nscheck.in 3.11 KB
Newer Older
1
#!/usr/bin/perl -wT
Leigh B. Stoller's avatar
Leigh B. Stoller committed
2 3 4

#
# EMULAB-COPYRIGHT
5
# Copyright (c) 2000-2004 University of Utah and the Flux Group.
Leigh B. Stoller's avatar
Leigh B. Stoller committed
6 7 8
# All rights reserved.
#

9 10 11 12 13 14 15 16
use English;
use Getopt::Std;

#
# Syntax check an NS file.
#
# usage: nscheck <nsfile>
#
17 18 19 20 21
# Exit value is important; 
# $status < 0 - Fatal error. Something went wrong we did not expect.
# $status = 0 - Parsed okay.
# $status > 0 - Parse error. 
#
22 23 24 25 26 27 28 29 30 31 32
sub usage()
{
    print STDOUT "Usage: nscheck <nsfile>\n";
    exit(-1);
}
my  $optlist = "";

#
# Configure variables
#
my $TB       = "@prefix@";
33
my $parser   = "$TB/libexec/parse-ns";
34
my $status   = 0;
35 36 37 38 39 40 41 42 43

#
# Turn off line buffering on output
#
$| = 1;

#
# Untaint the path
# 
44
$ENV{'PATH'} = "/bin:/usr/bin:/sbin:/usr/sbin";
45 46 47 48 49 50 51 52 53 54 55 56 57
delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'};

#
# Parse command arguments. Once we return from getopts, all that should
# left are the required arguments.
#
%options = ();
if (! getopts($optlist, \%options)) {
    usage();
}
if (@ARGV != 1) {
    usage();
}
Leigh B. Stoller's avatar
Leigh B. Stoller committed
58
my ($tempfile) = @ARGV;
59 60 61 62 63

#
# Untaint the arguments.
#
# Note different taint check (allow /).
64
if ($tempfile =~ /^([-\w\.\/]+)$/) {
65 66 67 68 69 70
    $tempfile = $1;
}
else {
    fatal("Tainted argument $tempfile");
}

71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98
#
# Called from ops interactively. Make sure NS file in /proj or /users.
#
# Use realpath to resolve any symlinks.
#
my $translated = `realpath $tempfile`;
if ($translated =~ /^([-\w\.\/]+)$/) {
    $tempfile = $1;
}
else {
    fatal("Tainted nsfile returned by realpath: $translated\n");
}

#
# The file must reside in /proj, /groups, or /users. Since this script
# runs as the caller, regular file permission checks ensure its a file
# the user is allowed to use. /tmp/$guid-$nsref.nsfile also allowed
# since this script is invoked directly from web interface, which generates
# a name that should not be guessable, so as long as it looks to be in
# proper format, we accept it. 
#
if (! ($tempfile =~ /^\/tmp/) &&
    ! ($tempfile =~ /^\/proj/) &&
    ! ($tempfile =~ /^\/groups/) &&
    ! ($tempfile =~ /^\/users/)) {
    fatal("$tempfile does not resolve to an appropriate directory!\n");
}

99 100
$nsfile    = "foo.ns";

101 102
# Check for existence of NS file and exit with error such that web
# interface tells the user (positive exit value).
103
if (! -f $tempfile || ! -r $tempfile || -z $tempfile) {
104 105 106 107 108
    print STDERR "*** $0:\n".
	         "    $tempfile does not exist or is not a readable file!\n";
    exit(1);
}

109 110 111 112 113 114 115 116 117
#
# Make a temp dir and copy the NS file into it. We run the scripts
# from that directory cause it writes temp files.
# 
$dirname = "/tmp/parse-$$";

mkdir($dirname, 0775) or
    fatal("Could not mkdir $dirname");

118
if (system("/bin/cp", "$tempfile", "$dirname/$nsfile")) {
119 120 121
    fatal("Could not copy $tempfile to $dirname");
}

122 123 124
chdir($dirname) or
    fatal("Could not chdir to $dirname");

125
#
Leigh B. Stoller's avatar
Leigh B. Stoller committed
126 127
# Run parse in impotent mode on the NS file.  This has no effect but
# will display any errors.
128 129 130
#
# Be sure to exit with >0 staus
#
Leigh B. Stoller's avatar
Leigh B. Stoller committed
131

132
if (system("$parser -n -a $nsfile") != 0) {
133 134
    print "NS Parse failed!\n";
    $status = 1;
135 136 137
}

system("/bin/rm", "-rf", "$dirname");
138
exit $status;
139 140 141 142 143 144

sub fatal($)
{
    my($mesg) = $_[0];

    system("/bin/rm", "-rf", "$dirname");
145 146 147

    die("*** $0:\n".
	"    $mesg\n");
148
}