Commit 2aeb12f0 authored by Kirk Webb's avatar Kirk Webb
Browse files

Node restrictions enforcement - web interface

This check-in hits the web interface side of the node restrictions.
Users may not access the console or see the root password for nodes in a
restricted state (e.g. "blackbox" or "useronly").
parent 797f83dd
......@@ -185,6 +185,7 @@ class Node
function cd_version() {return $this->field("cd_version"); }
function boot_errno() {return $this->field("boot_errno"); }
function reserved_pid() {return $this->field("reserved_pid"); }
function taint_states() {return $this->field("taint_states"); }
#
# Access Check, determines if $user can access $this record.
......@@ -465,6 +466,27 @@ class Node
return ($row["t"]>$stalesec);
}
#
# Check to see if node is tainted.
#
function IsTainted($instate = "") {
$tstates = $this->taint_states();
# No taint states set on this node?
if (!isset($tstates) || !$tstates) {
return 0;
}
# Any taint will do if nothing was passed in to check.
if (!$instate) {
return 1;
}
foreach (explode(",", $tstates) as $taint) {
if (strcmp($instate, $taint) == 0) {
return 1;
}
}
return 0;
}
#
# Show node record.
#
......@@ -556,6 +578,7 @@ class Node
$downtime = $row["down"];
$uuid = $row["node_uuid"];
$mac = $row["mac"];
$taint_states = $row["taint_states"];
if (!$def_boot_cmd_line)
$def_boot_cmd_line = " ";
......@@ -960,6 +983,12 @@ class Node
<td class=left>$uuid</td>
</tr>\n";
}
if ($taint_states) {
echo "<tr>
<td>Taint States:</td>
<td class=left>$taint_states</td>
</tr>\n";
}
#
# Show battery stuff
......@@ -1134,10 +1163,15 @@ class Node
#
# Spit out node attributes
#
# Don't emit root password if node is tainted with "useronly" or
# "blackbox".
$noroot = $noperm || $this->IsTainted("useronly") ||
$this->IsTainted("blackbox");
$query_result =
DBQueryFatal("select attrkey,attrvalue from node_attributes ".
"where node_id='$node_id' ".
($noperm ? "and attrkey!='root_password'" : ""));
($noroot ? "and attrkey!='root_password'" : ""));
if (!$short && mysql_num_rows($query_result)) {
echo "<tr>
......
......@@ -68,11 +68,17 @@ else {
# Admin users can look at any node, but normal users can only control
# nodes in their own experiments.
#
# Do not allow console access for certain node taint states.
#
# XXX is MODIFYINFO the correct one to check? (probably)
#
if (!$isadmin && !isset($key) &&
!$node->AccessCheck($this_user, $TB_NODEACCESS_READINFO)) {
USERERROR("You do not have permission to tip to node $node_id!", 1);
if (!$isadmin && !isset($key)) {
if (!$node->AccessCheck($this_user, $TB_NODEACCESS_READINFO)) {
USERERROR("You do not have permission to tip to node $node_id!", 1);
}
if ($node->IsTainted("useronly") || $node->IsTainted("blackbox")) {
USERERROR("Node $node_id is in a restricted state - console access denied.", 1);
}
}
# Array of arguments
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment