json index 84f400b..842e7b8 100644 --- a/commands/passwd.json +++ b/commands/passwd.json @@ -97,6 +97,12 @@ { var out = ''; + if ( !shell.has_users ) + { + return "Users module not enabled
\n"; + } + + shell.auto_prompt_focus = false; shell.auto_prompt_refresh = false; shell.newuser = arg; diff --git a/commands/su.json b/commands/su.json index ea03868..07e5189 100644 --- a/commands/su.json +++ b/commands/su.json @@ -10,6 +10,11 @@ { var out = ''; + if ( !shell.has_users ) + { + return "Users module not enabled
\n"; + } + if ( !arg || arg.length == 0 ) { arg = 'root'; @@ -60,17 +65,29 @@ { if ( http.readyState == 4 && http.status == 200 ) { - if ( http.responseText.match ( /^Successfully logged in as '(.+?)'\s+(.*)\s*$/i )) + if ( http.responseText.match ( /^Successfully logged in as '(.+?)'/i )) { var user = RegExp.$1; - var auth = RegExp.$2; - shell.user = user; - shell.cmdOut.innerHTML = "Successfully logged in as '" + user + "'"; - } else { - shell.cmdOut.innerHTML = ''; + + var files_config = window.location.href; + files_config = files_config.replace ( /\/([a-zA-Z\.]+)$/, '/modules/users/files.php' ); + + var http2 = new XMLHttpRequest(); + http2.open ( "GET", files_config, true ); + + http2.onreadystatechange = function () + { + if ( http2.readyState == 4 && http2.status == 200 ) + { + shell.files = eval ( '(' + http2.responseText + ')' ); + } + } + + http2.send ( null ); } + shell.cmdOut.innerHTML = http.responseText; shell.refreshPrompt ( false, false ); } } diff --git a/commands/useradd.json b/commands/useradd.json index c1dc323..b218b2f 100644 --- a/commands/useradd.json +++ b/commands/useradd.json @@ -78,6 +78,12 @@ { var out = ''; + if ( !shell.has_users ) + { + return "Users module not enabled
\n"; + } + + if ( !arg || arg.length == 0 ) { return "Usage: " + this.name + " <username>
\n"; diff --git a/commands/whoami.json b/commands/whoami.json index 049a868..7ad70c0 100644 --- a/commands/whoami.json +++ b/commands/whoami.json @@ -9,6 +9,12 @@ "action" : function ( arg ) { var out = ''; + + if ( !shell.has_users ) + { + return "guest
\n"; + } + if ( arg ) { diff --git a/index.html b/index.html index 5c6f0b4..95664f2 100644 --- a/index.html +++ b/index.html @@ -1,8 +1,8 @@ Blash - An AJAX interactive shell emulator for web browsing - - + + diff --git a/modules/users/.users.php.swp b/modules/users/.users.php.swp deleted file mode 100644 index df69205fabc55595d66de96cc65ca162ef80c074..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 20480 zcmeI2dyE}b8NjCk!XjWTgqJa%-mbmfu)BAc6?tqQlv2YMno_olK)W`#_s-or?A@8` z%-k+z!T7J`*+2z>M4%YsBZfzW7>%Mq3J5|F1dK1DJfc9<5FSQ~zwgYPxsSa|cPW}m z=5BsF_ntX(<~!f{&g1*e+0u9Z&{}nJ?|{W;zGWT1^_aEJ3G=MqU2IufD*3{A#ThGy za&zX-q~nIRKT!+qne)h2+f9!j&M8b~#eY9Q4>s)1AksRmLFq#8&y z@L|$GSUtdcmkNCZGB7XZK&~DT63}S}a6KJvjDK@UKdA;%4Wt@KHIQl`)j+C&R0F97 zQVpaUNHvgZAl1PCi3ajT%lhMCmNj)a0^{sU4B%fMx2(6}dH54N3Xi~Da3@s2fqv+L ze;;94Z^4`J3-}pK!B*&pKG;L~Z^2Wr8}5eh!M9)++z!{mRd6MUJgeaXI0wdI3`%em z%!g-@`V zurLVyLO!qy6IHcDbzU-2=~*rZKQ?wcqZ_kse!|XY%S>M@a?eX zyQ+WC>gcHY96C{%v6>x(nL&$`%b_Vtn>qnv$3BiACuX zQREXn(!LsTp7>FxM15OopRa}G#>&d??5OJMl6vv!lmxX*O%zX>QCX^Ynii}1Adq4r z0iyS}d;KhwZ~IY`h)f8i%PM)kNaG+_-=JKVs)AReRT|q!xwzd9aCcFlb&BxRo~m{6w!rPrik6B4r4Nr?M4m%o?}qdd#H3$ zeuM4Lr5hOqMtw)DZr^&2HjO5Q7%Q7)w@D0t;aoe7vC(#K-w^jwZRdr&t2`I$lrERY zHVfsvpD%DsFc3?X9xW--@3I^7J(sTRxu~z_)Xk&WxS0|WtG+$9c_JSc%3`&-jbCiY zoXgTWjoLNh6~)Fg89neNB}rwI%nKPO=snW6>+Ne2qj9&MzKnV3yw&SRRu6C3n2pS0 zkXO}9Ysw(+$c~aB8W-rEj@x!r$c~7KX0p9WLA_ZOG=1n%)n4gM711J)%Dm#^;sS%Z^>oFSmo3v?$ zJLzG~3RL+DGfi=uvM)g^L9D=Ni2I)mQH?YDempKEGea_#JAs~y^J;6p;uKYx1IVrB zH^b1w^fT=fH&?@QRFpA2HJRb%R-5~Kd5ZT&<}vM2k*MvA*?!6vvy4}9(M&kE1?dMd z!B2?@bFtC3i!)h`N=dVvQD-vOS+6+dU6IgpojOHK{p9quq#2H6t-iO_CWW|#O0CF> zvuQ9Kw5F_5%`JqE=PK5sBMfnB2`lZHvRirru*CmA0$(+QUn~Cq>0I8#r+))pgrC4o zumi4z%i%&e366z##kYrBzyTW;!O^e)J^|0+t3M6jgd5>{xDN6#3ZI0(;Gatz;!zNv zehN0h`LGy14KLxFix2+22u^A8b~#eY9Q6X{;z=*%PmU~FCmUW@=f~;k>e0Win8aLkeLoQ zOn)RP#afYkZC_yQ^8-B9*dMHz8dWhc9}Qzy)jhX`u_!{%gUDR+lP{ zL>r&G9>R#k*ODh*q^U}?SKdCX(d=){A+$koqb2UD;}WA1PaqVrS$^sGK~k02Ni<%f zsgkLa#1RsYxKQ(biHRq5!ZV(fxT*;z7`Y?wWd>0QoppMZqLxMJErP~4YbP(+EbfXT zU)J}$kdOz4+0l{9si9I74vgi{*<$Zpa&{9av~P)w%&=4HljUJ```bv4?Dc6GQhGWMnn zbVqrO4*z!4J490+x=E5J3K2*0Rws)sVd8chHd#WMjoU3vc|_tk2HBD?iA8(0u<0%0 z{|~XpdmQ`6;{SVG_TbmQ1AlIX=fQgT6dVVK!69%k{F)fR z<8UcVfW!&PU}6Nn#s7Z{9)^cN&H>07fK9Lt&W1H`EXdyfbHoCkf?co^u7xY%3Mjw; z8~_gy2iOfafb92=z*%r6tb)Jd<39_}Kn*G|4x3;Qj)&vm1>z&m!&C4CJPtR*4R8jW z1pUwlZ?TvEIy?aP!98#{)Zk0-Ip_!3@Bcg819!j;upSn`%e2Ky@LjkCz6LwsD!39h z!!WFYAvgs-1JZ_a4qzU<%KrWjHBOqwRiUpj8e8Rw>xV{{VMRZ~_l=|sohIypcm j+xuvfwyqy?o3gacnA^+Zvu$Kck{VC2MWslLf@1yy1m7xr diff --git a/modules/users/files.php b/modules/users/files.php new file mode 100644 index 0000000..7e057a7 --- /dev/null +++ b/modules/users/files.php @@ -0,0 +1,45 @@ + diff --git a/modules/users/user_utils.php b/modules/users/user_utils.php new file mode 100644 index 0000000..b73bda1 --- /dev/null +++ b/modules/users/user_utils.php @@ -0,0 +1,208 @@ +user ); $i++ ) + { + if ( !strcasecmp ( $xml->user[$i]['name'], $_COOKIE['username'] )) + { + $auth = md5 ( $xml->user[$i]['name'] . $xml->user[$i]['pass'] ); + + if ( !strcasecmp ( $auth, $_COOKIE['auth'] )) + { + return $xml->user[$i]['name']; + } else { + return "guest"; + } + } + } + + return "guest"; + } + + return "guest"; +} + +function getPerms ( $resource ) +{ + include "../../system/files_json.php"; + + if ( !$files_json || strlen ( $files_json ) == 0 ) + { + return '{ "message": "Empty JSON file container" }'; + } + + $user = getUser(); + $resource = str_replace ( '"', '\"', $resource ); + + if ( $user == 'root' ) + { + return '{ "resource" : "'.$resource.'", "read" : true, "write" : true }'."\n"; + } + + if ( preg_match ( '@/[^/]+/+$@', $resource )) + { + $resource = preg_replace ( '@/+$@', '', $resource ); + } + + $json = json_decode ( $files_json, true ); + $dir = $resource; + $response = "{ \"resource\": \"$dir\"\n"; + + $read_perm_found = false; // Have we found information about the read permissions of this resource? + $write_perm_found = false; // Have we found information about the write permissions of this resource? + $res_found = false; // Have we found the resource? + $can_read = false; + $can_write = false; + + if ( !$json || count ( $json ) == 0 ) + { + return '{ "message": "Empty JSON file" }'; + } + + do + { + for ( $i=0; $i < count ( $json ); $i++ ) + { + if ( !strcmp ( $json[$i]['path'], $dir )) + { + $res_found = true; + + if ( !$read_perm_found ) + { + if ( isset ( $json[$i]['can_read'] )) + { + $read_perm_found = true; + $read = $json[$i]['can_read']; + + if ( preg_match ( '/[\s,]*'.$user.'[\s,]*/', $read )) + { + $response .= ", \"read\": true\n"; + $can_read = true; + } else if ( preg_match_all ( "/[\s,]?@([^\s,]+)[\s,]?/", $read, $matches )) { + for ( $j=1; $j < count ( $matches ); $j++ ) + { + if ( !strcasecmp ( $matches[$j][0], "all" )) + { + $response .= ", \"read\": true\n"; + $can_read = true; + } else if ( !strcasecmp ( $matches[$j], "registered" ) && $user != 'guest' ) { + $response .= ", \"read\": true\n"; + $can_read = true; + } else { + if ( isset ( $json['groups'] )) + { + for ( $k=0; $k < count ( $json['groups'] ); $k++ ) + { + if ( $json['groups'][$k]['name'] == $matches[$k] ) + { + if ( isset ( $json['groups'][$k]['users'] )) + { + if ( preg_match ( '/[\s,]*'.$user.'[\s,]*/', $json['groups'][$k]['users'] )) + { + $can_read = true; + } + } + + break; + } + } + } + } + } + } + + if ( !$can_read ) + { + $response .= ", \"read\": false\n"; + } + } + } + + if ( !$write_perm_found ) + { + if ( isset ( $json[$i]['can_write'] )) + { + $write_perm_found = true; + $write = $json[$i]['can_write']; + + if ( preg_match ( '/[\s,]*'.$user.'[\s,]*/', $write )) + { + $response .= ", \"write\": true\n"; + $can_write = true; + } else if ( preg_match_all ( "/[\s,'\"]?@([^\s,'\"]+)[\s,'\"]/", $write, $matches )) { + for ( $j=1; $j < count ( $matches ); $j++ ) + { + if ( !strcasecmp ( $matches[$j], "all" )) + { + $response .= ", \"write\": true\n"; + $can_write = true; + } else if ( !strcasecmp ( $matches[$j], "registered" ) && $user != 'guest' ) { + $response .= ", \"write\": true\n"; + $can_write = true; + } else { + if ( isset ( $json['groups'] )) + { + for ( $k=0; $k < count ( $json['groups'] ); $k++ ) + { + if ( $json['groups'][$k]['name'] == $matches[$k] ) + { + if ( isset ( $json['groups'][$k]['users'] )) + { + if ( preg_match ( '/[\s,]*'.$user.'[\s,]*/', $json['groups'][$k]['users'] )) + { + $can_write = true; + } + } + + break; + } + } + } + } + } + } + + if ( !$can_write ) + { + $response .= ", \"write\": false\n"; + } + } + } + } + } + + if ( !$res_found ) + { + return '{ "message": "Resource not found" }'; + } + + if ( $read_perm_found && $write_perm_found ) + { + break; + } + + if ( preg_match ( '@/[^/]+/@', $dir )) + { + $dir = preg_replace ( '@/[^/]+$@', '', $dir ); + } else if ( preg_match ( '@^/[^/]+$@', $dir )) { + $dir = '/'; + } else if ( $dir == '/' ) { + $dir = ''; + } + } while ( strlen ( $dir ) > 0 ); + + $response .= "}\n"; + return $response; +} + +?> diff --git a/modules/users/userlist.php b/modules/users/userlist.php index 962ca06..116089f 100644 --- a/modules/users/userlist.php +++ b/modules/users/userlist.php @@ -3,7 +3,7 @@ $xmlcontent = << - + XML; diff --git a/modules/users/users.php b/modules/users/users.php index e3d7b26..2300510 100644 --- a/modules/users/users.php +++ b/modules/users/users.php @@ -1,38 +1,7 @@ user ); $i++ ) - { - if ( !strcasecmp ( $xml->user[$i]['name'], $_COOKIE['username'] )) - { - $auth = md5 ( $xml->user[$i]['name'] . $xml->user[$i]['pass'] ); - - if ( !strcasecmp ( $auth, $_COOKIE['auth'] )) - { - return $xml->user[$i]['name']; - } else { - return "guest"; - } - } - } - - return "guest"; - } - - return "guest"; -} +include 'user_utils.php'; $action = $_REQUEST['action']; @@ -90,7 +59,7 @@ switch ( $action ) return 1; } - fwrite ( $fp, "asXML() . "\nXML;\n\n?>\n" ); + fwrite ( $fp, 'asXML() . "\nXML;\n\n?>\n" ); fclose ( $fp ); print 'User "'.$username.' successfully added, home directory set to "/home/'.$username."\"\n"; @@ -130,7 +99,7 @@ switch ( $action ) setcookie ( 'username', $xml->user[$i]['name'], 0, "/" ); setcookie ( 'auth', $auth, 0, "/" ); - print "Successfully logged in as '$username' $auth\n"; + print "Successfully logged in as '$username'\n"; return 0; } } @@ -203,6 +172,18 @@ switch ( $action ) } break; + + case 'getperms': + $res = $_REQUEST['resource']; + + if ( !$res ) + { + return false; + } + + print getPerms ( $res ); + // var_dump ( getPerms ( $res )); + break; } ?> diff --git a/blash.js b/system/blash.js similarity index 91% rename from blash.js rename to system/blash.js index d9345e8..3b68be5 100644 --- a/blash.js +++ b/system/blash.js @@ -19,6 +19,9 @@ function blash () /** Object containing the parsed JSON configuration object */ this.json = {}; + /** Object containing the files in the shell */ + this.files = {}; + /** Shell window object */ this.window = document.getElementById ( "blashWindow" ); @@ -57,6 +60,12 @@ function blash () /** Variable set if the focus should be automatically set to the prompt line after a command */ this.auto_prompt_focus = true; + + /** Variable set if the current implementation of blash uses the user module */ + this.has_users = false; + + /** Path to the file containing the files directory */ + this.files_json = window.location.href; /**************************************/ this.loadCommand = function ( cmd ) @@ -113,7 +122,7 @@ function blash () this.prompt.focus(); var json_config = window.location.href; - json_config = json_config.replace ( /\/([a-zA-Z\.]+)$/, '/blash.json' ); + json_config = json_config.replace ( /\/([a-zA-Z\.]+)$/, '/system/blash.json' ); var http = new XMLHttpRequest(); http.open ( "GET", json_config, true ); @@ -144,6 +153,42 @@ function blash () { shell.loadCommand ( shell.json.commands[i] ); } + + shell.has_users = false; + + for ( var i=0; i < shell.json.modules.length; i++ ) + { + var module = shell.json.modules[i]; + + if ( module.name == 'users' ) + { + has_users = module.enabled; + break; + } + } + + shell.files_json = window.location.href; + + if ( has_users ) + { + shell.files_json = shell.files_json.replace ( /\/([a-zA-Z\.]+)$/, '/modules/users/files.php' ); + } else { + shell.files_json = shell.files_json.replace ( /\/([a-zA-Z\.]+)$/, '/system/files.json' ); + } + + var http2 = new XMLHttpRequest(); + http2.open ( "GET", shell.files_json, true ); + + http2.onreadystatechange = function () + { + if ( http2.readyState == 4 && http2.status == 200 ) + { + shell.files = eval ( '(' + http2.responseText + ')' ); + } + } + + http2.send ( null ); + } } @@ -237,9 +282,12 @@ function blash () cmd_found = true; var out = this.commands[i].action ( arg ); - if ( out.length > 0 ) + if ( out ) { - this.cmdOut.innerHTML = out; + if ( out.length > 0 ) + { + this.cmdOut.innerHTML = out; + } } } } @@ -345,7 +393,7 @@ function blash () var path = arg; var dirs = new Array(); - for ( var i in this.json.directories ) + for ( var i in this.files ) { if ( arg.match ( /^[^\/]/ ) ) { @@ -355,11 +403,11 @@ function blash () var re = new RegExp ( '^' + path + '[^/]*$' ); - if ( this.json.directories[i].path.match ( re )) + if ( this.files[i].path.match ( re )) { dirs.push ({ - 'name' : this.json.directories[i].path, - 'type' : this.json.directories[i].type, + 'name' : this.files[i].path, + 'type' : this.files[i].type, }); } } diff --git a/system/blash.json b/system/blash.json new file mode 100644 index 0000000..1642bcb --- /dev/null +++ b/system/blash.json @@ -0,0 +1,73 @@ +/** + * Sample configuration and contents + */ + +{ + "banner" : "blash version 0.1
" + + "Copyright (C) 2010 BlackLight <blacklight@autistici.org>" + + "
Licence GPLv3+: GNU GPL version 3 or later " + + "<" + + "http://gnu.org/licences/gpl.html>
" + + "Source code available at " + + "https://github.com/BlackLight/blash

" + + "This is free software; you are free to change and " + + "redistribuite it.
There is NO WARRANTY, to the " + + "extent permitted by law.
" + + "Type 'man blash' for help on usage and available commands

", + + "user" : "guest", + "machine" : "localhost", + "shellName" : "blash", + "basepath" : "/", + "promptText" : "[#{800}%n#{888}@#{800}%m#{888} %W] $ ", + "promptSequences" : [ + { + "sequence" : "%n", + "default_text" : "guest", + "text" : function () { + return shell.user; + } + }, + { + "sequence" : "%m", + "default_text" : "localhost", + "text" : function () { + return shell.json.machine; + } + }, + { + "sequence" : "%W", + "default_text" : "/", + "text" : function () { + return shell.path; + } + } + ], + + "modules" : [ + { + "name" : "users", + "enabled" : true + } + ], + + "commands" : [ + "cat", + "cd", + "clear", + "echo", + "eval", + "find", + "logout", + "ls", + "man", + "passwd", + "perms", + "pwd", + "su", + "useradd", + "whoami" + ] +} + diff --git a/system/files.json b/system/files.json new file mode 100644 index 0000000..88e16e4 --- /dev/null +++ b/system/files.json @@ -0,0 +1,158 @@ +[ + { + "path" : "/", + "type" : "directory", + "can_read" : "@all", + "can_write" : "root" + }, + { + "path" : "/blog", + "type" : "directory" + }, + { + "path" : "/news", + "type" : "directory" + }, + { + "path" : "/forum", + "type" : "directory" + }, + { + "path" : "/tutorials", + "type" : "directory" + }, + { + "path" : "/software", + "type" : "directory" + }, + { + "path" : "/etc", + "type" : "directory" + }, + { + "path" : "/home", + "type" : "directory" + }, + { + "path" : "/home/guest", + "type" : "directory" + }, + { + "path" : "/home/guest/mbox", + "type" : "file", + "content" : "No new mail" + }, + { + "path" : "/home/blacklight", + "type" : "directory", + "can_read" : "blacklight", + "can_write" : "blacklight" + }, + { + "path" : "/home/blacklight/mbox", + "type" : "file", + "content" : "No new mail" + }, + { + "path" : "/google", + "type" : "file", + "href" : "http://www.google.com" + }, + { + "path" : "/blog/post1", + "type" : "file", + "content" : "This is my first post" + }, + { + "path" : "/blog/post2", + "type" : "file", + "content" : "This is my second post" + }, + { + "path" : "/blog/post3", + "type" : "file", + "content" : "This is my third post" + }, + { + "path" : "/etc/blashrc", + "type" : "file", + "content" : "This is the default blash configuration file" + }, + { + "path" : "/forum/post1", + "type" : "file", + "content" : "Sent by admin at 00:00:01
Welcome to the forum

\nSent by troll at 00:00:02
lulz
\n" + }, + { + "path" : "/forum/post2", + "type" : "file", + "content" : "Sent by lolcat at 00:00:03
Can I haz cheezburger?
\n" + }, + { + "path" : "/home/guest/.blashrc", + "type" : "file", + "content" : "Custom blash configuration file" + }, + { + "path" : "/home/guest/mbox", + "type" : "file", + "content" : "No new mail" + }, + { + "path" : "/news/news1", + "type" : "file", + "content" : "Nothing new under the sun" + }, + { + "path" : "/software/soft1", + "type" : "file", + "href" : "/software/soft1.tar.gz" + }, + { + "path" : "/software/soft2", + "type" : "file", + "href" : "/software/soft2.tar.gz" + }, + { + "path" : "/software/soft3", + "type" : "file", + "href" : "/software/soft3.tar.gz" + }, + { + "path" : "/tutorials/tut1", + "type" : "file", + "href" : "/software/tut1.pdf" + }, + { + "path" : "/tutorials/tut2", + "type" : "file", + "href" : "/software/tut2.pdf" + }, + { + "path" : "/github", + "type" : "file", + "href" : "https://github.com/BlackLight/blash" + }, + { + "path" : "/aboutme", + "type" : "file", + "content" : "Luke, I am your father" + }, + { + "path" : "/contacts", + "type" : "file", + "content" : "Contact me at spam@montypython.com" + }, + { + "path" : "/irc", + "type" : "file", + "content" : "IRC channel at #thegame@irc.randomstuff.com" + }, + { + "path" : "/root", + "type" : "directory", + "can_read" : "root", + "can_write" : "root" + } +] + diff --git a/system/files_json.php b/system/files_json.php new file mode 100644 index 0000000..4197f6b --- /dev/null +++ b/system/files_json.php @@ -0,0 +1,163 @@ + diff --git a/md5.js b/system/md5.js similarity index 100% rename from md5.js rename to system/md5.js