All new accounts created on Gitlab now require administrator approval. If you invite any collaborators, please let Flux staff know so they can approve the accounts.

sslxmlrpc_server.py.in 18.7 KB
Newer Older
1
#!/usr/local/bin/python
2
#
3
# Copyright (c) 2005-2017 University of Utah and the Flux Group.
4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22
# 
# {{{EMULAB-LICENSE
# 
# This file is part of the Emulab network testbed software.
# 
# This file is free software: you can redistribute it and/or modify it
# under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or (at
# your option) any later version.
# 
# This file is distributed in the hope that it will be useful, but WITHOUT
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Affero General Public
# License for more details.
# 
# You should have received a copy of the GNU Affero General Public License
# along with this file.  If not, see <http://www.gnu.org/licenses/>.
# 
# }}}
23 24 25
#
import sys
import getopt
Timothy Stack's avatar
 
Timothy Stack committed
26
import os, os.path
27
import time
28
import pwd
29 30 31
import traceback
import syslog
import string
32
import socket
33

Timothy Stack's avatar
 
Timothy Stack committed
34 35 36 37
import BaseHTTPServer

from SimpleXMLRPCServer import SimpleXMLRPCDispatcher

38
# Testbed specific stuff
39
TBDIR = "@prefix@"
Timothy Stack's avatar
 
Timothy Stack committed
40 41 42 43 44
TBPATH = "@prefix@/lib"
if TBPATH not in sys.path:
    sys.path.append(TBPATH)
    pass

45
from libdb        import *
46

Timothy Stack's avatar
 
Timothy Stack committed
47 48 49 50 51 52 53
try:
    from M2Crypto import SSL
    from M2Crypto.SSL import SSLError
except ImportError, e:
    sys.stderr.write("error: The py-m2crypto port is not installed\n")
    sys.exit(1)
    pass
54 55 56 57 58 59 60 61 62 63 64 65 66 67

# When debugging, runs in foreground printing to stdout instead of syslog
debug           = 0

# The port to listen on. We should get this from configure.
PORT            = 3069

# The local address. Using INADDY_ANY for now.
ADDR            = "0.0.0.0"

# The server certificate and the server CS.
server_cert     = "@prefix@/etc/server.pem"
ca_cert         = "@prefix@/etc/emulab.pem"

68 69 70 71 72 73 74
#
# By default, run a wrapper class that includes all off the modules.
# The client can invoke methods of the form experiment.swapexp when
# the server is invoked in this manner.
# 
DEFAULT_MODULE = "EmulabServer"
module         = DEFAULT_MODULE
75

Timothy Stack's avatar
 
Timothy Stack committed
76 77 78 79 80 81 82 83 84 85 86 87 88 89
#
# "Standard" paths for the real and development versions of the software.
#
STD_PATH       = "/usr/testbed"
STD_DEVEL_PATH = "/usr/testbed/devel"

#
# The set of paths that the user is allowed to specify in their request.  The
# path specifies where the 'emulabserver' module will be loaded from.  In
# reality, the path only has an effect on the first request in a persistent
# connection, any subsequent requests will reuse the same module.
#
ALLOWED_PATHS  = [ STD_PATH, "@prefix@" ]

90 91
# syslog facility
LOGFACIL	= "@TBLOGFACIL@"
92

93 94 95 96
# See below.
WITHZFS            = @WITHZFS@
ZFS_NOEXPORT       = @ZFS_NOEXPORT@

Timothy Stack's avatar
 
Timothy Stack committed
97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124
##
# Taken from the SimpleXMLRPCServer module in the python installation and
# modified to support persistent connections.
#
class MyXMLRPCRequestHandler(BaseHTTPServer.BaseHTTPRequestHandler):
    """Simple XML-RPC request handler class.

    Handles all HTTP POST requests and attempts to decode them as
    XML-RPC requests.
    """

    ##
    # Change the default protocol so that persistent connections are the norm.
    #
    protocol_version = "HTTP/1.1"

    ##
    # Handle a POST request from the user.  This method was changed from the
    # standard version to not close the 
    #
    def do_POST(self):
        """Handles the HTTP POST request.

        Attempts to interpret all HTTP POST requests as XML-RPC calls,
        which are forwarded to the server's _dispatch method for handling.
        """

        # Update PYTHONPATH with the user's requested path.
Leigh B. Stoller's avatar
Leigh B. Stoller committed
125
        self.server.set_path(self.path, self.client_address)
Timothy Stack's avatar
 
Timothy Stack committed
126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160

        try:
            # get arguments
            data = self.rfile.read(int(self.headers["content-length"]))
            # In previous versions of SimpleXMLRPCServer, _dispatch
            # could be overridden in this class, instead of in
            # SimpleXMLRPCDispatcher. To maintain backwards compatibility,
            # check to see if a subclass implements _dispatch and dispatch
            # using that method if present.
            response = self.server._marshaled_dispatch(
                    data, getattr(self, '_dispatch', None)
                )
        except: # This should only happen if the module is buggy
            # internal error, report as HTTP server error
            self.send_response(500)
            self.end_headers()
            self.wfile.flush()
        else:
            # got a valid XML RPC response
            self.send_response(200)
            self.send_header("Content-type", "text/xml")
            self.send_header("Content-length", str(len(response)))
            self.end_headers()
            self.wfile.write(response)
            self.wfile.flush()
            pass
        return

    def log_request(self, code='-', size='-'):
        """Selectively log an accepted request."""

        if self.server.logRequests:
            BaseHTTPServer.BaseHTTPRequestHandler.log_request(self, code, size)


161
#
162 163 164 165 166 167 168 169
# A simple server based on the forking version SSLServer. We fork cause
# we want to change our uid/gid to that of the person on the other end.
# 
class MyServer(SSL.ForkingSSLServer, SimpleXMLRPCDispatcher):
    def __init__(self, debug):
        self.debug         = debug
	self.logRequests   = 0
        self.emulabserver  = None;
170 171
        self.glist         = [];
        self.plist         = {};
Leigh B Stoller's avatar
Leigh B Stoller committed
172 173
        self.flipped       = 0;
        
174 175 176 177 178 179
	ctx = SSL.Context('sslv23')
	ctx.load_cert(server_cert, server_cert)
	ctx.load_verify_info(ca_cert)
        ctx.set_verify(SSL.verify_peer | SSL.verify_fail_if_no_peer_cert, 16)
	ctx.set_allow_unknown_ca(0)
	#ctx.set_info_callback()
Timothy Stack's avatar
 
Timothy Stack committed
180
        
Mike Hibler's avatar
Mike Hibler committed
181 182 183 184 185
        dargs = (self,)
        if sys.version_info[0] >= 2 and sys.version_info[1] >= 5:
            dargs = (self,False,None)
            pass
        SimpleXMLRPCDispatcher.__init__(*dargs)
186
        SSL.SSLServer.__init__(self, (ADDR, PORT),
Timothy Stack's avatar
 
Timothy Stack committed
187
                               MyXMLRPCRequestHandler, ctx)
188 189
	pass

Timothy Stack's avatar
 
Timothy Stack committed
190 191 192 193 194
    ##
    # Log a message to stdout, if in debug mode, otherwise write to syslog.
    #
    # @param msg The message to log.
    #
195 196 197 198 199 200 201 202
    def logit(self, msg):
        if debug:
            print msg
            pass
        else:
            syslog.syslog(syslog.LOG_INFO, msg);
            pass
        return
Timothy Stack's avatar
 
Timothy Stack committed
203 204 205 206 207 208 209 210 211

    ##
    # Updates PYTHONPATH and imports the 'emulabserver' module on its first
    # invocation.  The specified path must be in the ALLOWED_PATHS list and
    # readable by the user, otherwise the request will fail.
    #
    # @param path The path from the POST request, should not include "lib" on
    # the end (e.g. "/usr/testbed")
    #
Leigh B. Stoller's avatar
Leigh B. Stoller committed
212
    def set_path(self, path, client_address):
Timothy Stack's avatar
 
Timothy Stack committed
213 214 215 216 217 218 219 220 221 222 223 224 225
        if not self.emulabserver:
            if path not in ALLOWED_PATHS:
                self.logit("Disallowed path: %s" % path)
                raise Exception("Path not allowed: %s" % path)
            path = os.path.join(path, "lib")
            if not os.access(path, os.X_OK):
                self.logit("Path not accessible by user: %s" % path)
                raise Exception("Permission denied: %s" % path)

            if path not in sys.path:
                sys.path.append(path)
                pass
            from emulabserver import EmulabServer
226 227 228

            self.emulabserver = EmulabServer(self.uid, self.uid_idx,
                                             readonly=0,
229 230
                                             clientip=client_address[0],
                                             debug=self.debug)
231
            self.logit("imported EmulabServer")
Timothy Stack's avatar
 
Timothy Stack committed
232 233
            pass
        return
234 235 236 237 238 239 240 241
    
    #
    # There might be a better arrangement, but the problem is that we
    # do not want to create the server instance until we get a chance
    # to look at the certificate and determine the priv level. See
    # below in process_request(). 
    #
    def _dispatch(self, method, params):
242 243
        self.fliptouser(params)
        
244 245 246 247 248
        try:
            meth = getattr(self.emulabserver, method);
        except AttributeError:
            raise Exception('method "%s" is not supported' % method)
        else:
249
            self.logit("Calling method '" + method + "'");
250 251 252 253
            return apply(meth, params);
        pass

    #
254
    # Get the unix_uid for the user. User must be active. 
255
    #
256 257 258
    def getuserid(self, uuid):
        userQuery = DBQueryFatal("select uid,uid_idx,unix_uid,status "
                                 "  from users "
259 260
                                 "where (uid_uuid=%s or uid=%s) and "
                                 "       status='active'",
261
                                 (uuid, uuid))
262
        
263
        if len(userQuery) == 0:
264
            return (None, None, 0);
265
        
266 267
        if (userQuery[0][3] != "active"):
            return (None, None, -1);
268
        
269
        return (userQuery[0][0], int(userQuery[0][1]), int(userQuery[0][2]))
Timothy Stack's avatar
 
Timothy Stack committed
270 271

    #
272
    # Check if the user is an stud.
Timothy Stack's avatar
 
Timothy Stack committed
273
    #
274 275 276
    def isstuduser(self, uid_idx):
        res = DBQueryFatal("select stud from users where uid_idx=%s",
                           (str(uid_idx),))
Timothy Stack's avatar
 
Timothy Stack committed
277 278 279 280 281

        if len(res) == 0:
            return 0

        return res[0][0]
282
    
283 284 285
    #
    # Check the certificate serial number. 
    #
286
    def checkcert(self, uid_idx, serial):
287
        res = DBQueryFatal("select idx from user_sslcerts "
288
                           "where uid_idx=%s and idx=%s and revoked is null ",
289
                           (str(uid_idx), serial))
290 291 292

        return len(res)
    
293 294 295
    #
    # Get the group list for the user.
    #
296
    def getusergroups(self, uid_idx):
297
        res = DBQueryFatal("select distinct g.pid,g.unix_gid,date_approved "
298 299
                           "  from group_membership as m "
                           "left join groups as g on "
300 301
                           "  g.pid_idx=m.pid_idx and g.gid_idx=m.gid_idx "
                           "where m.uid_idx=%s "
302
                           "order by date_approved asc ",
303
                           (str(uid_idx),))
304 305
        
        for group in res:
306 307 308 309 310 311
            self.glist.append(int(group[1]))
            # List of all projects, with a list of gids per project.
            if not self.plist.has_key(group[0]):
                self.plist[group[0]] = []
                pass
            self.plist[group[0]].append(int(group[1]))
312
            pass
313
        pass
314

315
    def setupuser(self, request, client):
316 317
        exports_active = TBGetSiteVar("general/export_active");
        
318 319 320 321
        subject = request.get_peer_cert().get_subject()
        if self.debug:
            self.logit(str(subject))
            pass
322 323 324 325 326 327

        #
        # The CN might look like UUID,serial so split it up.
        #
        cnwords = getattr(subject, "CN").split(",")
        self.uuid = cnwords[0]
328 329 330 331
        
        #
        # Must be a valid and non-zero unix_uid from the DB.
        #
332
        (self.uid,self.uid_idx,self.unix_uid) = self.getuserid(self.uuid)
333
        
334 335 336
        if self.unix_uid == 0:
            self.logit('No such user: "%s"' % self.uuid)
            raise Exception('No such user: "%s"' % self.uuid)
337
        
338 339 340 341
        if self.unix_uid == -1:
            self.logit('User "%s,%d" is not active' % (self.uid,self.uid_idx))
            raise Exception('User "%s,%d" is not active' %
                            (self.uid,self.uid_idx))
Timothy Stack's avatar
 
Timothy Stack committed
342

343
        self.stud = self.isstuduser(self.uid_idx)
344
        if self.stud:
345 346 347 348 349 350 351
            try:
                ALLOWED_PATHS.extend(map(lambda x:
                                         os.path.join(STD_DEVEL_PATH, x),
                                         os.listdir(STD_DEVEL_PATH)))
                pass
            except OSError:
                pass
Timothy Stack's avatar
 
Timothy Stack committed
352
            pass
353
        
354
        self.getusergroups(self.uid_idx);
355
        if len(self.glist) == 0:
356 357 358
            self.logit('No groups for user: "%s,%d"' % (self.uid,self.uid_idx))
            raise Exception('No groups for user: "%s,%d"' %
                            (self.uid,self.uid_idx))
359

360 361
        self.logit("Connect from %s: %s,%d" %
                   (client[0], self.uid, self.uid_idx))
362
        
363 364 365 366 367 368 369
        #
        # Check the certificate serial number. At the moment, the serial
        # must match a certificate that is in the DB for that user. This
        # is my crude method of certificate revocation. 
        #
        serial = request.get_peer_cert().get_serial_number()
        
370
        if self.checkcert(self.uid_idx, serial) == 0:
371 372
            self.logit('No such cert with serial "%s"' % serial)
            raise Exception('No such cert with serial "%s"' % serial)
373

374 375 376 377
        #
        # We have to make sure the exports are done, since the user might
        # not be using the web interface at all.
        #
378
        if WITHZFS and ZFS_NOEXPORT and int(exports_active) > 0:
379 380 381 382 383
            limit = ((int(exports_active) * 24) - 12) * 3600
                
            res = DBQueryFatal("select UNIX_TIMESTAMP(last_activity) "
                               "  from user_stats "
		               "where uid_idx=%s",
384
                               (str(self.uid_idx),))
385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401
            
            last_activity = int(res[0][0])

            self.logit("%s: limit,last_activity for %s,%d: %d,%d,%d" %
                           (client[0], self.uid, self.uid_idx,
                            limit, last_activity, int(time.time())))
            
            # Always update weblogin_last so exports_setup will do something,
            # and to mark activity to keep mount active.
            DBQueryFatal("update user_stats set last_activity=now() "
		         "where uid_idx=%s",
                         (str(self.uid_idx),))

            if time.time() - last_activity > limit:
                self.logit("%s: calling exports_setup for %s,%d" %
                           (client[0], self.uid, self.uid_idx))
                
402 403 404 405
                if os.system(TBDIR + "/sbin/exports_setup"):
                    raise Exception("exports_setup failed")
                pass
            pass
406 407 408 409 410 411
        pass

    #
    # Flip to the user that is in the certificate.
    #
    def fliptouser(self, params):
Leigh B Stoller's avatar
Leigh B Stoller committed
412 413 414 415 416
        if self.flipped:
            return;

        self.flipped = 1;
        
417 418 419
        #
        # BSD 16 group limit stupidity. This is barely a solution.
        #
Leigh B Stoller's avatar
Leigh B Stoller committed
420
        if len(self.glist) > 15:
421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442
            argdict = params[1]
            project = None

            if argdict.has_key("pid"):
                project = argdict["pid"]
            elif argdict.has_key("proj"):
                project = argdict["proj"]
            else:
                self.logit('Too many groups and no project given as an arg')
                pass
            
            if project:
                if self.plist.has_key(project):
                    self.glist = self.plist[project]
                    self.logit("Setting groups from project %s" % project)
                else:
                    self.logit('Too many groups but not a member of "%s"' %
                               project)
                    pass
                pass
            pass
        self.logit("Setting groups: %s" % str(self.glist))
443 444 445
        try:
            os.setgid(self.glist[0])
            os.setgroups(self.glist)
446 447
            os.setuid(self.unix_uid)
            pwddb = pwd.getpwuid(self.unix_uid);
448

449
            os.environ["HOME"]    = pwddb[5];
450 451
            os.environ["USER"]    = self.uid;
            os.environ["LOGNAME"] = self.uid;
452 453
            pass
        except:
Leigh B Stoller's avatar
Leigh B Stoller committed
454
            self.logit(traceback.format_exc())
455 456 457 458 459 460 461 462 463 464 465 466 467 468 469 470 471 472 473 474 475
            os._exit(1)
            pass
        pass

    #
    # XXX - The builtin process_request() method for ForkingMixIn is
    # broken; it closes the "request" in the parent which shuts down
    # the ssl connection. So, I have moved the close_request into the
    # child where it should be, and in the parent I close the socket
    # by reaching into the Connection() class.
    # 
    # In any event, I need to do some other stuff in the child before we
    # actually handle the request. 
    # 
    def process_request(self, request, client_address):
        """Fork a new subprocess to process the request."""
        self.collect_children()
        pid = os.fork()
        if pid:
            # Parent process
            if self.active_children is None:
476
                if sys.version_info.major == 2:
477 478 479
                    if (sys.version_info.minor < 7 or
                        (sys.version_info.minor == 7 and
                         sys.version_info.micro < 8)):
480 481 482 483 484 485 486 487 488 489 490 491 492
                        self.active_children = []
                    else:
                        self.active_children = set()
                        pass
                else:
                    print "Only python version 2"
                    sys.exit(1);
                    pass
                pass
            if type(self.active_children) is list:
                self.active_children.append(pid)
            else:
                self.active_children.add(pid)
493 494 495 496 497 498
            request.socket.close()
            return
        else:
            # Child process.
            # This must never return, hence os._exit()!
            try:
499
                self.setupuser(request, client_address);
Timothy Stack's avatar
 
Timothy Stack committed
500

501 502 503 504 505 506 507
                #
                # New stateful firewall kills long term connections, as
                # for state waiting.
                #
                request.socket.setsockopt(socket.SOL_SOCKET,
                                          socket.SO_KEEPALIVE, 1);

Timothy Stack's avatar
 
Timothy Stack committed
508 509 510
                # Remove the old path since the user can request a different
                # one.
                sys.path.remove(TBPATH)
511 512 513 514 515 516 517 518 519 520 521 522 523
                self.finish_request(request, client_address)
                self.close_request(request)
                self.logit("request finished");
                os._exit(0)
            except:
                try:
                    self.handle_error(request, client_address)
                finally:
                    os._exit(1)

    def verify_request(self, request, client_address):
        return True

524 525
    pass

526 527 528 529 530 531 532 533 534 535
#
# Check for debug flag.
# 
if len(sys.argv) > 1 and sys.argv[1] == "-d":
    debug = 1
    pass

#
# Daemonize when not running in debug mode.
#
536 537
if not debug:
    #
Timothy Stack's avatar
 
Timothy Stack committed
538
    # Connect to syslog.
539 540
    #
    syslog.openlog("sslxmlrpc", syslog.LOG_PID,
Timothy Stack's avatar
 
Timothy Stack committed
541
                   getattr(syslog, "LOG_" + string.upper(LOGFACIL)))
542 543 544 545 546 547 548 549 550 551 552 553 554 555 556 557 558 559 560 561 562 563 564
    syslog.syslog(syslog.LOG_INFO, "SSL XMLRPC server starting up");

    #
    # Daemonize. We redirect our output into a log file cause I have no
    # idea what is going to use plain print. 
    #
    try:
        fp = open("@prefix@/log/sslxmlrpc_server.log", "a");
        sys.stdout = fp
        sys.stderr = fp
        sys.stdin.close();
        pass
    except:
        print "Could not open log file for append"
        sys.exit(1);
        pass

    pid = os.fork()
    if pid:
        os.system("echo " + str(pid) + " > /var/run/sslxmlrpc_server.pid")
        sys.exit(0)
        pass
    os.setsid();
565 566 567
    pass

#
568 569 570
# Create the server and serve forever. We register the instance above
# when we process the request cause we want to look at the cert before
# we decide on the priv level. 
571
# 
572 573 574
server = MyServer(debug)
while 1:
    server.handle_request()