Commit 7fc24a33 authored by Mike Hibler's avatar Mike Hibler

Compensate for AMD mountpoint on boss-side users/proj/groups checks.

parent bea653e8
......@@ -67,3 +67,4 @@
#undef NOVIRTNFSMOUNTS
#undef WITHZFS
#undef WITHAMD
......@@ -665,6 +665,8 @@ ZFS_ROOT
ZFS_QUOTA_USER
ZFS_QUOTA_PROJECT
ZFS_QUOTA_GROUP
WITHAMD
AMD_ROOT
NOVIRTNFSMOUNTS
IMAGEDELTAS
PROFILEVERSIONS
......@@ -5109,6 +5111,8 @@ ZFS_ROOT=z
ZFS_QUOTA_USER="1G"
ZFS_QUOTA_PROJECT="100G"
ZFS_QUOTA_GROUP="10G"
WITHAMD=0
AMD_ROOT=/.amd_mnt
#
# XXX You really don't want to change these!
......@@ -5501,6 +5505,12 @@ if test $WITHZFS -eq 1; then
#define WITHZFS 1
_ACEOF
fi
if test $WITHAMD -eq 1; then
cat >>confdefs.h <<_ACEOF
#define WITHAMD 1
_ACEOF
fi
cat >>confdefs.h <<_ACEOF
#define IMPORT_TMPDIR "$IMPORT_TMPDIR"
......
......@@ -300,6 +300,8 @@ AC_SUBST(ZFS_ROOT)
AC_SUBST(ZFS_QUOTA_USER)
AC_SUBST(ZFS_QUOTA_PROJECT)
AC_SUBST(ZFS_QUOTA_GROUP)
AC_SUBST(WITHAMD)
AC_SUBST(AMD_ROOT)
#
# Offer both versions of the email addresses that have the @ escaped
......@@ -451,6 +453,8 @@ ZFS_ROOT=z
ZFS_QUOTA_USER="1G"
ZFS_QUOTA_PROJECT="100G"
ZFS_QUOTA_GROUP="10G"
WITHAMD=0
AMD_ROOT=/.amd_mnt
#
# XXX You really don't want to change these!
......@@ -657,6 +661,9 @@ fi
if test $WITHZFS -eq 1; then
AC_DEFINE_UNQUOTED(WITHZFS, 1)
fi
if test $WITHAMD -eq 1; then
AC_DEFINE_UNQUOTED(WITHAMD, 1)
fi
AC_DEFINE_UNQUOTED(IMPORT_TMPDIR, "$IMPORT_TMPDIR")
LOG_TESTBED=`echo "LOG_$TBLOGFACIL" | tr a-z A-Z`
......
......@@ -141,3 +141,4 @@ ZFS_ROOT=z
ZFS_QUOTA_USER="1G"
ZFS_QUOTA_PROJECT="100G"
ZFS_QUOTA_GROUP="10G"
WITHAMD=1
......@@ -67,6 +67,15 @@ $MAILTAG = "@THISHOMEBASE@";
$SYSTEM_DEBUG = 0;
@EXPORT_OK = qw($SYSTEM_DEBUG);
#
# If AMD is used on boss (currently, only if ZFS is used to
# provide per-user and per-project filesystems), then we have to
# account for the AMD mount point (e.g., "/.amd_mnt") when determining
# if a path is valid or not.
#
my $WITHAMD = "@WITHAMD@";
my $AMDROOT = "@AMD_ROOT@";
#
# Real mount points (on the fileserver) for exported directories.
# At the moment, we have no reason to export these via functions.
......@@ -523,6 +532,13 @@ sub TBValidUserDir($$;$$$)
if ($FSDIR_SCRATCH) {
$sroot = $FSDIR_SCRATCH;
}
} elsif ($WITHAMD) {
$uroot = $AMDROOT/$USERROOT;
$proot = $AMDROOT/$PROJROOT;
$groot = $AMDROOT/$GROUPROOT;
if ($FSDIR_SCRATCH) {
$sroot = $AMDROOT/$SCRATCHROOT;
}
} else {
$uroot = $USERROOT;
$proot = $PROJROOT;
......
......@@ -56,6 +56,7 @@ my $TB = "@prefix@";
my $parser = "$TB/libexec/parse-ns";
my $status = 0;
my $dirname;
my $ISFS = ("@BOSSNODE_IP@" eq "@FSNODE_IP@") ? 1 : 0;
#
# Testbed Support libraries
......@@ -123,7 +124,7 @@ else {
if (! ($tempfile =~ /^\/tmp\/[-\w]+-\d+\.nsfile/) &&
! ($tempfile =~ /^\/var\/tmp\/php\w+/) &&
! ($tempfile =~ /^\/tmp\/php\w+/) &&
! TBValidUserDir($tempfile, 0)) {
! TBValidUserDir($tempfile, $ISFS)) {
fatal("$tempfile does not resolve to an appropriate directory!\n");
}
......
......@@ -136,6 +136,7 @@ my $CONTROL = "@USERNODE@";
my $NONFS = @NOSHAREDFS@;
my $WITHPROVENANCE= @IMAGEPROVENANCE@;
my $WITHDELTAS = @IMAGEDELTAS@;
my $ISFS = ("@BOSSNODE_IP@" eq "@FSNODE_IP@") ? 1 : 0;
#
# Testbed Support libraries
......@@ -688,7 +689,7 @@ if (-d $filename) {
# runs as the caller, regular file permission checks ensure its a file
# the user is allowed to use.
#
if (! TBValidUserDir($filename, 0)) {
if (! TBValidUserDir($filename, $ISFS)) {
die("*** $0:\n".
" $filename does not resolve to an allowed directory!\n");
}
......
#!/usr/bin/perl -w
#
# Copyright (c) 2005 University of Utah and the Flux Group.
# Copyright (c) 2005, 2014 University of Utah and the Flux Group.
#
# {{{EMULAB-LICENSE
#
......@@ -29,9 +29,12 @@ use Cwd qw(realpath);
#
# Configure variables
#
my $TB = "@prefix@";
my $FSDIR_PROJ = "@FSDIR_PROJ@";
my $FSDIR_GROUPS = "@FSDIR_GROUPS@";
my $TB = "@prefix@";
my $FSDIR_PROJ = "@FSDIR_PROJ@";
my $FSDIR_GROUPS = "@FSDIR_GROUPS@";
my $ISFS = ("@BOSSNODE_IP@" eq "@FSNODE_IP@") ? 1 : 0;
my $WITHAMD = "@WITHAMD@";
my $AMDROOT = "@AMD_ROOT@";
use lib "@prefix@/lib";
use libdb;
......@@ -80,9 +83,19 @@ if ($src =~ /^($tmpdir\/php[\w]+)$/) {
die("*** Source isn't a php temp file.\n");
}
my $pr = PROJROOT();
my $gr = GROUPROOT();
if ($dst =~ /^(($pr|$FSDIR_PROJ|$gr|$FSDIR_GROUPS)\/[-\w\/.]+)$/) {
my ($pr,$gr);
if ($ISFS) {
$pr = FSDIR_PROJ;
$gr = FSDIR_GROUPS;
} else {
$pr = PROJROOT();
$gr = GROUPROOT();
if ($AMDROOT) {
$pr = "$AMDROOT/$pr";
$gr = "$AMDROOT/$gr";
}
}
if ($dst =~ /^(($pr|$gr)\/[-\w\/.]+)$/) {
$dst = $1;
} else {
die("*** Destination must be in "
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment