Commit 03a4da39 authored by Leigh Stoller's avatar Leigh Stoller

Horrible kludge for 16 group limit.

The geniuser is now over 16 groups, so try to figure out what project
the action is going to take place, and use just those groups. This is
temporary cause Mike says FreeBSD8 8 pushes the limit up to 1024.
Yippie! When we upgrade, just revert this crap.
parent e02e0f71
#! /usr/bin/env python
#
# EMULAB-COPYRIGHT
# Copyright (c) 2004-2011 University of Utah and the Flux Group.
# Copyright (c) 2004-2012 University of Utah and the Flux Group.
# All rights reserved.
#
import sys
......@@ -303,20 +303,13 @@ def ExperimentIndex(pid, eid):
# For example experiment.swapexp(...).
#
class EmulabServer:
def __init__(self, readonly=0, clientip=None, debug=0):
def __init__(self, uid, uid_idx, readonly=0, clientip=None, debug=0):
self.readonly = readonly;
self.clientip = clientip;
self.debug = debug;
self.instances = {};
self.unix_uid = os.getuid()
self.uid = pwd.getpwuid(os.getuid())[0]
res = DBQueryFatal("select uid_idx from users "
"where unix_uid=%s and uid=%s",
(self.unix_uid, self.uid))
if len(res) == 0:
return
self.uid_idx = res[0][0]
self.uid_idx = uid_idx;
self.uid = uid;
self.instances["experiment"] = experiment(self);
self.instances["template"] = template(self);
......
#!/usr/local/bin/python
#
# EMULAB-COPYRIGHT
# Copyright (c) 2005-2010 University of Utah and the Flux Group.
# Copyright (c) 2005-2010, 2012 University of Utah and the Flux Group.
# All rights reserved.
#
import sys
......@@ -143,6 +143,8 @@ class MyServer(SSL.ForkingSSLServer, SimpleXMLRPCDispatcher):
self.debug = debug
self.logRequests = 0
self.emulabserver = None;
self.glist = [];
self.plist = {};
ctx = SSL.Context('sslv23')
ctx.load_cert(server_cert, server_cert)
......@@ -196,10 +198,12 @@ class MyServer(SSL.ForkingSSLServer, SimpleXMLRPCDispatcher):
sys.path.append(path)
pass
from emulabserver import EmulabServer
self.emulabserver = EmulabServer(readonly=0,
self.emulabserver = EmulabServer(self.uid, self.uid_idx,
readonly=0,
clientip=client_address[0],
debug=self.debug)
self.logit("imported EmulabServer")
pass
return
......@@ -210,6 +214,8 @@ class MyServer(SSL.ForkingSSLServer, SimpleXMLRPCDispatcher):
# below in process_request().
#
def _dispatch(self, method, params):
self.fliptouser(params)
try:
meth = getattr(self.emulabserver, method);
except AttributeError:
......@@ -263,9 +269,7 @@ class MyServer(SSL.ForkingSSLServer, SimpleXMLRPCDispatcher):
# Get the group list for the user.
#
def getusergroups(self, uid_idx):
result = []
res = DBQueryFatal("select distinct g.gid,g.unix_gid "
res = DBQueryFatal("select distinct g.pid,g.unix_gid "
" from group_membership as m "
"left join groups as g on "
" g.pid_idx=m.pid_idx and g.gid_idx=m.gid_idx "
......@@ -274,15 +278,16 @@ class MyServer(SSL.ForkingSSLServer, SimpleXMLRPCDispatcher):
(str(uid_idx),))
for group in res:
result.append(int(group[1]));
self.glist.append(int(group[1]))
# List of all projects, with a list of gids per project.
if not self.plist.has_key(group[0]):
self.plist[group[0]] = []
pass
self.plist[group[0]].append(int(group[1]))
pass
return result
pass
#
# Flip to the user that is in the certificate.
#
def fliptouser(self, request, client):
def setupuser(self, request, client):
subject = request.get_peer_cert().get_subject()
if self.debug:
self.logit(str(subject))
......@@ -319,14 +324,14 @@ class MyServer(SSL.ForkingSSLServer, SimpleXMLRPCDispatcher):
pass
pass
self.glist = self.getusergroups(self.uid_idx);
self.getusergroups(self.uid_idx);
if len(self.glist) == 0:
self.logit('No groups for user: "%s,%d"' % (self.uid,self.uid_idx))
raise Exception('No groups for user: "%s,%d"' %
(self.uid,self.uid_idx))
self.logit("Connect from %s: %s,%d %s" %
(client[0], self.uid, self.uid_idx, str(self.glist)))
self.logit("Connect from %s: %s,%d" %
(client[0], self.uid, self.uid_idx))
#
# Check the certificate serial number. At the moment, the serial
......@@ -338,7 +343,39 @@ class MyServer(SSL.ForkingSSLServer, SimpleXMLRPCDispatcher):
if self.checkcert(self.uid_idx, serial) == 0:
self.logit('No such cert with serial "%s"' % serial)
raise Exception('No such cert with serial "%s"' % serial)
pass
#
# Flip to the user that is in the certificate.
#
def fliptouser(self, params):
#
# BSD 16 group limit stupidity. This is barely a solution.
#
if len(self.glist) > 1:
argdict = params[1]
project = None
if argdict.has_key("pid"):
project = argdict["pid"]
elif argdict.has_key("proj"):
project = argdict["proj"]
else:
self.logit('Too many groups and no project given as an arg')
pass
if project:
if self.plist.has_key(project):
self.glist = self.plist[project]
self.logit("Setting groups from project %s" % project)
else:
self.logit('Too many groups but not a member of "%s"' %
project)
pass
pass
pass
self.logit("Setting groups: %s" % str(self.glist))
try:
os.setgid(self.glist[0])
os.setgroups(self.glist)
......@@ -380,7 +417,7 @@ class MyServer(SSL.ForkingSSLServer, SimpleXMLRPCDispatcher):
# Child process.
# This must never return, hence os._exit()!
try:
self.fliptouser(request, client_address);
self.setupuser(request, client_address);
# Remove the old path since the user can request a different
# one.
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment