Commit 48acc8e3 authored by Leigh B. Stoller's avatar Leigh B. Stoller
Browse files

* Replace the argument processing code in all pages. Currently we rely on

  register_globals=1 to turn POST/GET/COOKIES arguments in local variables.
  This is known to be a terrible security risk, and we keep saying we are
  going to fix it, and now I am. In order to accomplish this on a
  transitional basis (since I don't want the entire web interface to stop
  working while I debug it), and because the code just needs the cleanup, I
  am doing it like this: Each page will sport new declarations at the top:

	RequiredPageArguments("experiment", PAGEARG_EXPERIMENT,
                              "template",   PAGEARG_TEMPLATE,
                              "instance",   PAGEARG_INSTANCE,
                              "metadata",   PAGEARG_METADATA,
                              "osinfo",     PAGEARG_OSINFO,
                              "image",      PAGEARG_IMAGE,
                              "project",    PAGEARG_PROJECT,
                              "group",      PAGEARG_GROUP,
                       ...
parent 62d25f4f
......@@ -17,6 +17,14 @@ PAGEHEADER("New Project Approved");
$this_user = CheckLoginOrDie();
$uid = $this_user->uid();
# Verify page arguments.
$reqargs = RequiredPageArguments("project", PAGEARG_PROJECT,
"approval", PAGEARG_STRING);
$optargs = OptionalPageArguments("head_uid", PAGEARG_STRING,
"user_interface", PAGEARG_STRING,
"message", PAGEARG_STRING,
"silent", PAGEARG_BOOLEAN);
#
# Of course verify that this uid has admin privs!
#
......@@ -30,16 +38,19 @@ if (! $isadmin) {
#
$FirstInitState = (TBGetFirstInitState() == "approveproject");
echo "<center><h1>
Approving Project '$pid' ...
</h1></center>";
#
# Grab the head_uid for this project. This verifies it is a valid project.
#
if (! ($this_project = Project::Lookup($pid))) {
TBERROR("Unknown project $pid", 1);
if (! ($this_project = $project)) {
TBERROR("Unknown project", 1);
}
# For error messages.
$pid = $this_project->pid();
echo "<center><h2>
Approving Project '$pid' ...
</h2></center>";
if (! ($leader = $this_project->GetLeader())) {
TBERROR("Error getting leader for $pid", 1);
}
......@@ -131,7 +142,7 @@ elseif ((strcmp($approval, "deny") == 0) ||
SUEXEC($uid, $TBADMINGROUP, "webrmproj $pid", 1);
$sendemail = 1;
if (isset($silent) && $silent == "Yep") {
if (isset($silent) && $silent) {
$sendemail = 0;
}
......
<?php
#
# EMULAB-COPYRIGHT
# Copyright (c) 2000-2003, 2005, 2006, 2007 University of Utah and the Flux Group.
# Copyright (c) 2000-2007 University of Utah and the Flux Group.
# All rights reserved.
#
include("defs.php3");
include("showstuff.php3");
#
# Standard Testbed Header
......@@ -27,19 +26,18 @@ if (! $isadmin) {
}
#
# Verify arguments.
#
if (!isset($pid) ||
strcmp($pid, "") == 0) {
USERERROR("You must provide a project ID.", 1);
}
# Verify page arguments.
#
$reqargs = RequiredPageArguments("project", PAGEARG_PROJECT);
#
# Check to make sure thats this is a valid PID.
#
if (! ($this_project = Project::Lookup($pid))) {
USERERROR("Unknown project $pid", 1);
if (! ($this_project = $reqargs["project"])) {
USERERROR("Unknown project", 1);
}
$pid = $this_project->pid();
$projleader = $this_project->GetLeader();
echo "<center><h3>You have the following choices:</h3></center>
<table class=stealth align=center border=0>
......@@ -86,7 +84,7 @@ echo "<center>
</center>
<table align=center border=0>\n";
SHOWUSER($projleader->uid());
$projleader->Show();
#
# Check to make sure that the head user is 'unapproved' or 'active'
......@@ -106,7 +104,8 @@ echo "<center>
<h3>What would you like to do?</h3>
</center>
<table align=center border=1>
<form action='approveproject.php3?pid=$pid' method='post'>\n";
<form action='" . CreateURL("approveproject", $project) .
"' method='post'>\n";
echo "<tr>
<td align=center>
......@@ -177,13 +176,9 @@ echo " </select>
# Temporary Plab hack.
# See if remote nodes requested and put up checkboxes to allow override.
#
$query_result =
DBQueryFatal("select num_pcplab,num_ron from projects where pid='$pid'");
$row = mysql_fetch_array($query_result);
# These are now booleans, not actual counts.
$num_pcplab = $row[num_pcplab];
$num_ron = $row[num_ron];
$num_pcplab = $this_project->num_pcplab();
$num_ron = $this_project->num_ron();
if ($num_ron || $num_pcplab) {
echo "<tr>
......
<?php
#
# EMULAB-COPYRIGHT
# Copyright (c) 2000-2004, 2006 University of Utah and the Flux Group.
# Copyright (c) 2000-2007 University of Utah and the Flux Group.
# All rights reserved.
#
include("defs.php3");
......@@ -16,15 +16,20 @@ PAGEHEADER("New Project Approval List");
#
$this_user = CheckLoginOrDie();
$uid = $this_user->uid();
$isadmin = ISADMIN();
#
# Of course verify that this uid has admin privs!
#
$isadmin = ISADMIN();
if (! $isadmin) {
USERERROR("You do not have admin privileges to approve projects!", 1);
}
#
# The reason for this call is to make sure that globals are set properly.
#
$reqargs = RequiredPageArguments();
#
# Look in the projects table to see which projects have not been approved.
# Present a menu of options to either approve or deny the projects.
......@@ -32,12 +37,9 @@ if (! $isadmin) {
# implies denying the project leader account, when there is just a single
# project pending for that project leader.
#
$query_result = DBQueryFatal("SELECT pid_idx, ".
" DATE_FORMAT(created, '%m/%d/%y') as day_created ".
" from projects ".
"where approved='0' order by created desc");
if (mysql_num_rows($query_result) == 0) {
$projlist = Project::PendingProjectList();
if (count($projlist) == 0) {
USERERROR("There are no projects to approve!", 1);
}
......@@ -63,13 +65,10 @@ echo "<tr>
<th>Phone</th>
</tr>\n";
while ($projectrow = mysql_fetch_array($query_result)) {
$pid_idx = $projectrow["pid_idx"];
$Pcreated = $projectrow["day_created"];
foreach ($projlist as $project) {
$pid_idx = $project->pid_idx();
$Pcreated = $project->GetTempData();
if (! ($project = Project::Lookup($pid_idx))) {
TBERROR("Could not lookup project $pid_idx", 1);
}
if (! ($leader = $project->GetLeader())) {
TBERROR("Could not get leader for project $pid_idx", 1);
}
......
......@@ -17,8 +17,15 @@ PAGEHEADER("New Users Approved");
$this_user = CheckLoginOrDie();
$uid = $this_user->uid();
#
# The reason for this call is to make sure that globals are set properly.
#
$reqargs = RequiredPageArguments();
# Local used below.
$projectchecks = array();
# Hmm, is this needed?
ignore_user_abort(1);
#
......@@ -26,8 +33,8 @@ ignore_user_abort(1);
# See approveuser_form.php3:
#
# uid menu project/group
# name=stoller$$approval-testbed/testbed value=approved,denied,postpone
# name=stoller$$trust-testbed/testbed value=user,local_root
# name=Uxxxx$$approval-testbed/testbed value=approved,denied,postpone
# name=Uxxxx$$trust-testbed/testbed value=user,local_root
#
# We make two passes over the post vars. The first does a sanity check so
# that we can bail out without doing anything. This allows the user to
......@@ -52,7 +59,7 @@ while (list ($header, $value) = each ($HTTP_POST_VARS)) {
continue;
}
$user = substr($header, 0, strpos($header, "\$\$", 0));
$user = substr($header, 1, strpos($header, "\$\$", 0) - 1);
$projgrp = substr($approval_string, strlen("\$\$approval-"));
$project = substr($projgrp, 0, strpos($projgrp, "/", 0));
$group = substr($projgrp, strpos($projgrp, "/", 0) + 1);
......@@ -75,8 +82,10 @@ while (list ($header, $value) = each ($HTTP_POST_VARS)) {
# There should be a corresponding trust variable in the POST vars.
# Note that we construct the variable name and indirect to it.
#
$foo = "$user\$\$trust-$project/$group";
$newtrust = $$foo;
$foo = "U${user}\$\$trust-$project/$group";
#echo "$foo<br>\n";
$newtrust = $HTTP_POST_VARS[$foo];
if (!$newtrust || strcmp($newtrust, "") == 0) {
TBERROR("Parse error finding trust in approveuser.php3", 1);
}
......@@ -95,6 +104,7 @@ while (list ($header, $value) = each ($HTTP_POST_VARS)) {
if (! ($target_user = User::Lookup($user))) {
TBERROR("Trying to approve unknown user $user.", 1);
}
$target_uid = $target_user->uid();
# Ditto the project.
if (! ($target_project = Project::Lookup($project))) {
......@@ -129,7 +139,7 @@ while (list ($header, $value) = each ($HTTP_POST_VARS)) {
#
$target_group->IsMember($target_user, $isapproved);
if ($isapproved) {
USERERROR("$user is already an approved member of ".
USERERROR("$target_uid is already an approved member of ".
"$project/$group!", 1);
}
......@@ -170,9 +180,10 @@ while (list ($header, $value) = each ($HTTP_POST_VARS)) {
if (!$subgroup_approval ||
(strcmp($subgroup_approval, "deny") &&
strcmp($subgroup_approval, "nuke"))) {
USERERROR("If you wish to deny/nuke user $user in project ".
"$project then you must deny/nuke in all of the ".
"subgroups $user is attempting to join.", 1);
USERERROR("If you wish to deny/nuke user $target_uid in ".
"project $project then you must deny/nuke in all ".
"of the subgroups $target_uid is attempting to ".
"join.", 1);
}
}
}
......@@ -198,9 +209,9 @@ while (list ($header, $value) = each ($HTTP_POST_VARS)) {
#
# Create and indirect through post var for project approval value.
#
$foo = "$user\$\$approval-$project/$project";
$bar = "$user\$\$trust-$project/$project";
$default_approval = $$foo;
$foo = "U${user}\$\$approval-$project/$project";
$bar = "U${user}\$\$trust-$project/$project";
$default_approval = $HTTP_POST_VARS[$foo];
if (!$default_approval || strcmp($default_approval, "") == 0) {
# Implicit group approval as user.
......@@ -222,7 +233,7 @@ while (list ($header, $value) = each ($HTTP_POST_VARS)) {
}
if (strcmp($approval, "approve") == 0 &&
strcmp($default_approval, "approve")) {
USERERROR("You cannot approve $user in $project/$group without ".
USERERROR("You cannot approve $target_uid in $project/$group without ".
"approval in the default group ($project/$project)!", 1);
}
}
......@@ -251,6 +262,7 @@ while (list ($user, $value) = each ($projectchecks)) {
if (! ($target_user = User::Lookup($user))) {
TBERROR("Could not find user object for $user", 1);
}
$target_uid = $target_user->uid();
#
# This looks for different trust levels in different subgroups
......@@ -260,8 +272,8 @@ while (list ($user, $value) = each ($projectchecks)) {
if (strcmp($pid, $gid)) {
if (isset($grouptrust[$pid]) &&
strcmp($grouptrust[$pid], $trust)) {
USERERROR("User $user may not have different trust levels in ".
"different subgroups of $pid!", 1);
USERERROR("User $target_uid may not have different trust ".
"levels in different subgroups of $pid!", 1);
}
$grouptrust[$pid] = $trust;
}
......@@ -293,7 +305,7 @@ while (list ($header, $value) = each ($POST_VARS_COPY)) {
continue;
}
$user = substr($header, 0, strpos($header, "\$\$", 0));
$user = substr($header, 1, strpos($header, "\$\$", 0) - 1);
$projgrp = substr($approval_string, strlen("\$\$approval-"));
$project = substr($projgrp, 0, strpos($projgrp, "/", 0));
$group = substr($projgrp, strpos($projgrp, "/", 0) + 1);
......@@ -302,8 +314,8 @@ while (list ($header, $value) = each ($POST_VARS_COPY)) {
#
# Corresponding trust value.
#
$foo = "$user\$\$trust-$project/$group";
$newtrust = $$foo;
$foo = "U${user}\$\$trust-$project/$group";
$newtrust = $HTTP_POST_VARS[$foo];
#
# Get the current status for the user, which we might need to change.
......@@ -319,6 +331,7 @@ while (list ($header, $value) = each ($POST_VARS_COPY)) {
$curstatus = $target_user->status();
$user_email = $target_user->email();
$user_name = $target_user->name();
$user_uid = $target_user->uid();
#echo "Status = $curstatus, Email = $user_email<br>\n";
# Ditto the project and group
......@@ -346,7 +359,7 @@ while (list ($header, $value) = each ($POST_VARS_COPY)) {
#
if (strcmp($approval, "postpone") == 0) {
echo "<p>
Membership status for user $user in $project/$group was
Membership status for user $user_uid in $project/$group was
<b>postponed</b> for later decision.\n";
continue;
}
......@@ -357,7 +370,7 @@ while (list ($header, $value) = each ($POST_VARS_COPY)) {
#
$target_group->DeleteMember($target_user);
TBMAIL("$user_name '$user' <$user_email>",
TBMAIL("$user_name '$user_uid' <$user_email>",
"Membership Denied in '$project/$group'",
"\n".
"This message is to notify you that you have been denied\n".
......@@ -371,7 +384,7 @@ while (list ($header, $value) = each ($POST_VARS_COPY)) {
"Errors-To: $TBMAIL_WWW");
echo "<p>
User $user was <b>denied</b> membership in $project/$group.
User $user_uid was <b>denied</b> membership in $project/$group.
<br>
The user will need to reapply again if this was in error.\n";
......@@ -394,7 +407,8 @@ while (list ($header, $value) = each ($POST_VARS_COPY)) {
#
if (count($project_list)) {
echo "<p>
User $user was <b>denied</b> membership in $project/$group.
User $user_uid was <b>denied</b> membership in
$project/$group.
<br>
Since the user is a member (or requesting membership)
in other projects, the account cannot be safely removed.\n";
......@@ -411,17 +425,18 @@ while (list ($header, $value) = each ($POST_VARS_COPY)) {
if (strcmp($curstatus, "newuser") &&
strcmp($curstatus, "unapproved")) {
echo "<p>
User $user was <b>denied</b> membership in $project/$group.
User $user_uid was <b>denied</b> membership in
$project/$group.
<br>
Since the user has been approved by, or was active in other
projects in the past, the account cannot be safely removed.
\n";
continue;
}
SUEXEC($uid, $TBADMINGROUP, "webrmuser -n -p $project $user", 1);
SUEXEC($uid, $TBADMINGROUP, "webrmuser -n -p $project $user_uid", 1);
echo "<p>
User $user was <b>denied</b> membership in $project/$group.
User $user_uid was <b>denied</b> membership in $project/$group.
<br>
The account has also been <b>terminated</b>!\n";
......@@ -449,17 +464,17 @@ while (list ($header, $value) = each ($POST_VARS_COPY)) {
#
# Create user account on control node.
#
SUEXEC($uid, $TBADMINGROUP, "webtbacct add $user", 1);
SUEXEC($uid, $TBADMINGROUP, "webtbacct add $user_uid", 1);
}
#
# Only need to add new membership.
#
SUEXEC($uid, $TBADMINGROUP,
"webmodgroups -a $project:$group:$newtrust $user", 1);
"webmodgroups -a $project:$group:$newtrust $user_uid", 1);
echo "<p>
User $user was <b>granted</b> membership in $project/$group
with $newtrust permissions.\n";
User $user_uid was <b>granted</b> membership in
$project/$group with $newtrust permissions.\n";
continue;
}
......
<?php
#
# EMULAB-COPYRIGHT
# Copyright (c) 2000-2003, 2006 University of Utah and the Flux Group.
# Copyright (c) 2000-2003, 2006, 2007 University of Utah and the Flux Group.
# All rights reserved.
#
include("defs.php3");
......@@ -18,6 +18,11 @@ $this_user = CheckLoginOrDie();
$auth_usr = $this_user->uid();
$auth_usridx = $this_user->uid_idx();
#
# The reason for this call is to make sure that globals are set properly.
#
$reqargs = RequiredPageArguments();
#
# Find all of the groups that this person has project/group root in, and
# then in all of those groups, all of the people who are awaiting to be
......@@ -167,7 +172,7 @@ while (list ($uid_idx, $grouplist) = each ($approvelist)) {
<td rowspan=2>$gid</td>
<td rowspan=2>$date_applied</td>
<td rowspan=2>
<select name=\"$newuid\$\$approval-$pid/$gid\">
<select name=\"U${uid_idx}\$\$approval-$pid/$gid\">
<option value='postpone'>Postpone </option>
<option value='approve'>Approve </option>
<option value='deny'>Deny </option>
......@@ -175,7 +180,7 @@ while (list ($uid_idx, $grouplist) = each ($approvelist)) {
</select>
</td>
<td rowspan=2>
<select name=\"$newuid\$\$trust-$pid/$gid\">\n";
<select name=\"U${uid_idx}\$\$trust-$pid/$gid\">\n";
if ($group->CheckTrustConsistency($user, TBDB_TRUSTSTRING_USER, 0)) {
echo "<option value='user'>User </option>\n";
......
<?php
#
# EMULAB-COPYRIGHT
# Copyright (c) 2006 University of Utah and the Flux Group.
# Copyright (c) 2006, 2007 University of Utah and the Flux Group.
# All rights reserved.
#
include("defs.php3");
include("showstuff.php3");
#
# Only known and logged in users.
......@@ -16,51 +15,25 @@ $isadmin = ISADMIN();
#
# Verify page arguments.
#
if (!isset($pid) ||
strcmp($pid, "") == 0) {
USERERROR("You must provide a Project ID.", 1);
}
if (!isset($eid) ||
strcmp($eid, "") == 0) {
USERERROR("You must provide an Experiment ID.", 1);
}
if (!TBvalid_pid($pid)) {
PAGEARGERROR("Invalid project ID.");
}
if (!TBvalid_eid($eid)) {
PAGEARGERROR("Invalid experiment ID.");
}
#
# Check to make sure this is a valid PID/EID tuple.
#
if (! TBValidExperiment($pid, $eid)) {
USERERROR("The experiment $eid is not a valid experiment ".
"in project $pid.", 1);
}
$reqargs = RequiredPageArguments("experiment", PAGEARG_EXPERIMENT);
#
# Verify Permission.
#
if (! TBExptAccessCheck($uid, $pid, $eid, $TB_EXPT_MODIFY)) {
if (! $experiment->AccessCheck($this_user, $TB_EXPT_MODIFY)) {
USERERROR("You do not have permission to view experiment $eid!", 1);
}
$exptidx = TBExptIndex($pid, $eid);
if ($exptidx < 0) {
TBERROR("Could not get experiment index for $pid/$eid!", 1);
}
if (!TBExptGroup($pid, $eid, $gid)) {
TBERROR("Could not get experiment gid for $pid/$eid!", 1);
}
# Group to suexc as.
$pid = $experiment->pid();
$gid = $experiment->gid();
#
# Not many actions to consider.
#
if (isset($commit) && $commit != "") {
SUEXEC($uid, "$pid,$gid",
SUEXEC($uid, $pid,$gid",
"webarchive_control commit $pid $eid",
SUEXEC_ACTION_DIE);
}
......
<?php
#
# EMULAB-COPYRIGHT
# Copyright (c) 2000-2006 University of Utah and the Flux Group.
# Copyright (c) 2000-2007 University of Utah and the Flux Group.
# All rights reserved.
#
include("defs.php3");
include("showstuff.php3");
#
# Only known and logged in users can end experiments.
......@@ -17,31 +16,18 @@ $isadmin = ISADMIN();
#
# Verify page arguments.
#
# An experiment idx.
if (! isset($exptidx) || $exptidx == "") {
USERERROR("Must supply an experiment index!", 1);
}
if (!TBvalid_integer($exptidx)) {
USERERROR("Invalid characters in $exptidx!", 1);
}
$reqargs = RequiredPageArguments("experiment", PAGEARG_EXPERIMENT);
#
# We get an index. Must map that to a pid/gid to do a group level permission
# check, since it might not be an current experiment.
#
unset($pid);
unset($eid);
unset($gid);
if (TBExptidx2PidEid($exptidx, $pid, $eid, $gid) < 0) {
USERERROR("No such experiment index $exptidx!", 1);
}
if (!TBCurrentExperiment($exptidx)) {
USERERROR("Experiment index $exptidx is not a current experiment!", 1);
}
# Need these below.
$pid = $experiment->pid();
$eid = $experiment->eid();
$gid = $experiment->gid();
# Permission
if (!$isadmin &&
!TBProjAccessCheck($uid, $pid, $gid, $TB_PROJECT_READINFO)) {
!$experiment->AccessCheck($this_user, $TB_PROJECT_READINFO)) {
USERERROR("You do not have permission to view missing files for ".
"archive in $pid/$gid ($exptidx)!", 1);
"archive in $pid/$eid!", 1);
}
#
......@@ -63,7 +49,7 @@ if (isset($movesome)) {
"webarchive_control addtoarchive $pid $eid $fileargs",
SUEXEC_ACTION_DUPDIE);
header("Location: archive_missing.php3?exptidx=$exptidx");
header("Location: " . CreateURL("archive_missing", $experiment));
return;
}
......@@ -102,13 +88,8 @@ echo "<script language=JavaScript>
//-->
</script>\n";
echo "<font size=+2>".
"Experiment <b>".
"<a href='showproject.php3?pid=$pid'>$pid</a>/".
"<a href='showexp.php3?pid=$pid&eid=$eid'>$eid</a> ".
"</b></font>\n";
"<br>";
echo "<br>\n";
echo $experiment->PageHeader();
echo "<br><br>\n";
#
# We ask an external script for the list of missing files.
......@@ -129,8 +110,9 @@ if (count($suexec_output_array)) {
echo "</b><br><br>";
echo "<table border=1>\n";
echo "<form action='archive_missing.php3?exptidx=$exptidx'
onsubmit=\"return false;\"
echo "<form action='" .
CreateURL("archive_missing", $experiment) . "' " .
"onsubmit=\"return false;\"
name=form1 method=post>\n";
echo "<input type=hidden name=movesome value=Submit>\n";
echo "<tr><td align=center colspan=2>\n";
......
<?php
#
# EMULAB-COPYRIGHT
# Copyright (c) 2006 University of Utah and the Flux Group.
# Copyright (c) 2006, 2007 University of Utah and the Flux Group.
# All rights reserved.
#
include("defs.php3");
include("showstuff.php3");
#
# Standard Testbed Header
......@@ -22,36 +21,25 @@ $isadmin = ISADMIN();
#
# Verify page arguments.
#
if (! isset($exptidx) || $exptidx == "") {
USERERROR("Must supply an experiment to view!", 1);
}
if (!TBvalid_integer($exptidx)) {
USERERROR("Invalid characters in $exptidx!", 1);
}
<