Commit 95b185bd authored by Leigh B. Stoller's avatar Leigh B. Stoller

Do not allow images that are marked global to be created via the

create_image script. Also check path; filename must translate to a path
on /proj, /users, or /groups since the image is actually written from
the node, and those are the only places it makes sense to write them to.

Minor change to web interface; email error messages to user *and* to
tbops; was going only to tbops.
parent 9dc93498
...@@ -9,6 +9,7 @@ ...@@ -9,6 +9,7 @@
use English; use English;
use Getopt::Std; use Getopt::Std;
use POSIX qw(setsid); use POSIX qw(setsid);
use File::Basename;
# #
# Create a disk image. # Create a disk image.
...@@ -203,9 +204,13 @@ my $filename = $imageid_row{'path'}; ...@@ -203,9 +204,13 @@ my $filename = $imageid_row{'path'};
my $isglobal = $imageid_row{'global'}; my $isglobal = $imageid_row{'global'};
# #
# If a global image, make up a name. Admin person will need to copy image # Throw an error if the image is global; we cannot write images into
# to boss. # /usr/testbed/images. In fact, lets check the filename just in case.
# #
if ($isglobal) {
die("*** $0:\n".
" Not able to autocreate images that are marked global!\n");
}
# Untaint. Very silly. # Untaint. Very silly.
if ($filename =~ /^([-\w\.\/\+]+)$/) { if ($filename =~ /^([-\w\.\/\+]+)$/) {
...@@ -216,6 +221,34 @@ else { ...@@ -216,6 +221,34 @@ else {
" Bad filename: $filename!\n"); " Bad filename: $filename!\n");
} }
#
# Make sure real path is someplace that makes sense; remember that the
# image is created on the nodes, and it NFS mounts directories on ops.
# Writing the image to anyplace else is just going to break things.
#
# Use realpath to resolve any symlinks.
#
my $translated = `realpath $filename`;
if ($translated =~ /^([-\w\.\/]+)$/) {
$filename = $1;
}
else {
die("*** $0:\n".
" Bad data returned by realpath: $translated\n");
}
#
# The file must reside in /proj, /groups, or /users. Since this script
# runs as the caller, regular file permission checks ensure its a file
# the user is allowed to use.
#
if (! ($filename =~ /^\/proj/) &&
! ($filename =~ /^\/groups/) &&
! ($filename =~ /^\/users/)) {
die("*** $0:\n".
" $filename does not resolve to an allowed directory!\n");
}
# #
# Be sure to kill off running frisbee. If a node is trying to load that # Be sure to kill off running frisbee. If a node is trying to load that
# image, well tough. # image, well tough.
......
...@@ -209,6 +209,7 @@ define("SUEXEC_ACTION_CONTINUE", 0); ...@@ -209,6 +209,7 @@ define("SUEXEC_ACTION_CONTINUE", 0);
define("SUEXEC_ACTION_DIE", 1); define("SUEXEC_ACTION_DIE", 1);
define("SUEXEC_ACTION_USERERROR", 2); define("SUEXEC_ACTION_USERERROR", 2);
define("SUEXEC_ACTION_IGNORE", 3); define("SUEXEC_ACTION_IGNORE", 3);
define("SUEXEC_ACTION_DUPDIE", 4);
# #
# An suexec error. # An suexec error.
...@@ -235,6 +236,10 @@ function SUEXECERROR($action) ...@@ -235,6 +236,10 @@ function SUEXECERROR($action)
break; break;
case SUEXEC_ACTION_IGNORE: case SUEXEC_ACTION_IGNORE:
break; break;
case SUEXEC_ACTION_DUPDIE:
TBERROR($foo, 0, 1);
USERERROR("<XMP>$foo</XMP>", 1);
break;
default: default:
TBERROR($foo, 1, 1); TBERROR($foo, 1, 1);
} }
......
<?php <?php
# #
# EMULAB-COPYRIGHT # EMULAB-COPYRIGHT
# Copyright (c) 2000-2003 University of Utah and the Flux Group. # Copyright (c) 2000-2004 University of Utah and the Flux Group.
# All rights reserved. # All rights reserved.
# #
include("defs.php3"); include("defs.php3");
...@@ -80,7 +80,7 @@ if (! TBNodeAccessCheck($uid, $node, $TB_NODEACCESS_LOADIMAGE)) { ...@@ -80,7 +80,7 @@ if (! TBNodeAccessCheck($uid, $node, $TB_NODEACCESS_LOADIMAGE)) {
} }
# Should check for file file_exists($image_path), # Should check for file file_exists($image_path),
# but that's too messy. # but too messy.
if (! isset($confirmed) ) { if (! isset($confirmed) ) {
echo "<center><form action='loadimage.php3' method='post'>\n". echo "<center><form action='loadimage.php3' method='post'>\n".
...@@ -107,7 +107,8 @@ echo "<br> ...@@ -107,7 +107,8 @@ echo "<br>
<br><br>\n"; <br><br>\n";
flush(); flush();
SUEXEC($uid, $unix_gid, "webcreateimage -p $image_pid $image_name $node", 1); SUEXEC($uid, $unix_gid, "webcreateimage -p $image_pid $image_name $node",
SUEXEC_ACTION_DUPDIE);
echo "This will take 10 minutes or more; you will receive email echo "This will take 10 minutes or more; you will receive email
notification when the snapshot is complete. In the meantime, notification when the snapshot is complete. In the meantime,
......
...@@ -896,7 +896,8 @@ if (isset($node)) { ...@@ -896,7 +896,8 @@ if (isset($node)) {
<br><br>\n"; <br><br>\n";
flush(); flush();
SUEXEC($uid, $unix_gid, "webcreateimage -p $pid $imagename $node", 1); SUEXEC($uid, $unix_gid, "webcreateimage -p $pid $imagename $node",
SUEXEC_ACTION_DUPDIE);
echo "This will take 10 minutes or more; you will receive email echo "This will take 10 minutes or more; you will receive email
notification when the image is complete. In the meantime, notification when the image is complete. In the meantime,
......
...@@ -879,7 +879,7 @@ if ($cancelled) { ...@@ -879,7 +879,7 @@ if ($cancelled) {
$confirmationWarning = ""; $confirmationWarning = "";
# #
# If user doesn't define a node to suck the image from, # If user does not define a node to suck the image from,
# we seek confirmation. # we seek confirmation.
# #
if (! isset($node)) { if (! isset($node)) {
...@@ -1041,7 +1041,8 @@ if (isset($node)) { ...@@ -1041,7 +1041,8 @@ if (isset($node)) {
<br><br>\n"; <br><br>\n";
flush(); flush();
SUEXEC($uid, $unix_gid, "webcreateimage -p $pid $imagename $node", 1); SUEXEC($uid, $unix_gid, "webcreateimage -p $pid $imagename $node",
SUEXEC_ACTION_DUPDIE);
echo "This will take 10 minutes or more; you will receive email echo "This will take 10 minutes or more; you will receive email
notification when the image is complete. In the meantime, notification when the image is complete. In the meantime,
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment