pywebexec 1.1.2__py3-none-any.whl → 1.4.12__py3-none-any.whl

pywebexec/pywebexec.py

@@ -1,7 +1,6 @@
 import sys
 from flask import Flask, request, jsonify, render_template, session, redirect, url_for
 from flask_httpauth import HTTPBasicAuth
-import subprocess
 import threading
 import os
 import json
@@ -10,18 +9,25 @@ import argparse
 import random
 import string
 from datetime import datetime, timezone, timedelta
+import time
 import shlex
 from gunicorn.app.base import Application
 import ipaddress
-from socket import gethostname, gethostbyname_ex
+from socket import gethostname, gethostbyname_ex, gethostbyaddr, inet_aton, inet_ntoa
 import ssl
+import re
+import pwd
+from secrets import token_urlsafe
+import pexpect
+import signal
+import fcntl
+import termios
+import struct
+import subprocess
+
 
 if os.environ.get('PYWEBEXEC_LDAP_SERVER'):
-    try:
-        from ldap3 import Server, Connection, ALL, SIMPLE, SUBTREE, Tls
-    except:
-        print("Need to install ldap3: pip install ldap3", file=sys.stderr)
-        sys.exit(1)
+    from ldap3 import Server, Connection, ALL, SIMPLE, SUBTREE, Tls
 
 app = Flask(__name__)
 app.secret_key = os.urandom(24)  # Secret key for session management
@@ -36,14 +42,13 @@ app.config['LDAP_BIND_DN'] = os.environ.get('PYWEBEXEC_LDAP_BIND_DN')
 app.config['LDAP_BIND_PASSWORD'] = os.environ.get('PYWEBEXEC_LDAP_BIND_PASSWORD')
 
 # Directory to store the command status and output
+CWD = os.getcwd()
 COMMAND_STATUS_DIR = '.web_status'
 CONFDIR = os.path.expanduser("~/")
 if os.path.isdir(f"{CONFDIR}/.config"):
     CONFDIR += '/.config'
 CONFDIR += "/.pywebexec"
 
-if not os.path.exists(COMMAND_STATUS_DIR):
-    os.makedirs(COMMAND_STATUS_DIR)
 
 # In-memory cache for command statuses
 command_status_cache = {}
@@ -54,11 +59,38 @@ def generate_random_password(length=12):
 
 
 def resolve_hostname(host):
-    """try get fqdn from DNS"""
+    """try get fqdn from DNS/hosts"""
     try:
-        return gethostbyname_ex(host)[0]
+        hostinfo = gethostbyname_ex(host)
+        return (hostinfo[0].rstrip('.'), hostinfo[2][0])
     except OSError:
-        return host
+        return (host, host)
+
+
+def resolve_ip(ip):
+    """try resolve hostname by reverse dns query on ip addr"""
+    ip = inet_ntoa(inet_aton(ip))
+    try:
+        ipinfo = gethostbyaddr(ip)
+        return (ipinfo[0].rstrip('.'), ipinfo[2][0])
+    except OSError:
+        return (ip, ip)
+
+
+def is_ip(host):
+    """determine if host is valid ip"""
+    try:
+        inet_aton(host)
+        return True
+    except OSError:
+        return False
+
+
+def resolve(host_or_ip):
+    """resolve hostname from ip / hostname"""
+    if is_ip(host_or_ip):
+        return resolve_ip(host_or_ip)
+    return resolve_hostname(host_or_ip)
 
 
 def generate_selfsigned_cert(hostname, ip_addresses=None, key=None):
@@ -124,7 +156,7 @@ def generate_selfsigned_cert(hostname, ip_addresses=None, key=None):
 
 
 
-class StandaloneApplication(Application):
+class PyWebExec(Application):
 
     def __init__(self, app, options=None):
         self.options = options or {}
@@ -143,10 +175,17 @@ class StandaloneApplication(Application):
         return self.application
 
 
+ANSI_ESCAPE = re.compile(br'(?:\x1B[@-Z\\-_]|\x1B([(]B|>)|(?:\x1B\[|\x9B)[0-?]*[ -/]*[@-~]|\x1B\[[0-9]{1,2};[0-9]{1,2}[m|K]|\x1B\[[0-9;]*[mGKHF]|[\x00-\x1F\x7F])')
+
+def strip_ansi_control_chars(text):
+    """Remove ANSI and control characters from the text."""
+    return ANSI_ESCAPE.sub(b'', text)
+
+
 def decode_line(line: bytes) -> str:
     """try decode line exception on binary"""
     try:
-        return line.decode()
+        return strip_ansi_control_chars(line).decode().strip(" ")
     except UnicodeDecodeError:
         return ""
 
@@ -156,8 +195,11 @@ def last_line(fd, maxline=1000):
     line = "\n"
     fd.seek(0, os.SEEK_END)
     size = 0
-    while line in ["\n", "\r"] and size < maxline:
+    last_pos = 0
+    while line in ["", "\n", "\r"] and size < maxline:
         try:  # catch if file empty / only empty lines
+            if last_pos:
+                fd.seek(last_pos-2, os.SEEK_SET)
             while fd.read(1) not in [b"\n", b"\r"]:
                 fd.seek(-2, os.SEEK_CUR)
                 size += 1
@@ -165,8 +207,8 @@ def last_line(fd, maxline=1000):
             fd.seek(0)
             line = decode_line(fd.readline())
             break
+        last_pos = fd.tell()
         line = decode_line(fd.readline())
-        fd.seek(-4, os.SEEK_CUR)
     return line.strip()
 
 
@@ -176,31 +218,35 @@ def get_last_non_empty_line_of_file(file_path):
         return last_line(f)
     
 
-def start_gunicorn(daemon=False, baselog=None):
-    if daemon:
+def start_gunicorn(daemonized=False, baselog=None):
+    pidfile = f"{baselog}.pid"
+    if daemonized:
+        if daemon_d('status', pidfilepath=baselog, silent=True):
+            print(f"Error: pywebexec already running on {args.listen}:{args.port}", file=sys.stderr)
+            sys.exit(1)
+
+    if sys.stdout.isatty():
+        errorlog = "-"
+        accesslog = None #"-"
+    else:
         errorlog = f"{baselog}.log"
         accesslog = None # f"{baselog}.access.log"
-        pidfile = f"{baselog}.pid"
-    else:
-        errorlog = "-"
-        accesslog = "-"
-        pidfile = None
+
     options = {
         'bind': '%s:%s' % (args.listen, args.port),
         'workers': 4,
         'timeout': 600,
         'certfile': args.cert,
         'keyfile': args.key,
-        'daemon': daemon,
+        'daemon': daemonized,
         'errorlog': errorlog,
         'accesslog': accesslog,
         'pidfile': pidfile,
     }
-    StandaloneApplication(app, options=options).run()
+    PyWebExec(app, options=options).run()
 
-def daemon_d(action, pidfilepath, hostname=None, args=None):
+def daemon_d(action, pidfilepath, silent=False, hostname=None, args=None):
     """start/stop daemon"""
-    import signal
     import daemon, daemon.pidfile
 
     pidfile = daemon.pidfile.TimeoutPIDLockFile(pidfilepath+".pid", acquire_timeout=30)
@@ -218,10 +264,14 @@ def daemon_d(action, pidfilepath, hostname=None, args=None):
         if status:
             print(f"pywebexec running pid {pidfile.read_pid()}")
             return True
-        print("pywebexec not running")
+        if not silent:
+            print("pywebexec not running")
         return False
     elif action == "start":
-        print(f"Starting server")
+        status = pidfile.is_locked()
+        if status:
+            print(f"pywebexc already running pid {pidfile.read_pid()}", file=sys.stderr)
+            sys.exit(1)
         log = open(pidfilepath + ".log", "ab+")
         daemon_context = daemon.DaemonContext(
             stderr=log,
@@ -235,8 +285,22 @@ def daemon_d(action, pidfilepath, hostname=None, args=None):
             except Exception as e:
                 print(e)
 
+def start_term():
+    os.environ["PYWEBEXEC"] = " (shared)"
+    os.chdir(CWD)
+    command_id = str(uuid.uuid4())
+    start_time = datetime.now().isoformat()
+    user = pwd.getpwuid(os.getuid())[0]
+    update_command_status(command_id, 'running', command="term", params=[user,os.ttyname(sys.stdout.fileno())], start_time=start_time, user=user)
+    output_file_path = get_output_file_path(command_id)
+    res = script(output_file_path)
+    end_time = datetime.now().isoformat()
+    update_command_status(command_id, status="success", end_time=end_time, exit_code=res)
+    return res
+
 def parseargs():
-    global app, args
+    global app, args, COMMAND_STATUS_DIR
+
     parser = argparse.ArgumentParser(description='Run the command execution server.')
     parser.add_argument('-u', '--user', help='Username for basic auth')
     parser.add_argument('-P', '--password', help='Password for basic auth')
@@ -253,13 +317,15 @@ def parseargs():
         "-t",
         "--title",
         type=str,
-        default="pywebexec",
+        default="PyWebExec",
         help="Web html title",
     )
     parser.add_argument("-c", "--cert", type=str, help="Path to https certificate")
     parser.add_argument("-k", "--key", type=str, help="Path to https certificate key")
     parser.add_argument("-g", "--gencert", action="store_true", help="https server self signed cert")
-    parser.add_argument("action", nargs="?", help="daemon action start/stop/restart/status", choices=["start","stop","restart","status"])
+    parser.add_argument("-T", "--tokenurl", action="store_true", help="generate safe url to access")
+    parser.add_argument("action", nargs="?", help="daemon action start/stop/restart/status/shareterm/term",
+                        choices=["start","stop","restart","status","shareterm", "term"])
 
     args = parser.parse_args()
     if os.path.isdir(args.dir):
@@ -271,9 +337,23 @@ def parseargs():
     else:
         print(f"Error: {args.dir} not found", file=sys.stderr)
         sys.exit(1)
+    if not os.path.exists(COMMAND_STATUS_DIR):
+        os.makedirs(COMMAND_STATUS_DIR)
+    if not os.path.exists(CONFDIR):
+        os.mkdir(CONFDIR, mode=0o700)
+    if args.action == "term":
+        COMMAND_STATUS_DIR = f"{os.getcwd()}/{COMMAND_STATUS_DIR}"
+        sys.exit(start_term())
+    (hostname, ip) = resolve(gethostname()) if args.listen == '0.0.0.0' else resolve(args.listen)
+    url_params = ""
+
+    if args.tokenurl:
+        token = os.environ.get("PYWEBEXEC_TOKEN", token_urlsafe())
+        os.environ["PYWEBEXEC_TOKEN"] = token
+        app.config["TOKEN_URL"] = token
+        url_params = f"?token={token}"
 
     if args.gencert:
-        hostname = resolve_hostname(gethostname())
         args.cert = args.cert or f"{CONFDIR}/pywebexec.crt"
         args.key = args.key or f"{CONFDIR}/pywebexec.key"
         if not os.path.exists(args.cert):
@@ -294,9 +374,13 @@ def parseargs():
         app.config['USER'] = None
         app.config['PASSWORD'] = None
 
-    return args
+    if args.action != 'stop':
+        print("Starting server:")
+        protocol = 'https' if args.cert else 'http'
+        print(f"{protocol}://{hostname}:{args.port}{url_params}")
+        print(f"{protocol}://{ip}:{args.port}{url_params}")
 
-parseargs()
+    return args
 
 def get_status_file_path(command_id):
     return os.path.join(COMMAND_STATUS_DIR, f'{command_id}.json')
@@ -304,7 +388,7 @@ def get_status_file_path(command_id):
 def get_output_file_path(command_id):
     return os.path.join(COMMAND_STATUS_DIR, f'{command_id}_output.txt')
 
-def update_command_status(command_id, status, command=None, params=None, start_time=None, end_time=None, exit_code=None, pid=None):
+def update_command_status(command_id, status, command=None, params=None, start_time=None, end_time=None, exit_code=None, pid=None, user=None):
     status_file_path = get_status_file_path(command_id)
     status_data = read_command_status(command_id) or {}
     status_data['status'] = status
@@ -320,6 +404,8 @@ def update_command_status(command_id, status, command=None, params=None, start_t
         status_data['exit_code'] = exit_code
     if pid is not None:
         status_data['pid'] = pid
+    if user is not None:
+        status_data['user'] = user
     if status != 'running':
         output_file_path = get_output_file_path(command_id)
         if os.path.exists(output_file_path):
@@ -342,7 +428,10 @@ def read_command_status(command_id):
     if not os.path.exists(status_file_path):
         return None
     with open(status_file_path, 'r') as f:
-        status_data = json.load(f)
+        try:
+            status_data = json.load(f)
+        except json.JSONDecodeError:
+            return None
     
     # Cache the status if it is not "running"
     if status_data['status'] != 'running':
@@ -350,38 +439,93 @@ def read_command_status(command_id):
     
     return status_data
 
-# Dictionary to store the process objects
-processes = {}
+def sigwinch_passthrough(sig, data):
+    s = struct.pack("HHHH", 0, 0, 0, 0)
+    a = struct.unpack('hhhh', fcntl.ioctl(sys.stdout.fileno(), termios.TIOCGWINSZ, s))
+    global p
+    p.setwinsize(a[0], a[1])
+
+
+def script(output_file):
+    global p
+    shell = os.environ.get('SHELL', 'sh')
+    with open(output_file, 'wb') as fd:
+        p = pexpect.spawn(shell, echo=True)
+        p.logfile_read = fd
+        # Set the window size
+        sigwinch_passthrough(None, None)
+        signal.signal(signal.SIGWINCH, sigwinch_passthrough)
+        p.interact()
+    
 
-def run_command(command, params, command_id):
+def run_command(command, params, command_id, user):
     start_time = datetime.now().isoformat()
-    update_command_status(command_id, 'running', command=command, params=params, start_time=start_time)
+    update_command_status(command_id, 'running', command=command, params=params, start_time=start_time, user=user)
+    output_file_path = get_output_file_path(command_id)
     try:
-        output_file_path = get_output_file_path(command_id)
-        with open(output_file_path, 'w') as output_file:
-            # Run the command with parameters and redirect stdout and stderr to the file
-            process = subprocess.Popen([command] + params, stdout=output_file, stderr=output_file, bufsize=0) #text=True)
-            update_command_status(command_id, 'running', pid=process.pid)
-            processes[command_id] = process
-            process.wait()
-            processes.pop(command_id, None)
-
-        end_time = datetime.now().isoformat()
-        # Update the status based on the result
-        if process.returncode == 0:
-            update_command_status(command_id, 'success', end_time=end_time, exit_code=process.returncode)
-        elif process.returncode == -15:
-            update_command_status(command_id, 'aborted', end_time=end_time, exit_code=process.returncode)
-        else:
-            update_command_status(command_id, 'failed', end_time=end_time, exit_code=process.returncode)
+        with open(output_file_path, 'wb') as fd:
+            p = pexpect.spawn(command, params, ignore_sighup=True, timeout=None)
+            update_command_status(command_id, 'running', pid=p.pid, user=user)
+            p.setwinsize(24, 125)
+            p.logfile = fd
+            p.expect(pexpect.EOF)
+            fd.flush()
+            status = p.wait()
+            end_time = datetime.now().isoformat()
+            # Update the status based on the result
+            if status is None:
+                exit_code = -15
+                update_command_status(command_id, 'aborted', end_time=end_time, exit_code=exit_code, user=user)
+            else:
+                exit_code = status
+                if exit_code == 0:
+                    update_command_status(command_id, 'success', end_time=end_time, exit_code=exit_code, user=user)
+                else:
+                    update_command_status(command_id, 'failed', end_time=end_time, exit_code=exit_code, user=user)
     except Exception as e:
         end_time = datetime.now().isoformat()
-        update_command_status(command_id, 'failed', end_time=end_time, exit_code=1)
+        update_command_status(command_id, 'failed', end_time=end_time, exit_code=1, user=user)
+        with open(get_output_file_path(command_id), 'a') as output_file:
+            output_file.write(str(e))
+
+@app.route('/stop_command/<command_id>', methods=['POST'])
+def stop_command(command_id):
+    status = read_command_status(command_id)
+    if not status or 'pid' not in status:
+        return jsonify({'error': 'Invalid command_id or command not running'}), 400
+
+    pid = status['pid']
+    end_time = datetime.now().isoformat()
+    try:
+        #update_command_status(command_id, 'aborted', end_time=end_time, exit_code=-15)
+        os.killpg(os.getpgid(pid), 15)  # Send SIGTERM to the process group
+        return jsonify({'message': 'Command aborted'})
+    except Exception as e:
+        status_data = read_command_status(command_id) or {}
+        status_data['status'] = 'failed'
+        status_data['end_time'] = end_time
+        status_data['exit_code'] = 1
+        with open(get_status_file_path(command_id), 'w') as f:
+            json.dump(status_data, f)
         with open(get_output_file_path(command_id), 'a') as output_file:
             output_file.write(str(e))
+        return jsonify({'error': 'Failed to terminate command'}), 500
+
+parseargs()
+
 
 @app.before_request
 def check_authentication():
+    # Check for token in URL if TOKEN_URL is set
+    token = app.config.get('TOKEN_URL')
+    if token and request.endpoint not in ['login', 'static']:
+        if request.args.get('token') == token:
+            return
+        return jsonify({'error': 'Forbidden'}), 403
+    
+    if not app.config['USER'] and not app.config['LDAP_SERVER']:
+        return
+
     if 'username' not in session and request.endpoint not in ['login', 'static']:
         return auth.login_required(lambda: None)()
 
@@ -456,38 +600,18 @@ def run_command_endpoint():
     # Generate a unique command_id
     command_id = str(uuid.uuid4())
 
+    # Get the user from the session
+    user = session.get('username', '-')
+
     # Set the initial status to running and save command details
-    update_command_status(command_id, 'running', command, params)
+    update_command_status(command_id, 'running', command, params, user=user)
 
     # Run the command in a separate thread
-    thread = threading.Thread(target=run_command, args=(command_path, params, command_id))
+    thread = threading.Thread(target=run_command, args=(command_path, params, command_id, user))
     thread.start()
 
     return jsonify({'message': 'Command is running', 'command_id': command_id})
 
-@app.route('/stop_command/<command_id>', methods=['POST'])
-def stop_command(command_id):
-    status = read_command_status(command_id)
-    if not status or 'pid' not in status:
-        return jsonify({'error': 'Invalid command_id or command not running'}), 400
-
-    pid = status['pid']
-    end_time = datetime.now().isoformat()
-    try:
-        os.kill(pid, 15)  # Send SIGTERM
-        update_command_status(command_id, 'aborted', end_time=end_time, exit_code=-15)
-        return jsonify({'message': 'Command aborted'})
-    except Exception as e:
-        status_data = read_command_status(command_id) or {}
-        status_data['status'] = 'failed'
-        status_data['end_time'] = end_time
-        status_data['exit_code'] = 1
-        with open(get_status_file_path(command_id), 'w') as f:
-            json.dump(status_data, f)
-        with open(get_output_file_path(command_id), 'a') as output_file:
-            output_file.write(str(e))
-        return jsonify({'error': 'Failed to terminate command'}), 500
-
 @app.route('/command_status/<command_id>', methods=['GET'])
 def get_command_status(command_id):
     status = read_command_status(command_id)
@@ -515,10 +639,15 @@ def list_commands():
             status = read_command_status(command_id)
             if status:
                 try:
-                    params = shlex.join(status['params'])
+                    params = shlex.join(status.get('params', []))
                 except AttributeError:
                     params = " ".join([shlex.quote(p) if " " in p else p for p in status['params']])
-                command = status['command'] + ' ' + params
+                command = status.get('command', '-') + ' ' + params
+                last_line = status.get('last_output_line')
+                if last_line is None:
+                    output_file_path = get_output_file_path(command_id)
+                    if os.path.exists(output_file_path):
+                        last_line = get_last_non_empty_line_of_file(output_file_path)
                 commands.append({
                     'command_id': command_id,
                     'status': status['status'],
@@ -526,7 +655,7 @@ def list_commands():
                     'end_time': status.get('end_time', 'N/A'),
                     'command': command,
                     'exit_code': status.get('exit_code', 'N/A'),
-                    'last_output_line': status.get('last_output_line', get_last_non_empty_line_of_file(get_output_file_path(command_id))),
+                    'last_output_line': last_line,
                 })
     # Sort commands by start_time in descending order
     commands.sort(key=lambda x: x['start_time'], reverse=True)
@@ -534,28 +663,60 @@ def list_commands():
 
 @app.route('/command_output/<command_id>', methods=['GET'])
 def get_command_output(command_id):
+    offset = int(request.args.get('offset', 0))
+    maxsize = int(request.args.get('maxsize', 10485760))
     output_file_path = get_output_file_path(command_id)
     if os.path.exists(output_file_path):
-        with open(output_file_path, 'r') as output_file:
-            output = output_file.read()
+        with open(output_file_path, 'rb') as output_file:
+            output_file.seek(offset)
+            output = output_file.read().decode('utf-8', errors='replace')
+            new_offset = output_file.tell()
         status_data = read_command_status(command_id) or {}
-        return jsonify({'output': output, 'status': status_data.get("status")})
+        token = app.config.get("TOKEN_URL")
+        token_param = f"&token={token}" if token else ""
+        response = {
+            'output': output[-maxsize:],
+            'status': status_data.get("status"),
+            'links': {
+                'next': f'{request.url_root}command_output/{command_id}?offset={new_offset}&maxsize={maxsize}{token_param}'
+            }
+        }
+        if request.headers.get('Accept') == 'text/plain':
+            return f"{output}\nstatus: {status_data.get('status')}", 200, {'Content-Type': 'text/plain'}
+        return jsonify(response)
     return jsonify({'error': 'Invalid command_id'}), 404
 
 @app.route('/executables', methods=['GET'])
 def list_executables():
     executables = [f for f in os.listdir('.') if os.path.isfile(f) and os.access(f, os.X_OK)]
+    executables.sort()  # Sort the list of executables alphabetically
     return jsonify(executables)
 
+@app.route('/popup/<command_id>')
+def popup(command_id):
+    return render_template('popup.html', command_id=command_id)
+
 def main():
+    global COMMAND_STATUS_DIR
     basef = f"{CONFDIR}/pywebexec_{args.listen}:{args.port}"
-    if not os.path.exists(CONFDIR):
-        os.mkdir(CONFDIR, mode=0o700)
+    if args.action == "shareterm":
+        COMMAND_STATUS_DIR = f"{os.getcwd()}/{COMMAND_STATUS_DIR}"
+        with open(basef + ".log", "ab+") as log:
+            pywebexec = subprocess.Popen([sys.executable] + sys.argv[:-1], stdout=log, stderr=log)
+            start_term()
+            time.sleep(1)
+            pywebexec.terminate()
+        sys.exit()
+
+    if args.action == "restart":
+        daemon_d('stop', pidfilepath=basef)
+        args.action = "start"
     if args.action == "start":
-        return start_gunicorn(daemon=True, baselog=basef)
+        return start_gunicorn(daemonized=True, baselog=basef)
     if args.action:
         return daemon_d(args.action, pidfilepath=basef)
-    return start_gunicorn()
+    return start_gunicorn(baselog=basef)
+
 
 if __name__ == '__main__':
     main()