Commit 2131bfdc authored by Leigh B Stoller's avatar Leigh B Stoller

Add some calls to $node->IsTainted() to prevent console access and image

cloning. Also check when creating the manifest, so that the portal does not
provide a Console menu option.
parent e4de40f3
......@@ -3031,6 +3031,11 @@ sub CreateImage($)
return GeniResponse->Create(GENIRESPONSE_SEARCHFAILED, undef,
"No node for sliver urn");
}
if ($node->IsTainted()) {
return GeniResponse->Create(GENIRESPONSE_FORBIDDEN, undef,
"node is tainted - image creation denied");
}
my $experiment = $slice->GetExperiment();
if (!defined($experiment)) {
return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
......@@ -3939,6 +3944,10 @@ sub ConsoleURL($)
return GeniResponse->Create(GENIRESPONSE_SEARCHFAILED, undef,
"No node for sliver urn");
}
if ($node->IsTainted()) {
return GeniResponse->Create(GENIRESPONSE_FORBIDDEN, undef,
"node is tainted - console access denied");
}
my $experiment = $slice->GetExperiment();
if (!defined($experiment)) {
return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
......@@ -4024,6 +4033,10 @@ sub ConsoleInfo($)
return GeniResponse->Create(GENIRESPONSE_SEARCHFAILED, undef,
"No node for sliver urn");
}
if ($node->IsTainted()) {
return GeniResponse->Create(GENIRESPONSE_FORBIDDEN, undef,
"node is tainted - console access denied");
}
my $experiment = $slice->GetExperiment();
if (!defined($experiment)) {
return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
......
......@@ -869,8 +869,9 @@ sub AnnotateManifest($)
# one, expecting it to be available by the time the user might
# want to use it.
#
if (($node->TipServer(\$tipserver) == 0 && defined($tipserver)) ||
$node->isvirtnode()) {
if (!$node->IsTainted() &&
(($node->TipServer(\$tipserver) == 0 && defined($tipserver)) ||
$node->isvirtnode())) {
if (! defined($services)) {
$services = GeniXML::AddElement("services", $rspec);
}
......
......@@ -196,6 +196,10 @@ $isvirtnode = $node->isvirtnode();
if (!$node->AccessCheck($this_user, TB_NODEACCESS_LOADIMAGE())) {
fatal("Not enough permission");
}
if ($node->IsTainted()) {
fatal("$node is tainted - image creation denied!");
}
my $experiment = $node->Reservation();
if (!defined($experiment)) {
fatal("Node is not reserved");
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment